Attackers who can send SOAP messages to a Ladon webservice via the HTTP interface of the Ladon webservice can exploit an XML external entity expansion vulnerability and read local files,…
>> CATEGORY: exploit
WP Mobile Detector Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /wp-content/plugins/wp-mobile-detector/resize.php script does contains a remote…
This Metasploit module exploits an arbitrary command execution vulnerability in tnftp’s handling of the resolved output filename – called “savefile” in the source – from a requested resource. If tnftp…
Nice PHP FAQ Script suffers from a remote SQL injection vulnerability.
Fake Magazine Cover Script suffers from a remote SQL injection vulnerability.
CPA Lead Reward Script suffers from a remote SQL injection vulnerability.
Basic B2B Script suffers from a remote SQL injection vulnerability.
Creative Management System CMS Lite version 1.4 suffers from a remote SQL injection vulnerability.
MyMagazine Magazine and Blog CMS version 1.0 suffers from a remote SQL injection vulnerability.
News Magazine and Blog CMS version 1.0 suffers from a remote SQL injection vulnerability.