STVS ProVision 5.9.10 – Cross-Site Request Forgery (Add Admin)
>> AUTHOR: deepcore
STVS ProVision 5.9.10 – Cross-Site Request Forgery (Add Admin)
Openlitespeed Web Server 1.7.8 – Command Injection (Authenticated)
MyBB Timeline plugin version 1.0 suffers from cross site request forgery and cross site scripting vulnerabilities.
Revive Adserver versions 5.0.5 and below suffer from persistent and reflective cross site scripting and open redirection vulnerabilities.
Collabtive version 3.1 suffers from a persistent cross site scripting vulnerability.
Backdoor.Win32.Kraimer.11 malware has a backdoor on TCP/6668 that does not require any authentication.
CASAP Automated Enrollment System version 1.0 suffers from a persistent cross site scripting vulnerability.
Backdoor.Win32.Noknok.60 malware suffers from an insecure permissions vulnerability.
CASAP Automated Enrollment System version 1.0 suffers from a persistent cross site scripting vulnerability. Original discovery of persistent cross site scripting in this version is attributed to Richard Jones.
Backdoor.Win32.Noknok.50 malware suffers from an insecure permissions vulnerability.