[webapps] CMS Made Simple 2.2.14 – Arbitrary File Upload (Authenticated)
Posted by deepcore under Security (No Respond)
Archive for August, 2020
[webapps] Mara CMS 7.5 – Reflective Cross-Site Scripting
Posted by deepcore under Security (No Respond)
[local] BlazeDVD 7.0 Professional – '.plf' Local Buffer Overflow (SEH,ASLR,DEP)
Posted by deepcore under Security (No Respond)
[webapps] Fuel CMS 1.4.8 – 'fuel_replace_id' SQL Injection (Authenticated)
Posted by deepcore under Security (No Respond)
[webapps] Online Book Store 1.0 – 'id' SQL Injection
Posted by deepcore under Security (No Respond)
Nagios Log Server 2.1.6 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Nagios Log Server version 2.1.6 suffers from a persistent cross site scripting vulnerability.
SUPERAntiSpyware Professional X Trial Privilege Escalation
Posted by deepcore under exploit (No Respond)
SUPERAntiSpyware Professional X Trial versions prior to 10.0.1206 suffer from a local privilege escalation vulnerability.
WordPress Autoptimize 2.7.6 Shell Upload
Posted by deepcore under exploit (No Respond)
WordPress Autoptimize plugin version 2.7.6 suffers from an authenticated remote shell upload vulnerability.
Symphony CMS 3.0.0 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Symphony CMS version 3.0.0 suffers from a persistent cross site scripting vulnerability.
Eikon Thomson Reuters 4.0.42144 File Permissions
Posted by deepcore under exploit (No Respond)
Eikon Thomson Reuters version 4.0.42144 suffers from a weak permissions issue that can lead to code execution.