[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 8261 Download | Alert*

The paGO Commerce plugin for Joomla! allows SQL Injection via the administrator/index.php?option=com_pago&view=comments filter_published parameter.

** DISPUTED ** A buffer overflow vulnerability exists in the mg_get_http_header function in Cesanta Mongoose 6.18 due to a lack of bounds checking. A crafted HTTP header can exploit this bug. NOTE: a committer has stated "this will not happen in practice."

webTareas through 2.1 allows files/Default/ Directory Listing.

webTareas through 2.1 allows XSS in clients/editclient.php, extensions/addextension.php, administration/add_announcement.php, administration/departments.php, administration/locations.php, expenses/claim_type.php, projects/editproject.php, and general/newnotifications.php.

SaferVPN before on Windows could allow low-privileged users to create or overwrite arbitrary files, which could cause a denial of service (DoS) condition, because a symlink from %LOCALAPPDATA%\SaferVPN\Log is followed.

The Reset Password add-on before 1.2.0 for Alfresco suffers from CMIS-SQL Injection, which allows a malicious user to inject a query within the email input field.

The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm (involving an increment) that allows a malicious user to change any user's account password include the admin account.

ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php.

webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types.

Lack of cryptographic signature verification in the Sqreen PHP agent daemon before 1.16.0 makes it easier for remote attackers to inject rules for execution inside the virtual machine.

Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   826

© SecPod Technologies