Fuel CMS 1.4.8 – ‘fuel_replace_id’ SQL Injection (Authenticated)
>> AUTHOR: deepcore
Fuel CMS 1.4.8 – ‘fuel_replace_id’ SQL Injection (Authenticated)
BlazeDVD 7.0 Professional – ‘.plf’ Local Buffer Overflow (SEH,ASLR,DEP)
Mara CMS 7.5 – Reflective Cross-Site Scripting
CMS Made Simple 2.2.14 – Arbitrary File Upload (Authenticated)
Nagios Log Server version 2.1.6 suffers from a persistent cross site scripting vulnerability.
WordPress Autoptimize plugin version 2.7.6 suffers from an authenticated remote shell upload vulnerability.
SUPERAntiSpyware Professional X Trial versions prior to 10.0.1206 suffer from a local privilege escalation vulnerability.
Symphony CMS version 3.0.0 suffers from a persistent cross site scripting vulnerability.
Eikon Thomson Reuters version 4.0.42144 suffers from a weak permissions issue that can lead to code execution.
ZTE Mobile Hotspot MS910S version DL_MF910S_CN_EUV1.00.01 suffers from having a hard-coded administrative password, busybox vulnerabilities, and having a known backdoor in the GoAhead webserver.