>> CATEGORY: exploit

WordPress Abtest plugin suffers from a local file inclusion vulnerability.

Fortinet FortiOS suffers from cross site scripting and open redirect vulnerabilities.

An independent vulnerability laboratory researcher discovered a client-side cross site request forgery web vulnerability in the DirectAdmin CP v1.50.0 control panel.

WebsiteBaker CMS version 2.8.3-SP5 suffers from a remote SQL injection vulnerability.

High-Tech Bridge Security Research Lab discovered multiple cross site request forgery (CSRF) vulnerabilities in a popular dating social network Dating Pro. A remote unauthenticated attacker can perform CSRF attacks to…

High-Tech Bridge Security Research Lab discovered a remote code execution vulnerability in iTop that is exploitable via cross site request forgery flaw that is also present in the application. The…

Avira suffers from a heap underflow vulnerability when parsing PE section headers.

XOOPS version 2.5.7.2 suffers from a cross site request forgery vulnerability.

XOOPS version 2.5.7.2 has checks to defend against directory traversal attacks. However, they can be easily bypassed by simply issuing “…/./” instead of “../”.

PivotX version 2.3.11 suffers from a directory traversal vulnerability.