Category: Injection

2015-07-15 GetSimpleCMS 3.3.5: XSS, Code Execution, DOS, Password Leak, Weak Authentication, Misc

2015-07-10 ZenPhoto 1.4.8: Second Order SQL Injection, Reflected XSS, Path Traversal, Function Execution

2015-07-02 WordPress File Upload Plugin 2.7.6: Code Execution, CSRF, XSS, Information Disclosure

2015-06-27 PivotX 2.3.10: Session Fixation, Reflected XSS, Code Execution

2015-06-27 LimeSurvey 2.05+: Persistent XSS

2015-05-15 SQL Injection & Reflected XSS in Visual Form Builder 2.8.2 (WordPress Plugin)

2015-05-15 Multiple Reflected XSS in Anti-Malware and Brute-Force Security by ELI (WordPress Plugin)

2015-02-25 Mod_Security Bypass Login (CRS, SQL Injection)

2015-02-18 MongoDB: NoSQL Injection & Security