wp-pagenavi
domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init
action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114The reNgine version 2.2.0 is vulnerable to authenticated command injection. By modifying the nmap_cmd parameters in the yml configuration, an attacker can inject malicious commands. This can lead to unauthorized remote code execution with the privileges of the application. This exploit allows an authenticated user to execute arbitrary commands on the underlying system.
The CrushFTP server version below 10.7.1 and 11.1.0, including legacy 9.x, is vulnerable to directory traversal. An attacker can exploit this vulnerability to access sensitive files on the server by manipulating the file path in the URL.
An authenticated SQL injection vulnerability was found in CSZCMS v1.3.0. By manipulating the 'View' button next to a username in the Member Users section, an attacker can inject malicious SQL code using the 'sleep' function. This could lead to unauthorized access to the database or execution of arbitrary SQL queries.
Wallos, a subscription management system, is vulnerable to a file upload RCE exploit. By manipulating the file upload functionality, an authenticated attacker can upload a malicious .php file containing a web shell. This allows them to execute arbitrary commands on the target system.
The TEM Opera Plus FM Family Transmitter 35.45 devices are vulnerable to Cross-Site Request Forgery (CSRF) attacks due to lack of proper validation of HTTP requests. An attacker can exploit this vulnerability to perform malicious actions with administrative privileges if a logged-in user visits a specially crafted website. This can lead to unauthorized changes in transmitter settings, such as forward power, frequency, and user credentials.
Electrolink FM/DAB/TV Transmitter devices are prone to a credentials disclosure vulnerability. Attackers can exploit this issue to gain access to sensitive information such as login credentials. This vulnerability affects multiple versions of the Electrolink transmitters including Compact DAB Transmitter, Medium DAB Transmitter, High Power DAB Transmitter, Compact FM Transmitter, Modular FM Transmitter, Digital FM Transmitter, VHF TV Transmitter, and UHF TV Transmitter.
WebCatalog before version 48.8 is vulnerable to arbitrary protocol execution due to calling the Electron shell.openExternal function without proper verification of the URL, allowing an attacker to execute code through arbitrary protocols on the victim's machine by tricking users into syncing pages with malicious URLs. This could result in bypassing security measures for malicious file delivery.
7 Sticky Notes v1.9 allows OS command injection via the 'Alarms' feature. By setting an alarm with a malicious command in the 'Action' field, an attacker can execute arbitrary commands on the underlying operating system.
The Simple Student Attendance System v1.0 is vulnerable to SQL Injection through the 'classid' parameter. An attacker can exploit this vulnerability using time-based blind and union-based techniques to manipulate the database.
Ladder version v0.0.21 is vulnerable to Server-side Request Forgery (SSRF) due to inadequate restrictions on destination addresses. This allows an attacker to send GET requests to addresses that are usually inaccessible externally. Attackers can exploit this to reach private address ranges, locally hosted services, and cloud instance metadata APIs.