[Forgot Password]
Login  Register Subscribe

25354

 
 

132812

 
 

149986

 
 

909

 
 

119359

 
 

158

 
 
Paid content will be excluded from the download.

Filter
Matches : 149988 Download | Alert*

The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injection via the administrator/index.php?option=com_pago&view=comments filter_published parameter.

** DISPUTED ** A buffer overflow vulnerability exists in the mg_get_http_header function in Cesanta Mongoose 6.18 due to a lack of bounds checking. A crafted HTTP header can exploit this bug. NOTE: a committer has stated "this will not happen in practice."

webTareas through 2.1 allows files/Default/ Directory Listing.

webTareas through 2.1 allows XSS in clients/editclient.php, extensions/addextension.php, administration/add_announcement.php, administration/departments.php, administration/locations.php, expenses/claim_type.php, projects/editproject.php, and general/newnotifications.php.

SaferVPN before 5.0.3.3 on Windows could allow low-privileged users to create or overwrite arbitrary files, which could cause a denial of service (DoS) condition, because a symlink from %LOCALAPPDATA%\SaferVPN\Log is followed.

The Reset Password add-on before 1.2.0 for Alfresco suffers from CMIS-SQL Injection, which allows a malicious user to inject a query within the email input field.

The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm (involving an increment) that allows a malicious user to change any user's account password include the admin account.

ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php.

webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types.

Lack of cryptographic signature verification in the Sqreen PHP agent daemon before 1.16.0 makes it easier for remote attackers to inject rules for execution inside the virtual machine.


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   14998

© SecPod Technologies