DirectAdmin version 1.491 suffers from a cross site request forgery vulnerability.
Monthly Archives: February 2016
WeBid 1.1.2P2 SQL Injection
WeBid version 1.1.2P2 suffers from a remote SQL injection vulnerability.
webSPELL 4.2.4 Cross Site Request Forgery / SQL Injection
webSPELL version 4.2.4 suffers from cross site request forgery and remote SQL injection vulnerabilities.
DOKEOS ce30 Authentication Bypass
DOKEOS version ce30 suffers from an authentication bypass vulnerability.
TestLink 1.9.14 SQL Injection
TestLink version 1.9.14 suffers from a remote SQL injection vulnerability.
Osclass 3.5.9 SQL Injection
Osclass version 3.5.9 suffers from a remote SQL injection vulnerability.
osCmax 2.5.4 Code Execution / CSRF / Local File Inclusion
osCmax version 2.5.4 suffers from code execution, cross site request forgery, and local file inclusion vulnerabilities.
osCommerce 2.3.4 Local File Inclusion / Cross Site Request Forgery
osCommerce version 2.3.4 suffers from cross site request forgery and local file inclusion vulnerabilities.
Comodo Internet Security VNC Server Exposure
Comodo Internet Security installs GeekBuddy which installs a weakly secure exposed VNC server.
Umbraco SSRF / Cross Site Request Forgery / Cross Site Scripting
Umbraco versions prior to 7.4.0 suffers from server-side request forgery, cross site request forgery, and cross site scripting vulnerabilities.