distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors. Date published : 2017-03-17 https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=37ec7d53dcb99fbd1f5c33442594d5e279630563 https://bugzilla.redhat.com/show_bug.cgi?id=1343512
GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) plugins/anonymous_data.php or (2) plugins/InnovationPlugin.php, which reveals the installation path in an error message. Date published : 2017-03-17 http://rossmarks.uk/portfolio.php...
GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/.xml, (2) backups/users/.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml. Date published : 2017-03-17 http://packetstormsecurity.com/files/162906/GetSimple-CMS-3.3.4-Information-Disclosure.html http://rossmarks.uk/portfolio.php
Pluck CMS 4.7.2 allows remote attackers to execute arbitrary code via the blog form feature. Date published : 2017-03-17 http://rossmarks.uk/portfolio.php http://rossmarks.uk/whitepapers/pluck_cms_4.7.txt
Cross-site scripting (XSS) vulnerability in TinyMCE in Pluck CMS 4.7.2 allows remote authenticated users to inject arbitrary web script or HTML via the "edit HTML source" option. Date published : 2017-03-17 http://rossmarks.uk/portfolio.php http://rossmarks.uk/whitepapers/pluck_cms_4.7.txt
Pluck CMS 4.7.2 allows remote attackers to obtain sensitive information by (1) changing "PHPSESSID" to an array; (2) adding non-alphanumeric chars to "PHPSESSID"; (3) changing the image parameter to an array; or (4) changing...
PHP remote file inclusion vulnerability in editInplace.php in Wonder CMS 2014 allows remote attackers to execute arbitrary PHP code via a URL in the hook parameter. Date published : 2017-03-17 http://rossmarks.uk/portfolio.php http://rossmarks.uk/whitepapers/wonder_cms_2014.txt
Directory traversal vulnerability in index.php in Wonder CMS 2014 allows remote attackers to include and execute arbitrary local files via a crafted theme. Date published : 2017-03-17 http://rossmarks.uk/portfolio.php
Cross-site scripting (XSS) vulnerability in Wonder CMS 2014 allows remote attackers to inject arbitrary web script or HTML. Date published : 2017-03-17 http://rossmarks.uk/portfolio.php http://rossmarks.uk/whitepapers/wonder_cms_2014.txt
Wonder CMS 2014 allows remote attackers to obtain sensitive information by logging into the application with an array for the password, which reveals the installation path in an error message. Date published : 2017-03-17...
Wonder CMS 2014 allows remote attackers to obtain sensitive information by viewing /files/password, which reveals the unsalted MD5 hashed password. Date published : 2017-03-17 http://rossmarks.uk/portfolio.php http://rossmarks.uk/whitepapers/wonder_cms_2014.txt
LibTIFF allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted tiff file. Date published : 2017-03-17 http://www.securityfocus.com/bid/76843 https://bugzilla.redhat.com/show_bug.cgi?id=1265998
Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow. Date...
Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote attackers to execute arbitrary code by uploading...