WordPress BackWPup 1.6.1 Code Execution
The WordPress BackWPup plugin version 1.6.1 suffers from a vulnerability that allows for local or remote code to be executed.
View ArticlePHPCaptcha / Securimage Authentication Bypass
PHPCaptcha / Securimage versions 1.0.4 through 2.0.2 suffer from an authentication bypass vulnerability. Proof of concept code included.
View ArticleWordPress BackWPup 2.1.4 Code Execution
WordPress plugin BackWPup version 2.1.4 suffers from a remote code execution vulnerability.
View ArticleSymfony 2 Unauthenticated Information Disclosure
The XMLEncoder component of Symfony version 2.0.x fails to disable external entities when parsing XML. In the Symfony2 framework the XML class may be used to deserialize objects or as part of a...
View ArticleQNAP Command Injection
QNAP Turbo NAS with firmware versions 3.6.1 Build 0302T and below suffer from a command injection vulnerability that allows for remote code execution.
View ArticleElcom Community Manager 7.4.10 Shell Upload
Elcom Community Manager versions 7.4.10 from Elcom CMS suffers from a remote shell upload vulnerability.
View ArticleEktron CMS 8.5.0 File Upload / XXE Injection
Ektron CMS version 8.5.0 suffers from unauthenticated file upload and XXE injection vulnerabilities.
View Article