Author: Cyberthreat Blog

Directory traversal vulnerability in DLink DVGN5402SP with firmware W1000CN00, W1000CN03, or W2000EN00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage parameter.

e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. A malicious web page can use forged requests to make e107 download and install a plug-in provided by the...

An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header.

In MyBB before 1.8.11, the Email MyCode component allows XSS, as demonstrated by an onmouseover event.

In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter.