wp-import-export-lite domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121insert-headers-and-footers domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121
The 'p' parameter in the product.php file of the Online shopping system advanced 1.0 is vulnerable to SQL Injection. An attacker can exploit this vulnerability to retrieve sensitive information from the database.
The Netis E1+ router version 1.2.32533 contains a backdoor account that allows unauthorized access with root privileges. The backdoor account can be accessed using the credentials 'root:abSQTPcIskFGc:0:0:root:/:/bin/sh'. This vulnerability allows an attacker to gain full control over the router and potentially compromise the network.
This system does not check the file extension when user upload photo for avatar. So you can upload PHP file like: Sample PHP code: <? phpinfo(); ?>. Name of the file: Sample PHP File name: tester.php. When you want to try to upload the image to the avatar, just, try to change the file name and content.
Furukawa Electric ConsciusMAP 2.8.1 is prone to a Java deserialization vulnerability that allows remote attackers to execute arbitrary code.
Popcorn Time For Windows installs as a service with an unquoted service path running with SYSTEM privileges. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system.
Multiple persistent cross site scripting vulnerabilities have been discovered in the official Sky File v2.1.0 mobile iOS web-application. The vulnerability allows remote attackers to inject their own malicious script codes with a persistent attack vector to compromise the browser and web-application requests from the application-side. A directory traversal web vulnerability has also been discovered, allowing an attacker to unauthorized change the path or directory to access sensitive application data.
The Complaint Management System 4.2 allows for persistent cross-site scripting (XSS) attacks. The vulnerability exists in the user registration functionality and in the admin dashboard where the fullName field is not properly filtered. An attacker can insert malicious code into the fullName field, which will be executed when displayed on the admin dashboard.
The User Management System 2.0 is vulnerable to persistent cross-site scripting (XSS) attacks. The vulnerability exists in the user registration functionality and the admin dashboard, where user input is not properly filtered before being inserted into the database or displayed on the webpage. An attacker can exploit this vulnerability by inserting malicious script code as the 'fname' parameter, which will be executed when the page is viewed by other users.
A persistent input validation web vulnerability has been discovered in the official Mahara v19.10.2 CMS web-application series. The vulnerability allows remote attackers to inject own malicious script codes with persistent attack vector to compromise browser to web-application requests from the application-side. The persistent vulnerability is located in the 'nombre' and 'descripción' parameters of the 'Ficheros' module in the 'groupfiles.php' file. Remote attackers with low privileges are able to inject own malicious persistent script code as files and foldernames. The injected code can be used to attack the frontend or backend of the web-application. The request method to inject is POST and the attack vector is located on the application-side. Files are able to be reviewed in the backend by higher privileged accounts and can be shared. Successful exploitation of the vulnerabilities results in session hijacking, persistent phishing attacks, persistent external redirects to malicious source and persistent manipulation of affected application modules.
The Edimax EW-7438RPn 1.13 version is vulnerable to an information disclosure exploit. By accessing the 'wlencrypt_wiz.asp' file, an attacker can retrieve sensitive information such as the WiFi password. The exploit code reveals various settings and configurations including hardware details, platform information, wireless settings, and more.
Services By CQR
