IPS Community Suite versions 4.5.4.2 and below suffer from a PHP code injection vulnerability. The vulnerability exists because the IPS\cms\modules\front\pages\_builder::previewBlock() method allows to pass arbitrary content to the IPS\_Theme::runProcessFunction() method, which will be used in a call to the eval() PHP function. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation […]

Selenium version 3.141.59 remote code execution exploit.

WordPress LifterLMS plugin version 4.21.0 suffers from a persistent cross site scripting vulnerability.

PHPFusion version 9.03.50 suffers from a remote code execution vulnerability.

Trixbox version 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.

Trixbox version 2.8.0.4 has an OS command injection vulnerability that can be leveraged via shell metacharacters in the lang parameter to /maint/modules/home/index.php.

Trixbox version 2.8.0.4 has an OS command injection vulnerability that can be leveraged via shell metacharacters in the lang parameter to /maint/modules/home/index.php.

Postbird version 0.8.4 suffers from a javascript injection vulnerability that allows for cross site scripting and local file inclusion.

The QImage class can read out-of-bounds when reading a specially-crafted PNG file, where a tag byte offset goes out of bounds. This could potentially allow an attacker to determine values in memory based on the QImage pixels, if QT is used to process untrusted images.

Pandora FMS version 6.0SP3 suffers from a cross site scripting vulnerability.