[FD] WP ULike allows anybody to delete any row in any WordPress table (WordPress plugin)

Details Software: WP ULike Version: 2.8.1,3.1 Homepage: https://wordpress.org/plugins/wp-ulike/ Advisory report: https://advisories.dxw.com/advisories/wp-ulike-delete-rows/ CVE: Awaiting assignment CVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:N/I:P/A:P) Description WP

[FD] Stored XSS in WP ULike allows unauthorised users to do almost anything an admin can (WordPress plugin)

Details Software: WP ULike Version: 2.8.1,3.1 Homepage: https://wordpress.org/plugins/wp-ulike/ Advisory report: https://advisories.dxw.com/advisories/stored-xss-wp-ulike/ CVE: Awaiting assignment CVSS: 6.4 (Medium; AV:N/AC:L/Au:N/C:P/I:P/A:N) Description Stored

[FD] SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet

SEC Consult Vulnerability Lab Security Advisory < 20180514-0 > === title: Arbitrary File Upload & Cross-site scripting product: MyBiz MyProcureNet vulnerable version: 5.0.0 fixed versio

Re: [FD] Vulnerabilities in IBMs Flashsystems and Storwize Products

Well, the formatting could have been better, I guess: Vulnerabilities in IBMs Flashsystems and Storwize Products - Introduction Vulnerabilities were identified in the IBM Flashsystem 840, IBM Flashsystem 900

[FD] CVE-2018-10759/CVE-2018-10760: Project Pier 0.8.8 vulnerabilities

"ProjectPier is a Free, Open-Source, PHP application for managing tasks, projects and teams through an intuitive web interface." https://github.com/Project-Pier https://sourceforge.net/projects/projectpier/ I reached out to the vendor via several channels to report the findings below, but