wp-import-export-lite domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121insert-headers-and-footers domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121
Lavasoft 4.1.0.409 installs DCIservice as a service with an unquoted service path. This vulnerability allows an attacker to escalate privileges and potentially execute arbitrary code.
The Uniview NVR301-04S2-P4 device is vulnerable to reflected cross-site scripting (XSS) attacks. An attacker can exploit this vulnerability by injecting malicious code into a crafted URL, which will be executed when accessed by a victim user.
This exploit targets Inbit Messenger version 4.9.0 and earlier. It allows an unauthenticated remote attacker to trigger a SEH overflow, potentially leading to remote code execution.
This exploit allows an attacker to inject malicious code into the Book Store Management System 1.0.0, specifically in the 'Name' input field of the 'Add New System User' page. By inserting the payload '<script>alert("XSS")</script>', an alert box with the message 'XSS' will be executed when the page is visited.
The application is prone to an arbitrary file-upload because it fails to adequately sanitize user-supplied input. An attacker can exploit these issues to upload arbitrary files in the context of the web server process and execute commands.
The ZKTeco time attendance device does not require authentication to use the web interface, exposing the database of employees and their credentials.
The Subrion CMS version 4.2.1 is vulnerable to stored cross-site scripting (XSS). An attacker can inject malicious code into the tooltip value of the field add page, which will be executed when a user views the page. This can lead to various attacks, such as stealing sensitive information or performing actions on behalf of the user.
Server Side Request Forgery (SSRF) in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling a remote attacker to create a new account and then exploit the SSRF.
These Tapo cameras work via an app. There is a facility on the app to set up a “Camera Account”, which adds user details for the RTSP server. Unfortunately if you don’t set up the user details on versions 1.3.0 and below there are default login details. I sourced these from the “cet” binary on the camera.You can gain unauthorised access to the RTSP stream using the following user details:User: ---Password: TPL075526460603
YouPHPTube v7.8 allows unauthenticated directory traversal and Local File Inclusion through the parameter in an /?lang=PATH+TRAVERSAL+FILE (without php) GET request. It also has a reflected Cross-Site Scripting (XSS) vulnerability.
Services By CQR
