Microfinance Management System version 1.0 suffers from a remote blind SQL injection vulnerability that can be used to escalate privileges and execute code.
>> AUTHOR: deepcore
Event Management System version 1.0 suffers from a remote shell upload vulnerability.
http://e-learning.rid.go.th/kz.html notified by Mr.Kro0oz.305
WordPress Amministrazione Aperta plugin version 3.7.3 suffers from an arbitrary file read vulnerability.
Drupal Avatar Uploader version 7.x-1.0-beta8 suffers from a cross site scripting vulnerability.
WordPress Contact Form 7 plugin version 5.5.6 suffers from a cross site scripting vulnerability.
WordPress Akismet Spam Protection plugin version 4.2.2 suffers from a cross site scripting vulnerability.
ProtonVPN version 1.26.0 suffers from an unquoted service path vulnerability.
ImpressCMS versions 1.4.2 and below pre-authentication SQL injection to remote code execution exploit. User input passed through the “groups” POST parameter to the /include/findusers.php script is not properly sanitized before…
Event Management System version 1.0 suffers from a remote shell upload vulnerability.