WordPress Colorbox plugin version v1.1.1 (and possibly previous versions) is affected by a stored XSS vulnerability due to improper input sanitization of the "hyperlink" field in the plugin shortcode.
This exploit allows an attacker to perform Cross-site Request Forgery attacks on the Textpattern CMS version 4.6.2. The vulnerability exists in the admin > prefs > site section, where all inputs are vulnerable to CSRF.
A persistent cross-site scripting vulnerability exists in the 'Contact Templates' functionality of the Core Config Manager of Nagios XI. The vulnerability is found in the 'tfName' parameter.
The Tourism Management System 1.0 allows arbitrary file upload, which can lead to remote code execution.
This exploit allows an attacker to bypass the security restrictions and access files on the Cisco ASA and FTD 9.6.4.42 devices. By sending a specially crafted request to the target, the attacker can traverse directories and retrieve sensitive information.
Directory traversal vulnerability on the Karel IP1211 IP Phone Web Panel. Remote authenticated users (Attackers used default credentials in this case) to perform directory traversal, provides access to sensitive data under indexes using the "cgiServer.exx?page=" parameter. In this case sensitive files, "passwd" and "shadow" files.
The Typesetter CMS version 5.1 is vulnerable to persistent cross-site scripting. An attacker can exploit this vulnerability by logging into the administrator page, navigating to Settings > Configuration > General Settings, and injecting a malicious payload into the 'title' field. This payload will be executed when the website is accessed.
GetSimple CMS 3.3.16 allows in parameter 'permalink' on the Settings page persistent Cross Site Scripting which is executed when you create and open a new page.
The weakness is caused due to the login script and how it verifies provided credentials. Attacker can use this weakness to enumerate valid users on the affected node.
The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
Services By CQR