Tag
#firefox
Roxy WI version 6.1.0.0 remote command execution exploit. This is a variant of the original disclosure of remote command execution in this version by Nuri Cilengir in April of 2023.
Smart School version 1.0 suffers from a remote SQL injection vulnerability.
LeadPro CRM version 1.0 suffers from a remote SQL injection vulnerability.
Esg version 2.5 suffers from a cross site scripting vulnerability.
The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_postdata' function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin to modify access to the plugin when it should only be the administrator's privilege.
Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field.
In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code to execute scripts to trigger command execution.
hyiplab version 2.1 leaves a default set of administrative credentials installed post installation.
Esg version 2.5 suffers from a remote SQL injection vulnerability.
Code Bakers version 1.0 suffers from a remote SQL injection vulnerability.