CubeCart version 6.0.10 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
>> CATEGORY: exploit
Manage Engine EventLog Analyzer version 11.0 build 11000 suffers from multiple cross site scripting vulnerabilities.
Easy Hosting Control Panel versions 0.29 through 0.37.9 suffer from information disclosure, authentication bypass, clear text password storage, and remote file upload vulnerabilities.
PayPal suffered from a filter bypass vulnerability that allowed for malicious input into email.
This Metasploit module exploits the unsecured User Manager REST API and a ZIP file path traversal in Apache Jetspeed-2, versions 2.3.0 and unknown earlier versions, to upload and execute a…
An independent vulnerability laboratory researcher discovered multiple sql injection vulnerabilities in the Cades online service web-application (2016-Q1).
The Vulnerability Laboratory Core Research Team discovered an application-side mail encoding web vulnerability and filter bypass issue in the official PayPal Inc online-service web-application.
This Metasploit module exploits a directory traversal vulnerability in ATutor on an Apache/PHP setup with display_errors set to On, which can be used to allow us to upload a malicious…
Manage Engine Desktop Central version 9.1.0 build 91099 suffers from a cross site scripting vulnerability.