Top Articles

LiteCart 1.3.2: Multiple XSS

XCart 5.2.6: Code Execution

BigTree CMS 4.2.3: Multiple Cross Site Scripting Vulnerabilities

01 Feb 2016

Opendocman 1.3.4: CSRF

Opendocman 1.3.4 does not have CSRF protection, allowing an attacker to execute actions for a victim - for example adding a new admin user.  Read more

28 Jan 2016

Bigace 3.0: Code Execution

Bigace 3.0 allows the uploading of media file, but there is no verification, allowing the upload of PHP files by editors and administrators.  Read more

28 Jan 2016

DYNPG 4.6: CSRF

DYNPG 4.6 does not have CSRF protection, allowing an attacker to execute actions for a victim - for example adding a new admin user. In this case, this may lead to code execution by allowing the upload of PHP files.  Read more