WordPress GetYourGuide Ticketing 1.0.1 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
WordPress GetYourGuide Ticketing plugin version 1.0.1 suffers from a persistent cross site scripting vulnerability.
Archive for September, 2022
OpenCart 3.x Newsletter Custom Popup 4.0 SQL Injection
Posted by deepcore under exploit (No Respond)
OpenCart 3.x Newsletter Custom Popup module version 4.0 suffers from a remote blind SQL injection vulnerability.
Owlfiles File Manager 12.0.1 Path Traversal / Local File Inclusion
Posted by deepcore under exploit (No Respond)
Owlfiles File Manager version 12.0.1 suffers from local file inclusion and path traversal vulnerabilities.
PhotoSync 4.7 Local File Inclusion
Posted by deepcore under exploit (No Respond)
PhotoSync version 4.7 suffers from a local file inclusion vulnerability.
SoX 14.4.2 Division-By-Zero / Denial Of Service
Posted by deepcore under exploit (No Respond)
SoX versions 14.4.2 and below suffer from a division by zero attack when handling WAV files, resulting in denial of service vulnerability and possibly loss of data.
VIAVIWEB Wallpaper Admin SQL Injection / Shell Upload
Posted by deepcore under exploit (No Respond)
VIAVIWEB Wallpaper Admin suffers from remote shell upload and remote SQL injection vulnerabilities.
[local] Blink1Control2 2.2.7 – Weak Password Encryption
Posted by deepcore under Security (No Respond)
[webapps] Buffalo TeraStation Network Attached Storage (NAS) 1.66 – Authentication Bypass
Posted by deepcore under Security (No Respond)
Buffalo TeraStation Network Attached Storage (NAS) 1.66 – Authentication Bypass
Tags: 0day, remote exploit[remote] Airspan AirSpot 5410 version 0.3.4.1 – Remote Code Execution (RCE)
Posted by deepcore under Security (No Respond)
[webapps] Bookwyrm v0.4.3 – Authentication Bypass
Posted by deepcore under Security (No Respond)