The WBCE CMS version 1.6.2 allows remote attackers to execute arbitrary code via a crafted request. By uploading a malicious file, an attacker can execute commands on the server remotely.
BugHunter HTTP Server is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information. Information obtained may lead to further attacks.
Featurific For WordPress plugin for WordPress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Color Notes is vulnerable to a DoS condition when a long list of characters is being used when creating a note. Successful exploitation will cause the application to stop working.
The 'fieldnameDomain' parameter in the WP24 Domain Check plugin for WordPress version 1.6.2 is vulnerable to stored cross-site scripting (XSS) attacks. An attacker can inject malicious JavaScript code into the 'fieldnameDomain' field, which will be executed when the field is focused. This can lead to session hijacking, cookie theft, and other malicious activities.
Broken access control allows any authenticated user to change the cookie banner through a POST request to admin-ajax.php. If users can't register, this can be done through CSRF.
The application suffers from an unquoted search path issue impacting the service 'SBSDWSCService' for Windows deployed as part of Spybot S&D. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user’s code would execute with the elevated privileges of the application.
MyNews is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
This exploit allows attacker to upload any type of file [no extension filtration] ex. php shell. Uploader is adding random number on the begining of file name so user have to check it manually.
Datafeed Studio is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Services By CQR