Blog

WordPress RSVPMaker v2.5.4 Persistent XSS

WordPress RSVPMaker v2.5.4 Persistent XSS


August 15, 2012 0

MaxForum v1.0.0 Local File Inclusion

MaxForum v1.0.0 Local File Inclusion


August 15, 2012 0

CVE-2011-5099

SQL injection vulnerability in helper/popup.php in the ccNewsletter (mod_ccnewsletter) component 1.0.7 through 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. (CVSS:7.5) (Last Update:2013-01-03)


August 14, 2012 0

CVE-2012-4325

Cross-site request forgery (CSRF) vulnerability in upload/users.php in Utopia News Pro (UNP) 1.4.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts. (CVSS:6.8) (Last Update:…


August 14, 2012 0

CVE-2012-2208

Directory traversal vulnerability in upgrade.php in Piwigo before 2.3.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter. (CVSS:7.5) (Last Update:2012-08-15)


August 14, 2012 0

CVE-2012-2209

Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Piwigo before 2.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter in the configuration module, (2) installstatus parameter in the language…


August 14, 2012 0

CVE-2012-4324

Cross-site request forgery (CSRF) vulnerability in PHPJabbers Vacation Rental Script allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via a create action in the AdminUsers module to ind…


August 14, 2012 0

CVE-2012-4326

Cross-site request forgery (CSRF) vulnerability in commonsettings.php in AlstraSoft Site Uptime Enterprise, possibly 5.4, allows remote attackers to hijack the authentication of administrators. (CVSS:6.8) (Last Update:2012-08-15)


August 14, 2012 0

CVE-2012-4251

Multiple cross-site scripting (XSS) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php, (2) phase parameter to install.php, (3) tablename or (4) dbid parameter to …


August 13, 2012 0

CVE-2012-4269

Unrestricted file upload vulnerability in eFront 3.6.11 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension via an attachment in a message. (CVSS:6.0) (Last Update:2012-10-26)


August 13, 2012 0