Vulnerabilities
Pie Register 2.0.13 Privilege escalation
Anyone can import CSV file. Pie Register will import users from this file.
17-01-2015
1 MIN READ
Vulnerabilities
Contact Form DB 2.8.19 Reflected XSS
It's possible to inject specially crafted reflected XSS even if strip_tags and addslashes is used.
13-01-2015
1 MIN READ
Vulnerabilities
WordPress Shopping Cart 3.0.4 Unrestricted File Upload
Any registered user can upload any file.
08-01-2015
1 MIN READ
Vulnerabilities
MP3-jPlayer 1.8.11 Reflected XSS
$_GET['mp3'] is not escaped.
05-01-2015
1 MIN READ
Vulnerabilities
miniBB 3.1 Blind SQL Injection
preg_match() only check if $_GET['code'] contains at least one letter or digit (missing ^ and $ inside regexp).
18-12-2014
1 MIN READ
Vulnerabilities
WP RSS Aggregator 4.6.3 Post Deletion
Administrator privileges are NOT checked when we pass $_GET['wprss-bulk'].
16-12-2014
1 MIN READ
Vulnerabilities
GLPI 0.85 Blind SQL Injection
Slashes are removed from $_GET['condition'].
14-12-2014
1 MIN READ
Vulnerabilities
Another WordPress Classifieds Plugin 3.3.1 Reflected XSS
$_GET['error_message'] is not escaped.
09-12-2014
1 MIN READ
From 0 to pentesting hero
Random vs SecureRandom
Every service that has a login mechanism should also have the option to reset the password. But how to do it right?
26-02-2019
2 MIN READ