There is a reflected XSS vulnerability in AXON PBX 2.02 via the "AXON->Auto-Dialer->Agents->Name" field. The vulnerability exists due to insufficient filtration of user-supplied data. A remote attacker can execute arbitrary HTML and script code...
AXON PBX 2.02 contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists because a DLL file is loaded by ‘pbxsetup.exe’...
servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass. Date published : 2018-06-01 https://www.exploit-db.com/exploits/44801/ http://packetstormsecurity.com/files/147977/SearchBlox-8.6.6-Cross-Site-Request-Forgery.html
Yosoro 1.0.4 has stored XSS. Date published : 2018-06-01 https://github.com/IceEnd/Yosoro/issues/11 https://www.exploit-db.com/exploits/44803/
An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for WordPress. This plugin is vulnerable to a stored Cross-site scripting (XSS) vulnerability. A non-authenticated user can save the...
The MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and earlier for WordPress is vulnerable to Stored XSS. It allows an attacker to inject malicious JavaScript code on the WooCommerce -> Orders admin page. The attack...
Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 can be used as medium to transmit viruses by placing infected files into a Leap2A archive and uploading that to Mahara. In...
Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to the browser "back and refresh" attack. This allows malicious users with physical access to the web browser of a...
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 6 of 6). Date published : 2018-06-01 http://seclists.org/fulldisclosure/2018/May/71 http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 5 of 6). Date published : 2018-06-01 http://seclists.org/fulldisclosure/2018/May/71 http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 4 of 6). Date published : 2018-06-01 http://seclists.org/fulldisclosure/2018/May/71 http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 3 of 6). Date published : 2018-06-01 http://seclists.org/fulldisclosure/2018/May/71 http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 2 of 6). Date published : 2018-06-01 http://seclists.org/fulldisclosure/2018/May/71 http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 1 of 6). Date published : 2018-06-01 http://seclists.org/fulldisclosure/2018/May/71 http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html