Vulnerabilities
miniBB 3.1 Blind SQL Injection
preg_match() only check if $_GET['code'] contains at least one letter or digit (missing ^ and $ inside regexp).
18-12-2014
1 MIN READ
Vulnerabilities
WP RSS Aggregator 4.6.3 Post Deletion
Administrator privileges are NOT checked when we pass $_GET['wprss-bulk'].
16-12-2014
1 MIN READ
Vulnerabilities
GLPI 0.85 Blind SQL Injection
Slashes are removed from $_GET['condition'].
14-12-2014
1 MIN READ
Vulnerabilities
Another WordPress Classifieds Plugin 3.3.1 Reflected XSS
$_GET['error_message'] is not escaped.
09-12-2014
1 MIN READ
Vulnerabilities
Pulse CMS 4.2 Missing Authentication
Anyone can access pulse/admin/inc/gal-sort.php.
07-12-2014
1 MIN READ
Vulnerabilities
DokuWiki 2014-09-29a XSS
By default .swf files in Media Manager are allowed.
05-12-2014
1 MIN READ
Vulnerabilities
WP Backitup 1.9 Privilege Escalation
Regular user (created using wp-login.php?action=register) can run backup functionality.
04-12-2014
1 MIN READ
Vulnerabilities
WP Backitup 1.9 Disclosure of Potentially Sensitive Information
Link to created backup file is saved in public log.
04-12-2014
1 MIN READ
From 0 to pentesting hero
Clickjacking
How to convince the user to delete his account on the website without his consent?
17-04-2019
3 MIN READ