iDS6 DSSPro Digital Signage System version 6.2 suffers from a cleartext transmission/storage of sensitive information in a cookie when using the Remember (autoSave=true) feature. This allows a remote attacker to…
>> AUTHOR: deepcore
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versions prior to 9.1.0 Critical Patch Build 2025 suffer from XML injection, over-privileged access, cross site request forgery, file disclosure, server-side request…
iDS6 DSSPro Digital Signage System version 6.2 allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to…
The CAPTCHA function for iDS6 DSSPro Digital Signage System version 6.2 is prone to a security bypass vulnerability that occurs in the CAPTCHA authentication routine. By requesting the autoLoginVerifyCode object…
iDS6 DSSPro Digital Signage System version 6.2 suffers from a privilege escalation vulnerability. An authenticated user can elevate his/her privileges by calling JS functions from the console or by insecure…
CMSUno 1.6.2 – ‘lang’ Remote Code Execution (Authenticated)
SmartBlog 2.0.1 – ‘id_post’ Blind SQL injection
Sentrifugo 3.2 – ‘assets’ Remote Code Execution (Authenticated)
Sentrifugo Version 3.2 – ‘announcements’ Remote Code Execution (Authenticated)
BlogEngine 3.3.8 – ‘Content’ Stored XSS