KL-001-2016-002 : Ubiquiti Administration Portal CSRF to Remote Command
Execution
Title: Ubiquiti Administration Portal CSRF to Remote Command Execution
Advisory ID: KL-001-2016-002
Publication Date: 2016.06.28
Publication URL:
https://www.korelogic.com/Resources/Advisories/KL-001-2016-002.txt
---
Concrete5 <= 5.7.3.1 (Application::dispatch) Local File Inclusion Vulnerability
---
[-] Software Link:
https://www.concrete5.org/
[-] Affe
-
Concrete5 <= 5.7.3.1 Multiple Stored Cross-Site Scripting Vulnerabilities
-
[-] Software Link:
https://www.concrete5.org/
[-] Affected Versions:
Ve
--
Concrete5 <= 5.7.3.1 Multiple Cross-Site Request Forgeries Vulnerabilities
--
[-] Software Link:
https://www.concrete5.org/
[-] Affected Versions:
Document Title:
===
Iranian Weblog Services v3.3 CMS - Multiple Web Vulnerabilities
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1862
CWE-89
CWE-79
CWE-264
http://cwe.mitre.org/data/definitions/89
http://cwe.mitre.org/data/definitions
Document Title:
===
Alfine CMS v2.6 - (Login) Auth Bypass Vulnerability
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1863
Release Date:
=
2016-06-27
Vulnerability Laboratory ID (VL-ID):
==
Document Title:
===
Mutualaid CMS v4.3.1 - SQL Injection Web Vulnerability
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1858
Release Date:
=
2016-06-21
Vulnerability Laboratory ID (VL-ID):
===
Document Title:
===
Ladesk Agent #1 (Bug Bounty) - Session Reset Password Vulnerability
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1849
Release Date:
=
2016-06-27
Vulnerability Laboratory ID (VL-ID):
==
