>> CATEGORY: Security

Expense Management System – ‘description’ Stored Cross Site Scripting

Artworks Gallery 1.0 – Arbitrary File Upload RCE (Authenticated)

TypeSetter 5.1 – CSRF (Change admin e-mail)

Joomla! Component GMapFP 3.5 – Unauthenticated Arbitrary File Upload

WordPress Plugin EventON Calendar 3.0.5 – Reflected Cross-Site Scripting

Pharmacy/Medical Store & Sale Point 1.0 – ’email’ SQL Injection

Online Shopping Alphaware 1.0 – Error Based SQL injection

10-Strike Network Inventory Explorer 8.65 – Buffer Overflow (SEH)

Setelsa Conacwin 3.7.1.2 – Local File Inclusion

Tailor Management System 1.0 – Unrestricted File Upload to Remote Code Execution