Vulnerabilities
Pulse CMS 4.2 Missing Authentication
Anyone can access pulse/admin/inc/gal-sort.php.
07-12-2014
1 MIN READ
Vulnerabilities
DokuWiki 2014-09-29a XSS
By default .swf files in Media Manager are allowed.
05-12-2014
1 MIN READ
Vulnerabilities
WP Backitup 1.9 Privilege Escalation
Regular user (created using wp-login.php?action=register) can run backup functionality.
04-12-2014
1 MIN READ
Vulnerabilities
WP Backitup 1.9 Disclosure of Potentially Sensitive Information
Link to created backup file is saved in public log.
04-12-2014
1 MIN READ
Vulnerabilities
Cart66 Lite WordPress Ecommerce 1.5.1.17 Blind SQL Injection
`Cart66Ajax
01-12-2014
1 MIN READ
Vulnerabilities
WP Symposium 14.10 Multiple XSS and SQL Injection
$_POST['text'] is not escaped.
26-11-2014
2 MIN READ
Vulnerabilities
Nextend Facebook Connect 1.4.59 XSS
Anyone can change plugin settings.
24-11-2014
1 MIN READ
Vulnerabilities
Contact Form to Email 1.01 XSS
Datas are not escaped correctly.
22-11-2014
1 MIN READ
From 0 to pentesting hero
XSS using SVG file
The functionality of file upload is a key place where we should pay special attention to. If the attacker successfully sends and executes a malicious file, the whole server may be taken over.
12-03-2019
3 MIN READ