SQL injection vulnerability in the updateAmazonOrderTracking function in upload/admin/model/openbay/amazon.php in OpenCart before version 2.3.0.0 allows remote authenticated administrators to execute arbitrary SQL commands via a...
Read MoreRubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.
Read MoreRubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a query command.
Read MoreCross-site scripting (XSS) vulnerability in the Security component of Kohana before 3.3.6 allows remote attackers to inject arbitrary web script or HTML by bypassing the strip_image_tags protection mechanism in...
Read MoreMultiple cross-site scripting (XSS) vulnerabilities in phpThumb() before 1.7.14 allow remote attackers to inject arbitrary web script or HTML via parameters in demo/phpThumb.demo.showpic.php.
Read More