Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931. Date published : 2017-10-31...
D-Link DSL-2740E 1.00_BG_20150720 devices are prone to persistent XSS attacks in the username and password fields: a remote unauthenticated user may craft logins and passwords with script tags in them. Because there is no...
Network Data Loss Prevention is vulnerable to MIME type sniffing which allows older versions of Internet Explorer to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed...
Missing HTTP Strict Transport Security state information vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows man-in-the-middle attackers to expose confidential data via read files on the webserver. Date published...
Embedding Script (XSS) in HTTP Headers vulnerability in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via a cross site request forgery attack. Date published : 2017-10-31...
The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a ‘.’ character anywhere in the pathname, which differs from the intended policy of allowing access only...
Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) due to improper validation of CSRF tokens for postback handling, allowing an attacker to successfully take over the victim’s account. The attack bypasses a...
Zomato Clone Script allows SQL Injection via the restaurant-menu.php resid parameter. Date published : 2017-10-31 https://www.exploit-db.com/exploits/43066/
Website Broker Script allows SQL Injection via the ‘status_id’ Parameter to status_list.php. Date published : 2017-10-31 https://www.exploit-db.com/exploits/43067/
Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL Injection in searchCommercial.php via the property_type, city, or posted_by parameter, or searchResidential.php via the property_type, city, or bedroom parameter, a different vulnerability than...
Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard/edit_myaccountdetail/. Date published : 2017-10-31 https://www.exploit-db.com/exploits/43069/
Online Exam Test Application allows SQL Injection via the resources.php sort parameter in a category action. Date published : 2017-10-31 https://www.exploit-db.com/exploits/43070/
Nice PHP FAQ Script allows SQL Injection via the index.php nice_theme parameter, a different vulnerability than CVE-2008-6525. Date published : 2017-10-31 https://www.exploit-db.com/exploits/43071/
Fake Magazine Cover Script allows SQL Injection via the rate.php value parameter or the content.php id parameter. Date published : 2017-10-31 https://www.exploit-db.com/exploits/43072/