[FD] SQL Injection, XSS and FPD vulnerabilities Nodes Studio CMS

Hello list! There are SQL Injection, Cross-Site Scripting and Full Path Disclosure vulnerabilities in Nodes Studio CMS. This is Russian commercial CMS, which I found at one site of Russian terrorists and propagandists. - Affected vendors: - Nod

Re: [FD] several issues in SQLite (+ catching up on several other bugs)

Hi, Nice work. I took the latest release and ran the fuzzer again (without all the dictionary and special testcase stuff, may re-do that later). Uncovered two more issues, one in the statement parser causing an off-by-one read with the 2 byte input ".\": https://www.sqlite.org/cgi/src/info/e018f

[FD] Open Litespeed Use After Free Vulnerability

(, ) (, . '.' ) ('.', ). , ('. ( ) ( (_,) .'), ) _ _, / _/ / _ \ _ \ \==/ /_\ \ _/ ___\/ _ \ / \ / \/ |\\ \__( <_> ) Y Y \ /__ /\___|__ / \___ >/|__|_| / \/ \/.-.\/ \/:wq

[FD] Reflected XSS in Citizen Space allows attackers to view sensitive information of the attacker’s choosing (WordPress plugin)

Details Software: Citizen Space Version: 1.1 Homepage: http://wordpress.org/plugins/citizen-space/ Advisory report: https://security.dxw.com/advisories/reflected-xss-in-citizen-space-allows-attackers-to-view-sensitive-information-of-the-attackers-choosing/ CVE: Awaiting assignment

[FD] CSRF and stored XSS in WordPress Content Slide allow an attacker to have full admin privileges (WordPress plugin)

Details Software: Wordpress Content Slide Version: 1.4.2 Homepage: http://wordpress.org/plugins/content-slide/ Advisory report: https://security.dxw.com/advisories/csrf-and-stored-xss-in-wordpress-content-slide-allow-an-attacker-to-have-full-admin-privileges/ CVE: Awaiting assignm