Vulnerabilities
Greg's High Performance SEO 1.6.1 Reflected XSS
$_GET['submenu'] is not escaped.
04-05-2015
1 MIN READ
Vulnerabilities
Shareaholic 7.6.0.3 XSS
`ShareaholicAdmin
07-04-2015
1 MIN READ
Vulnerabilities
LiveZilla 5.3.0.8 XSS
Name field in chat.php may be used to send XSS visible inside Webbased Operator Client.
30-03-2015
1 MIN READ
Vulnerabilities
WP Marketplace 2.4.0 Arbitrary File Download
Anyone can run user defined function because of _call_userfunc().
21-03-2015
1 MIN READ
Vulnerabilities
Codoforum 2.5.1 Arbitrary File Download
str_replace() is used to sanitize file path but function output is not assigned to variable.
10-03-2015
1 MIN READ
Vulnerabilities
WordPress Download Manager 2.7.2 Privilege Escalation
Using basic_settings() we can update every WordPress options, for example
06-03-2015
1 MIN READ
Vulnerabilities
WordPress Backup to Dropbox 4.0 Reflected XSS
$_REQUEST['title'] is not escaped.
02-03-2015
1 MIN READ
Vulnerabilities
Page Builder by SiteOrigin 2.0.3 Reflected XSS
$_REQUEST['widget'] is not escaped.
26-02-2015
1 MIN READ
From 0 to pentesting hero
escapeshellcmd vs escapeshellarg
Executing system commands on the programming language level sounds like asking for trouble. But how to do it right and safe?
05-03-2019
2 MIN READ