Perfex CRM version 2.4.4 suffers from a persistent cross site scripting vulnerability.
>> AUTHOR: deepcore
A session token vulnerability has been discovered in VestaCP version 0.9.8-26. The vulnerability allows remote attackers to gain unauthenticated or unauthorized access by client-side token manipulation.
CCt99 Chichen Tech CMS version 1.0 suffers from a remote SQL injection vulnerability.
Super Backup version 2.0.5 for iOS suffers from a directory traversal vulnerability.
WordPress Plugin Canto 1.3.0 – Blind SSRF (Unauthenticated)
IDT PC Audio 1.0.6499.0 – ‘STacSV’ Unquoted Service Path
Composr CMS 10.0.34 – ‘banners’ Persistent Cross Site Scripting
MiniCMS 1.10 – ‘content box’ Stored XSS
Phpscript-sgh 0.1.0 – Time Based Blind SQL Injection
Testa Online Test Management System 3.4.7 – ‘q’ SQL Injection