absane

6 exploits Active since Nov 2013
CVE-2013-5977 EXPLOITDB text WORKING POC
Cart66 Lite Plugin < 1.5.1.15 - Cross-Site Request Forgery
Cross-site request forgery (CSRF) vulnerability in Cart66Product.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allows remote attackers to hijack the authentication of administrators for requests that (1) create or modify products or conduct cross-site scripting (XSS) attacks via the (2) Product name or (3) Price description field in a product save action via a request to wp-admin/admin.php.
CVE-2013-5978 EXPLOITDB MEDIUM text WORKING POC
Cart66 Lite Plugin < 1.5.1.14 - Cross-Site Scripting via Product Name or Price Description
Multiple cross-site scripting (XSS) vulnerabilities in products.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) Product name or (2) Price description fields via a request to wp-admin/admin.php. NOTE: This issue may only cross privilege boundaries if used in combination with CVE-2013-5977.
CVSS 6.1
CVE-2014-1665 EXPLOITDB MEDIUM text WORKING POC
owncloud < 6.0.1 - Authenticated Stored Cross-Site Scripting via Uploaded Filename
Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file.
CVSS 5.4
CVE-2014-2341 EXPLOITDB text WORKING POC
CubeCart < 5.2.9 - Session Fixation via PHPSESSID Parameter
Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter.
EIP-2026-102116 EXPLOITDB text WORKING POC
Western Digital My Cloud 04.01.03-421/04.01.04-422 - Command Injection
EIP-2026-102091 EXPLOITDB text WORKING POC
Unicorn Router WB-3300NR - Cross-Site Request Forgery (Factory Reset/DNS Change)