PHP Event Calendar Lite Edition suffers from a persistent cross site scripting vulnerability.
>> AUTHOR: deepcore
Backdoor.Win32.Jokerdoor malware suffers from a buffer overflow vulnerability.
Pentaho implements a series of web services using the SOAP protocol to allow scripting interaction with the backend server. HAWSEC identified that the services userRoleListService and ServiceAction exposed through the…
HealthForYou version 1.11.1 and HealthCoach version 2.9.2 are missing a server-side password policy. When creating an account or changing your password the mobile and web application both check the password…
Pentaho allows users to create and manage Data Sources. Users can select a Data Source when creating a Dashboard through the Pentaho User Console. When a Data Source is added,…
Pentaho allows users to create and manage Data Sources. Users can select a Data Source when creating a Dashboard through the Pentaho User Console. When a Data Source is added,…
Opencart 3 Extension TMD Vendor System suffers from a remote blind SQL injection vulnerability.
This Metasploit module exploits an unauthenticated file upload and command injection vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE). The patched versions are 13.10.3, 13.9.6, and 13.8.8. Exploitation…
10-Strike Network Inventory Explorer Pro 9.31 – ‘srvInventoryWebServer’ Unquoted Service Path
Payment Terminal 3.1 – ‘Multiple’ Cross-Site Scripting (XSS)