[webapps] Concrete5 8.5.4 – 'name' Stored XSS
Posted by deepcore under Security (No Respond)
TP-Link Devices – ‘setDefaultHostname’ Stored Cross-site Scripting (Unauthenticated)
Tags: 0day, remote exploitWordPress Plugin WP Super Cache 1.7.1 – Remote Code Execution (Authenticated)
Tags: 0day, remote exploitThe Moodle Atto Editor, which does not have versions, suffers from a cross site scripting vulnerability.
Development Kamel KCFinder version 1.7 suffers from a remote shell upload vulnerability.
Backdoor.Win32.Kwak.12 malware suffers from a denial of service vulnerability.
Backdoor.Win32.Kwak.12 malware suffers from bypass and man-in-the-middle vulnerabilities.
GetSimple CMS Custom JS plugin version 0.1 suffers from cross site request forgery and cross site scripting vulnerabilities.