Concrete5 8.5.4 – ‘name’ Stored XSS
>> ARCHIVE: 2021-03
Concrete5 8.5.4 – ‘name’ Stored XSS
vsftpd 3.0.3 – Remote Denial of Service
TP-Link Devices – ‘setDefaultHostname’ Stored Cross-site Scripting (Unauthenticated)
WordPress Plugin WP Super Cache 1.7.1 – Remote Code Execution (Authenticated)
Novel Boutique House-plus 3.5.1 – Arbitrary File Download
The Moodle Atto Editor, which does not have versions, suffers from a cross site scripting vulnerability.
Development Kamel KCFinder version 1.7 suffers from a remote shell upload vulnerability.
Backdoor.Win32.Kwak.12 malware suffers from a denial of service vulnerability.
Backdoor.Win32.Kwak.12 malware suffers from bypass and man-in-the-middle vulnerabilities.
GetSimple CMS Custom JS plugin version 0.1 suffers from cross site request forgery and cross site scripting vulnerabilities.