wp-import-export-lite domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121insert-headers-and-footers domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121
A local SEH Buffer Overflow vulnerability has been discovered in the official Blueberry Express v5.9.0.3678 software. The vulnerability allows local attackers to compromise the system with elevated privileges. The vulnerability is located in the `bbflashback.exe` module with the vulnerable function `bbflashback.exe` when processing to execute the `bbflashback.exe` file with a long string buffer.
The easy2map plugin for WordPress is vulnerable to a SQL injection vulnerability due to the lack of sanitization of user input when constructing SQL queries. An attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable plugin. This can allow an attacker to execute arbitrary SQL commands on the underlying database, potentially allowing them to gain access to sensitive data.
A persistent XSS vulnerability was discovered in the Users module that is distributed with the core distribution of the CMS. The issue potentially allows elevation of privileges by tricking an administrator to execute some custom crafted script on his behalf. The issue affects the Username field, since a user is allowed to register a username containing potentially dangerous characters.
AirLive MD-3025, BU-3026, BU-2015, WL-2000CAM and POE-200CAM are IP cameras designed for professional surveillance and security applications. The built-in IR LEDs provide high quality nighttime monitoring. These AirLive devices are vulnerable to an OS Command Injection Vulnerability. In the case of the MD-3025, BU-3026 and BU-2015 cameras, the vulnerability lies in the cgi_test.cgi binary file. In the case of the WL-2000CAM and POE-200CAM cameras, the command injection can be performed using the vulnerable wireless_mft.cgi binary file.
The Grandstream GXV3275 is an Android-based VoIP phone. Several vulnerabilities were found affecting this device. The device ships with a default root SSH key, which could be used as a backdoor. The SSH interface only provides access to a limited CLI, which can be exploited to break out to a shell. The web interface exposes an undocumented command execution API, and allows unprivileged users to escalate privileges by modifying a cookie on the client side.
The code in ./wp-ecommerce-shop-styling/includes/download.php doesn't sanitize user input to prevent sensitive system files from being downloaded. An attacker can use the curl command to download the file from the server.
Centron 2.5.4 is susceptible to multiple vulnerabilities, including unauthenticated blind SQL injection and authenticated remote system command execution. An attacker can exploit CVE-2015-1560 to obtain a valid session_id, which is required to exploit CVE-2015-1561. By exploiting CVE-2015-1561, an attacker can inject commands into the 'ns_id' and 'end' parameters, which are passed to the popen function.
The SkyIPCam1620W Wireless N MPEG4 3GPP Network Camera is vulnerable to an OS Command Injection Vulnerability in the snwrite.cgi binary. The 'mac' parameter is not properly sanitized before being used in a call to system(). The snwrite.cgi binary also contains hard-coded credentials that can be used to authenticate to the device.
Symantec EP agent & services can be rendered useless even after globally locking down endpoint protection via a Symantec central management server and enabling globally managed password protection controls. Tested successfully on Windows 7 SP1 result may vary OS to OS.
I found a local file include with root level permissions on cradlepoint routers. So far looks like it works on MBR1400 and MBR1200 routers, though others could be affected. I say it is with root level because it can read /etc/passwd and there is no 'x' indicating the hash is stored in the /etc/shadow file. Therefore the root hash is included in this file. To access the root hash on Cradlepoint MBRs simply: curl http://192.168.1.1/../../../../../../../../../../../../etc/passwd
Services By CQR
