wp-import-export-lite domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121insert-headers-and-footers domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121
MiniTool Partition Wizard is vulnerable to an unquoted service path vulnerability. This vulnerability allows an attacker to gain elevated privileges on the system by exploiting the service path of the application. The service path is not properly quoted, allowing an attacker to inject malicious code into the service path and gain elevated privileges.
binutils 2.37 is vulnerable to a segmentation fault when processing a specially crafted payload file. This can be exploited by an attacker to cause a denial of service or potentially execute arbitrary code.
A malicious php code is uploaded to the Apache web directory of the KRAMER VIAware. The code is then used to query the webshell using rpm as sudo for root privileges.
The application has an update password feature which has a CSRF vulnerability that allows an attacker to change the password of any arbitrary user leading to an account takeover.
qdPM 9.2 is vulnerable to Cross-site Request Forgery (CSRF). An attacker can craft a malicious HTML file and host it. The attacker can then send the malicious HTML file to the victim. When the victim opens the malicious HTML file, the attacker can modify the user account details of the victim.
minewebcms 1.15.2 is vulnerable to Cross-site Scripting (XSS). An attacker can inject malicious JavaScript code into the 'Link Name' and 'URL' fields of the 'Drop-Down Menu' page, which will be executed when the page is accessed. The malicious code can be triggered by navigating to the web application's home page.
KLiK Social Media Website 1.0 is vulnerable to multiple SQL injection attacks. Attackers can exploit the 'poll' (GET) parameter with a time-based blind payload, the 'pollID' (POST) parameter with a boolean-based blind payload, and the 'voteOpt' (POST) parameter with a boolean-based blind payload. All of these payloads can be used to gain access to the underlying database.
This exploit allows an authenticated user to execute arbitrary code on the vulnerable Zenario CMS version 9.0.54156. The exploit requires the attacker to have valid credentials to the CMS. The exploit works by sending a POST request to the admin_boxes.ajax.php endpoint with a malicious PHP file encoded in base64. The malicious file is then uploaded to the server and can be accessed by sending a GET request to the uploaded file.
Broken access control allows any authenticated user to change the cookie banner through a POST request to admin-ajax.php. If users can't register, this can be done through CSRF.
A vulnerability in Kramer VIAware 2.5.0719.1034 allows an attacker to execute arbitrary code on the target system. This is due to the lack of authentication when sending requests to the runCmd.php page. An attacker can send a POST request to the runCmd.php page with a command to execute, which will be executed on the target system.
Services By CQR
