Zen Cart 1.5.4: Code Execution and Information Leak
There is an arbitrary file upload vulnerability in the admin area of Zen Cart 1.5.4 as well as an information leak. This issue has only been partially fixed.
There is an arbitrary file upload vulnerability in the admin area of Zen Cart 1.5.4 as well as an information leak. This issue has only been partially fixed.
There is an XSS vulnerability in Anchor CMS 0.9.2. The issue is not yet fixed.
There is a Blind SQL Injection vulnerability in the admin area of Serendipity 2.0.1.
There is a Persistent XSS vulnerability in Serendipity 2.0.1 when using the default 2k11 theme. It requires a click to trigger.
There is a code execution vulnerability in Serendipity 2.0.1. It requires a registered user to exploit.
There is a Code Execution vulnerability in the admin area of NibbleBlog 4.0.3. The issue is not yet fixed.
There is a CSRF vulnerability in NibbleBlog 4.0.3 which can lead to the creating of new posts and thus XSS. The issue is not yet fixed.
When running on IIS, Phorum 5.2.19 is open to cross site scripting. Additionally, there is an open redirect vulnerability that is not restricted to any operating system.
The file editor of the admin area of Bolt 2.2.4 allows for the editing of file extensions, which leads to code execution once an attacker has gained admin credentials.
There is an XSS vulnerability in version 2.3.5 of ModX. As of now, this issue has not been fixed.