The Qlikview platform is vulnerable to XML External Entity (XXE) vulnerabilities. More specifically, the platform is susceptible to DTD parameter injections, which are also “blind” as the server feeds back…
>> CATEGORY: exploit
WordPress Contact Form Generator version 2.0.1 suffers from multiple cross site request forgery vulnerabilities.
JSPMySQL Administrador version 1 suffers from cross site request forgery and cross site scripting vulnerabilities.
NETGEAR WMS5316 ProSafe 16AP Wireless Management System suffers from authentication bypass and privilege escalation vulnerabilities.
FireEye appliances suffer from an arbitrary file disclosure vulnerability.
This Metasploit module exploits an OS command injection vulnerability in a web-accessible CGI script used to change passwords for locally-defined proxy user accounts. Valid credentials for such an account are…
GPON home router version G-93RG1 suffers from a cross site request forgery vulnerability that allows for arbitrary command execution.
Virtual Freer versions prior to 1.57 suffers from an authentication bypass vulnerability.
Milw0rm Clone Script version 1.0 suffers from a cross site scripting vulnerability.