All Vulnerabilities

WordPress Contact Form To Email Plugin Cross Site Scripting Vulnerability
 Severity:    
 Date Published:  15 Sep 2016
A reflected Cross Site Scripting (XSS) vulnerability has been found in the Contact Form to Email WordPress Plugin. By using this vulnerability an attacker can inject malicious JavaScript code into the application, which will execute within the browser of any logged-in admin who views the page with injected code.
WordPress Code Snippets Plugin Cross Site Scripting Vulnerability
 Severity:    
 Date Published:  15 Sep 2016
A reflected Cross Site Scripting (XSS) vulnerability exists in the Code Snippets WordPress Plugin. Successful exploitation of this vulnerability could lead an attacker into injecting malicious JavaScript into the application.
WordPress Ajax Load More Plugin Local File Inclusion Vulnerability
 Severity:    
 Date Published:  15 Sep 2016
Ajax Load More WordPress plugin is vulnerable to Local File Inclusion vulnerability.An attacker can exploit this issue to run arbitrary PHP code on the target system.
Joomla com_videoflow SQL Injection Vulnerability
 Severity:    
 Date Published:  15 Sep 2016
An SQL injection vulnerability has been detected in Joomla component Videoflow which allows attackers to execute arbitrary SQL commands via unknown parameters.
MySQL Database Authentication Bypass
 Severity:    
 Date Published:  15 Sep 2016
sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.
Adobe Acrobat And Reader Use After Free Vulnerability (CVE-2016-1065)
 Severity:    
 Date Published:  15 Sep 2016
Adobe Acrobat and Reader is prone to a use after free vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial of service condition.
Adobe Acrobat And Reader Integer Overflow Vulnerability (CVE-2016-1043)
 Severity:    
 Date Published:  15 Sep 2016
Adobe Acrobat and Reader is prone to an integer overflow vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial of service states.
WordPress WooCommerce Plugin Persistent Cross Site Scripting Vulnerability
 Severity:    
 Date Published:  15 Sep 2016
A persistent Cross Site Scripting (XSS) vulnerability has been found in the WooCommerce WordPress Plugin. An attacker can create a specially crafted image file which, when uploaded as a product image in WordPress, injects malicious JavaScript code into the application. An attacker can use this vulnerability to perform a wide variety of actions, such as stealing victims' session tokens or login credentials, and performing arbitrary actions on their behalf.
WordPress Top 10 - Popular Posts Plugin Cross Site Scritping Vulnerability
 Severity:    
 Date Published:  15 Sep 2016
A Cross Site Scripting vulnerability was found in the Top 10 - Popular Posts WordPress Plugin. This vulnerability allows an attacker to perform a actions such as stealing Administrators' session tokens. An attacker has to lure the user into opening a malicious website to exploit this vulnerability.
WordPress Simple Membership Plugin Cross-Site Scripting Vulnerability
 Severity:    
 Date Published:  15 Sep 2016
A Cross-Site Scripting vulnerability was found in the Simple Membership WordPress Plugin. This vulnerability allows an attacker to perform a actions such as stealing Administrators' session tokens. An attacker has to lure the user into opening a malicious website to exploit this vulnerability.

Featured Stories