Concrete5 versions 5.7.3.1 and below suffer from multiple cross site scripting vulnerabilities.
Monthly Archives: June 2015
Nakid CMS CSRF / XSS / Local File Inclusion
Nakid CMS suffers from cross site request forgery, cross site scripting, and local file inclusion vulnerabilities.
Concrete5 5.7.3.1 sendmail Remote Code Execution
Concrete5 versions 5.7.3.1 and below suffers from a sendmail-related remote code execution vulnerability.
HP WebInspect 10.4 XML External Entity
HP WebInspect versions 7.x, 8.x, 9.x, and 10.0 through 10.4 suffer from an XML external entity vulnerability.
D-Link DSP-W110 Command Execution / SQL Injection / File Upload
D-Link DSP-W110 suffers from command execution, remote file upload, and remote SQL injection vulnerabilities.
WordPress Paypal Currency Converter Basic For Woocommerce 1.3 File Read
WordPress Paypal Currency Converter Basic For Woocommerce plugin version 1.3 suffers from a remote file read vulnerability.
OSSEC 2.8.1 Local Root Escalation
OSSEC versions 2.7 through 2.8.1 suffer from a local root escalation vulnerability.
WordPress History Collection 1.1.1 Arbitrary File Download
WordPress History Collection versions 1.1.1 and below suffers from an arbitrary file download vulnerability.
Adobe Connect 9.3 Cross Site Scripting
Adobe Connect version 9.3 suffers from a cross site scripting vulnerability.
SAP XXE / Hardcoded Credentials / SQL Injection / Overflow
SAP has released the monthly critical patch update for June 2015. This patch update closes buffer overflow, remote SQL injection, XML eXternal Entity, and hardcoded credentials vulnerabilities.