absane

6 exploits Active since Nov 2013
CVE-2013-5977 EXPLOITDB text WORKING POC
Cart66 Lite Plugin < 1.5.1.14 - CSRF
Cross-site request forgery (CSRF) vulnerability in Cart66Product.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allows remote attackers to hijack the authentication of administrators for requests that (1) create or modify products or conduct cross-site scripting (XSS) attacks via the (2) Product name or (3) Price description field in a product save action via a request to wp-admin/admin.php.
CVE-2013-5978 EXPLOITDB MEDIUM text WORKING POC
Cart66 Lite Plugin < 1.5.1.14 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in products.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) Product name or (2) Price description fields via a request to wp-admin/admin.php. NOTE: This issue may only cross privilege boundaries if used in combination with CVE-2013-5977.
CVSS 6.1
CVE-2014-1665 EXPLOITDB MEDIUM text WORKING POC
ownCloud <6.0.1 - XSS
Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file.
CVSS 5.4
CVE-2014-2341 EXPLOITDB text WORKING POC
CubeCart <5.2.9 - Info Disclosure
Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter.
EIP-2026-102116 EXPLOITDB text WORKING POC
Western Digital My Cloud 04.01.03-421/04.01.04-422 - Command Injection
EIP-2026-102091 EXPLOITDB text WORKING POC
Unicorn Router WB-3300NR - Cross-Site Request Forgery (Factory Reset/DNS Change)