wp-pagenavi
domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init
action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'tID' parameter to '/index.asp' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database, cause denial of service, access or modify sensitive data, exploit latent vulnerabilities in the underlying database and compromise the system.
Variable $phpbb_root_path not sanitized.When register_globals=on an attacker can exploit this vulnerability with a simple php injection script.
A remote SQL injection vulnerability exists in ?IXForum 1.12. An attacker can exploit this vulnerability to gain access to the admin panel of the application. The attacker can use the ?epId?parameter in the ?eplyNew.asp?page to inject malicious SQL code and gain access to the admin panel.
Mulesoft ESB Runtime 3.5.1 allows any arbitrary authenticated user to create an administrator user due to a lack of permissions check in the handler/securityService.rpc endpoint. The following HTTP request can be made by any authenticated user, even those with a single role of Monitor. This request will create an administrator with all roles with a username of notadmin and a password of notpassword. Many vectors of remote code execution are available to an administrator. Not only can an administrator deploy WAR applications, they can also evaluate arbitrary groovy scripts via the web interface.
The Finger Server is a perl script for providing .plan-like functionality through a website. Due to insufficient input checking, it is possible for remote unauthenticated users to execute shell commands on the server which will run with the privileges of the webserver. A request like: http://target/finger.cgi?action=archives&cmd=specific&filename=99.10.28.15.23.username.|<shell command>| will cause the server to execute whatever command is specified.
The Barracuda Spam Firewall version 3.3.01.001 to 3.3.03.053 is affected by an arbitrary file disclosure and command execution vulnerability. An attacker can exploit this vulnerability to disclose sensitive information and execute arbitrary commands on the affected device.
A SQL injection vulnerability was discovered in Issue Trak versions <= 7.0, and is possibly applicable up to version 9.7. The vulnerable endpoint is www.example.com/IssueTrak/IssueSearch_Process.asp, and the vulnerable parameters are Status, Priority, inp_IssueType, SubmittedBy, EnteredBy, AssignedTo, AssignedBy, NextActionBy, ClosedBy, ProjectManager, and inp_OrgID. An attacker can exploit this vulnerability by sending a malicious HTTP request containing a SQL injection payload. The SQLMap and NoSQLMap commands can be used to exploit this vulnerability.
Lyrist - Music Lyrics Script is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Ingenious School Management System is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'id' in the 'get_teacher.php' page. This can allow the attacker to gain access to the database and execute arbitrary commands.
The PDOSessionHandler class allows to store sessions on a PDO connection. Under some configurations (see below) and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources. An application is vulnerable when it is using PDOSessionHandler to store its sessions, it uses MySQL as a backend for sessions managed by PDOSessionHandler, and the SQL mode does not contain STRICT_ALL_TABLES or STRICT_TRANS_TABLES (check via SELECT @@sql_mode).