Transposh WordPress Translation versions 1.0.8.1 and below have an ajax action called “tp_history” which is intended to return data about who has translated a text given by the “token” parameter….
>> CATEGORY: exploit
Geonetwork versions 3.1.x through 4.2.0 suffer from an XML external entity injection vulnerability.
Transposh WordPress Translation versions 1.0.8.1 and below do not properly enforce authorization on functionalities available on the plugin’s “Utilities” page leading to unauthorized access for all user roles, including “Subscriber”.
Transposh WordPress Translation versions 1.0.8.1 and below have a “tp_editor” page at “/wp-admin/admin.php?page=tp_editor” that is vulnerable to two authenticated, blind SQL injections when user-supplied input to the HTTP GET parameters…
Transposh WordPress Translation versions 1.0.8.1 and below have a “save_transposh” action available at “/wp-admin/admin.php?page=tp_advanced” that does not properly validate the “Log file name” allowing an attacker with the “Administrator” role…
Transposh WordPress Translation versions 1.0.8.1 and below have a “save_transposh” action available at “/wp-admin/admin.php?page=tp_advanced” that does not properly validate the “Log file name” allowing an attacker with the “Administrator” role…
Loan Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Loan Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
PCProtect Endpoint version 5.17.470 fails to provide sufficient anti-tampering protection that can be leveraged to achieve SYSTEM privileges.
Expert X Jobs Portal and Resume Builder version 1.0 suffers from a remote SQL injection vulnerability.