ImgHosting version 1.5 suffers from a cross site scripting vulnerability.
>> CATEGORY: exploit
ImgHosting version 1.5 suffers from a cross site scripting vulnerability.
Kaseya VSA version 9.2 suffers from an authentication bypass vulnerability.
pfSense versions 2.1.3 and below suffer from a status_rrd_graph_img.php command injection vulnerability.
VTech DigiGo with firmware 83.60630 suffers from a browser overlay attack vulnerability.
Oracle PeopleSoft version 8.5x suffers from a remote code execution vulnerability.
Domains and Hostings Manager PRO version 3.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Seagate Media Server on a Seagate Personal Cloud model SRN21C running firmware version 4.3.16.0 suffers from an unauthenticated arbitrary file and folder deletion vulnerability.
D-Link DNS-343 ShareCenter versions 1.05 and below suffer from a remote command injection vulnerability.
D-Link DNS-325 ShareCenter versions 1.05B03 and below suffer from remote shell upload and command injection vulnerabilities.
RedTeam Pentesting discovered that the shibd service of Shibboleth 2 does not extract SAML attribute values in a robust manner. By inserting XML entities into a SAML response, attackers may…