The Hunk Companion plugin version 1.9.0 is vulnerable to unauthenticated plugin installation due to a flaw in the permission_callback for the /wp-json/hc/v1/themehunk-import endpoint. This vulnerability allows unauthorized attackers to install and activate any plugin from the WordPress.org repository.
The Intelight X-1L Traffic controller Maxtime 1.9.6 allows remote attackers to bypass authentication to gain full control of traffic controllers, modify traffic light sequences, trigger denial of service, and cause traffic congestion. This vulnerability exists in the web-based UI of Traffic Controllers running version 1.9.x firmware due to lack of authentication before allowing access to critical functionality.
7 Sticky Notes v1.9 allows OS command injection via the 'Alarms' feature. By setting an alarm with a malicious command in the 'Action' field, an attacker can execute arbitrary commands on the underlying operating system.
Mocha W32 LPD is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.
This exploit targets the PrecisionID Barcode ActiveX control version 1.9 in Internet Explorer 6. By sending a specially crafted input, an attacker can cause a denial of service condition. The exploit has been tested on Windows XP Professional SP2 with all patches applied and Internet Explorer 6. Other software that uses this ActiveX control may also be vulnerable.
The asgbookphp application is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied data. An attacker can exploit this vulnerability to execute arbitrary HTML and script code in the context of the affected site, potentially leading to the theft of authentication credentials and other attacks.
This exploit allows an attacker to perform a Denial of Service attack on a target running TinyWeb version 1.9. It sends multiple requests to the target's /cgi-bin/.%00./dddd.html URL, causing the server to become unresponsive.
A vulnerability in 4images 1.9 allows an authenticated administrator user to execute arbitrary code on the server by uploading a malicious template. To exploit the vulnerability, an attacker must first login as an administrator user, then browse to General -> Edit Templates -> Select Template Pack -> default_960px -> Load Theme. The attacker then selects the template categories.html and inserts a reverse shell payload. After clicking Save Changes, the attacker browses to http://host/4images/categories.php?cat_id=3D1 and a reverse shell is established.
This exploit allows a remote attacker to overwrite the system.ini file on a vulnerable system. It is triggered by a malicious user clicking a button on a webpage containing the exploit code. The exploit code is written in VBScript and is triggered by a malicious user clicking a button on a webpage containing the exploit code. The exploit code is written in VBScript and is triggered by a malicious user clicking a button on a webpage containing the exploit code. The exploit code is written in VBScript and is triggered by a malicious user clicking a button on a webpage containing the exploit code. The exploit code is written in VBScript and is triggered by a malicious user clicking a button on a webpage containing the exploit code.
phpMyChat is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. Exploiting these issues may allow an unauthorized user to view files and execute local scripts. phpMyChat Plus 1.9 and prior versions are vulnerable to these issues; other versions may also be affected.
Services By CQR