Author: Cyberthreat Blog

Netlock Mokka before 2.7.8.1204 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:Object.

phpMyBackupPro before 2.5 does not validate integer input, which allows remote authenticated users to execute arbitrary PHP code by injecting scripts via the path, filename, and period parameters to scheduled.php, and making...

Microsec e-Szigno before 3.2.7.12 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:Object.

The eshop_checkout function in checkout.php in the WordPress Eshop plugin 6.3.11 and earlier does not validate variables in the “eshopcart” HTTP cookie, which allows remote attackers to perform cross-site scripting...

phpMyBackupPro 2.5 and earlier does not properly escape the “.” character in request parameters, which allows remote authenticated users with knowledge of a web-accessible and web-writeable directory on the target...