-English--Administración-
  • Proyectos Proyectos de ingeniería inversa, biometría, seguridad web, criptoanálisis...
  • Ubicación Laboratorio de Criptología - Facultad de Informática - Campus de Montegancedo
Vulnerabilidades
13 de Mayo
Multiple cross-site scripting (XSS) vulnerabilities in todooforum.php in Todoo Forum 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id_post or (2) pg parameter.
4.3[+]
13 de Mayo
Multiple SQL injection vulnerabilities in todooforum.php in Todoo Forum 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id_post or (2) pg parameter.
7.5[+]
13 de Mayo
SQL injection vulnerability in the gp_LoadUserFromHash function in functions_hash.php in the Group Pay module 1.5 and earlier for WHMCS allows remote attackers to execute arbitrary SQL commands via the hash parameter.
7.5[+]
13 de Mayo
Multiple cross-site scripting (XSS) vulnerabilities in CMSLogik 1.2.0 and 1.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_email, (2) header_title, (3) site_title parameter to admin/settings; (4) recaptcha_private or (5) recaptcha_public parameter to admin/captcha_settings; (6) fb_appid, (7) fp_secret, (8) tw_consumer_key, or (9) tw_consumer_secret parameter to admin/social_settings; (10) slug parameter to admin/gallery/save_item_settings; or (11) item_link parameter to admin/edit_menu_item_ajax. NOTE: this issue might be resultant from CSRF.
4.3[+]
13 de Mayo
Cross-site scripting (XSS) vulnerability in the aiContactSafe component before 2.0.21 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4.3[+]
10 de Mayo
Multiple SQL injection vulnerabilities in Virtual Access Monitor 3.10.17 and earlier allow attackers to execute arbitrary SQL commands via unspecified vectors.
7.5[+]
10 de Mayo
SQL injection vulnerability in settings.php in the Web Dorado Spider Video Player plugin 2.1 for Drupal allows remote attackers to execute arbitrary SQL commands via the theme parameter.
7.5[+]
10 de Mayo
SQL injection vulnerability in meneger.php in RadioCMS 2.2 allows remote attackers to execute arbitrary SQL commands via the playlist_id parameter.
7.5[+]
10 de Mayo
SQL injection vulnerability in playlist.php in the Spiffy XSPF Player plugin 0.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the playlist_id parameter.
7.5[+]
10 de Mayo
Multiple cross-site scripting (XSS) vulnerabilities in user/obits.php in the WP FuneralPress plugin before 1.1.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) message, (2) photo-message, or (3) youtube-message parameter.
4.3[+]
Ver todas
logo upm
logo fi
© CriptoLab 2013 webmaster
Valid HTML5 Valid CSS! Valid CSS! Valid CSS!