>> CATEGORY: exploit

Webligo SocialEngine version 4.8.9 suffers from a remote SQL injection vulnerability.

op5 has a cross site request forgery entry point that can be used to execute arbitrary remote commands on op5 system sent via HTTP GET requests, allowing attackers to completely…

Asbru Web Content Management System version 9.2.7 suffers from cross site request forgery, cross site scripting, open redirection, and directory traversal vulnerabilities.

An independent vulnerability laboratory researcher discovered a client-side cross site scripting vulnerability in the official Virtual Freer v1.58 web-application.

An independent vulnerability laboratory researcher discovered multiple sql-injection vulnerabilities in the Quicksilver VoHo Concept4E v1.0 Content Management System.

An independent vulnerability laboratory researcher discovered a remote sql-injection vulnerability in the official Eight Webcom web-application (2016 Q2).

The Vulnerability Laboratory Core Research Team discovered an application-side encoding vulnerability in the official Perli iOS mobile application api.

The vulnerability laboratory core research team discovered a local passcode bypass vulnerability in the official Apple iOS 9.3.1 iPhone 6S & Plus models.

Virtual Freer version 1.58 suffers from a cross site scripting vulnerability.

The MyBB Tags plugin in versions 1.6.x and 1.8.x suffer from a cross site scripting vulnerability.