WordPress Bulk Delete plugin version 5.5.3 suffers from a privilege escalation vulnerability.
>> CATEGORY: exploit
This Metasploit module will generate a .NET service executable on the target and utilise InstallUtil to run the payload bypassing the AppLocker protection. Currently only the InstallUtil method is provided,…
A vulnerability in the sncc0.sys kernel driver for Secret Net 7 and Secret Net Studio 8 allows for a local privilege escalation attack.
An independent vulnerability laboratory researcher discovered a cross site request forgery web vulnerability in the official AVG Threat Labs web-application.
An independent vulnerability laboratory researcher discovered a remote sql injection vulnerability in the official persian PHPNuke Mod_weblink web extension.
An independent vulnerability laboratory researcher discovered a client-side url redirect and cross site scripting web vulnerability in the official Adobe (Edex) web-application.
An independent vulnerability laboratory researcher discovered a client-side cross site request forgery vulnerability in the Iran Telecom Charging Panel ADSL.
Inserting an HTML ‘script’ tag into the URL of a web site protected by Sophos UTM 525 yields an error page which contains the ‘script’ tag unfiltered. Executing malicious JavaScript…
WordPress GravityForms plugin version 1.9.15.11 suffers from a cross site scripting vulnerability.
The SySS GmbH found out that different functions of the web application perfact::mpa are prone to persistent cross-site scripting attacks due to insufficient user input validation.