admin

10

Dec2018
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. ... Read More
December 10, 2018admin

10

Dec2018
ITAS Team found out a SQL Injection vulnerability in Microweber CMS. The issue is due to the some scripts not properly sanitizing user-supplied input-data. This may allows remote attackers to execute arbitrary SQL commands via that parameter… Individuals and organizations are using this CMS should update the latest patch (version 0.95 ... Read More
December 10, 2018admin

10

Dec2018
ITAS Team discovered multiple SQL Injection vulnerabilities in PBBoard CMS. The issue is due to the some scripts not properly sanitizing user-supplied input-data. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data… Individuals and organizations ... Read More
December 10, 2018admin

10

Dec2018
SP Client Document Manager plugin (https://wordpress.org/plugins/sp-client-document-manager/) contains some flaws that may allow carrying out SQL injection attacks. The issue is due to the some scripts not properly sanitizing user-supplied input-data. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation ... Read More
December 10, 2018admin

10

Dec2018
ITAS Team discovered a Code Injection vulnerability in CM Download Manager plugin (https://wordpress.org/plugins/cm-download-manager/). This code injection vulnerability was found and confirmed by vendor. A successful attack could allow an anonymous attacker to run OS command, execute PHP code and gain full control of the application. This vulnerability exists in free ... Read More
December 10, 2018admin

10

Dec2018
ITAS Team discovered multiple vulnerabilities in ProjectSend (a self-hosted application) as Blind SQL injection, insecure Direct Object Reference, Privilege Escalation, XSS, … – The application constructs all or part of an SQL command using externally-influenced input from an frontend component, but it does not neutralize or incorrectly neutralizes special elements that ... Read More
December 10, 2018admin

10

Dec2018
YourMembers plugin (https://github.com/YourMembers/yourmembers/tree/master/ym_trunk) contains a flaw that may allow carrying out a blind SQL injection attack. The issue is due to the ym_trunk/includes/ym-download_functions.include.php script not properly sanitizing user-supplied input to the ‘ym_download_id’ parameter. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing ... Read More
December 10, 2018admin

16

Jan2014
Currently, the demand for network security companies are very high, especially for the commercial sector demand electronics such as banking, insurance, finance ... Therefore, these companies also claim asked a staff capable administrator and have the practical work experience, have the ability to adapt quickly to the constantly changes of ... Read More
January 16, 2014admin