- IISv5 has a "Hit-highlighting" functionality that opens some site object and highlights some part of it, that has had a transversal vulnerability in the past. Now it can be used to bypass the IIS authentication.
Protect the files from the NTFS filesystem instead of relying on the
Microsoft recommends not to use IISv5 and update to IISv6.
- WordPress Plugin AMP for WP-Accelerated Mobile Pages Multiple Unspecified Vulnerabilities (0.9.72)
- WordPress Plugin WordPress Simple Paypal Shopping Cart Cross-Site Request Forgery (3.5)
- WordPress Plugin Token Manager 'tid' Parameter Multiple Cross-Site Scripting Vulnerabilities (1.0.2)
- WordPress Plugin Bliss Gallery 'upload.php' Arbitrary File Upload (2.1)
- WordPress Plugin Filtre de Surveillance Gouvernemental Cross-Site Scripting (1.1)