Multiple SQL injection vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) changeSort or (2) switch parameter in the usces_itemedit page to wp-admin/admin.php....
Multiple cross-site scripting (XSS) vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to inject arbitrary web script or HTML via (1) unspecified vectors related to purchase_limit or the (2) name,...
SQL injection vulnerability in load-calendar.php in PHPJabbers Event Booking Calendar 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter. Date published : 2015-01-13 http://packetstormsecurity.com/files/124753/eventbookingcalendar-xssxsrfsql.txt
Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Event Booking Calendar 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change the username and password of the administrator via...
SQL injection vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the keywordphrase parameter in a dosearch action. Date published : 2015-01-13 http://www.exploit-db.com/exploits/35204 http://packetstormsecurity.com/files/129035/Another-WordPress-Classifieds-Cross-Site-Scripting-SQL-Injection.html
Cross-site scripting (XSS) vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI. Date published :...
Stack-based buffer overflow in UltraCamLib in the UltraCam ActiveX Control (UltraCamX.ocx) for the TRENDnet SecurView camera TV-IP422WN allows remote attackers to execute arbitrary code via a long string to the (1) CGI_ParamSet, (2) OpenFileDlg,...
Directory traversal vulnerability in PHPJabbers Appointment Scheduler 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a pjActionDownload action to the pjBackup controller. Date published...
Multiple cross-site scripting (XSS) vulnerabilities in Stark CRM 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, or (3) notes parameter to the client page; (4)...
Multiple cross-site request forgery (CSRF) vulnerabilities in Stark CRM 1.0 allow remote attackers to hijack the authentication of administrators for requests that add (1) an administrator via a crafted request to the admin page,...
Multiple cross-site scripting (XSS) vulnerabilities in Maian Weblog 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, or (3) subject parameter in a contact...
Multiple cross-site request forgery (CSRF) vulnerabilities in Maian Uploader 4.0 allow remote attackers to hijack the authentication of unspecified users for requests that conduct cross-site scripting (XSS) attacks via the width parameter to (1)...
Maian Uploader 4.0 allows remote attackers to obtain sensitive information via a request without the height parameter to load_flv.js.php, which reveals the installation path in an error message. Date published : 2015-01-13 http://packetstormsecurity.com/files/124918 http://www.osvdb.org/102487
SQL injection vulnerability in admin/data_files/move.php in Maian Uploader 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2015-01-13 http://packetstormsecurity.com/files/124918 http://osvdb.org/102488