The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php. This component code is found in the following WordPress plugins: Clockwork Free and Paid SMS Notifications...
Paid To Read Script 2.0.5 has SQL injection via the referrals.php id parameter. Date published : 2017-12-19 https://github.com/d4wner/Vulnerabilities-Report/blob/master/paid-to-read-script.md
Paid To Read Script 2.0.5 has XSS via the referrals.php tier parameter or the admin/userview.php uid parameter. Date published : 2017-12-19 https://github.com/d4wner/Vulnerabilities-Report/blob/master/paid-to-read-script.md
Paid To Read Script 2.0.5 has authentication bypass in the admin panel via a direct request, as demonstrated by the admin/viewvisitcamp.php fn parameter and the admin/userview.php uid parameter. Date published : 2017-12-19 https://github.com/d4wner/Vulnerabilities-Report/blob/master/paid-to-read-script.md
Paid To Read Script 2.0.5 has full path disclosure via an invalid admin/userview.php uid parameter. Date published : 2017-12-19 https://github.com/d4wner/Vulnerabilities-Report/blob/master/paid-to-read-script.md
Piwigo 2.9.2 has XSS via the name parameter in an admin.php?page=album-3-properties request. Date published : 2017-12-19 https://github.com/d4wner/Vulnerabilities-Report/blob/master/piwigo.md
admin/configuration.php in Piwigo 2.9.2 has CSRF. Date published : 2017-12-19 https://github.com/Piwigo/Piwigo/issues/822 https://github.com/d4wner/Vulnerabilities-Report/blob/master/piwigo.md
SuperBeam through 4.1.3, when using the LAN or WiFi Direct Share feature, does not use HTTPS or any integrity-protection mechanism for file transfer, which makes it easier for remote attackers to send crafted files,...
An issue was discovered on Ichano AtHome IP Camera devices. The device runs the "noodles" binary – a service on port 1300 that allows a remote (LAN) unauthenticated user to run arbitrary commands. This...
Conarc iChannel allows remote attackers to obtain sensitive information, modify the configuration, or cause a denial of service (by deleting the configuration) via a wc.dll?wwMaint~EditConfig request (which reaches an older version of a West...
TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to the zone_get_iface_bydev function in /usr/lib/lua/luci/controller/admin/dhcps.lua in...
TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/wportal.lua in...
Multiple cross-site scripting (XSS) vulnerabilities in the esb-csv-import-export plugin through 1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) cie_type, (2) cie_import, (3) cie_update, or (4) cie_ignore...
A cross-site scripting (XSS) vulnerability in the custom-map plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map_id parameter to view/advancedsettings.php. Date published : 2017-12-19 http://seclists.org/fulldisclosure/2017/Dec/72...