Genexis GAPS versions up to 7.2 suffers from an access control vulnerability that discloses sensitive data.
>> CATEGORY: exploit
WordPress Booking Calendar plugin versions 7.1, 7.0, and below suffer from remote SQL injection and local file inclusion vulnerabilities.
WordPress Clean Up Optimizer plugin versions 4.0.0 and below suffer from a remote SQL injection vulnerability.
TP-Link TL-SG108E with firmware 1.0.0 Build 20160722 Rel.50167 suffers from cross site scripting and weak access control vulnerabilities.
WordPress Concours plugin version 1.1 suffers from a cross site scripting vulnerability.
WordPress Custom Map plugin version 1.1 suffers from a cross site scripting vulnerability.
WordPress CSV Import-Export plugin version 1.1 suffers from a cross site scripting vulnerability.
Ability Mail Server version 3.3.2 suffers from a cross site scripting vulnerability.
It was discovered that it is possible to disclose addresses of kernel-mode Paged Pool allocations via a race-condition in the implementation of the NtQueryVirtualMemory system call (information class 2, MemoryMappedFilenameInformation)….
This Metasploit module takes advantage of a Same-Origin Policy (SOP) bypass vulnerability in the Samsung Internet Browser, a popular mobile browser shipping with Samsung Android devices. By default, it initiates…