wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
EGroupware is prone to a remote command execution vulnerability because the software fails to adequately sanitize user-supplied input. Successful attacks can compromise the affected software and possibly the computer running EGroupware.
The Joomla com_bidding component is vulnerable to SQL injection. By manipulating the 'id' parameter in the URL, an attacker can execute arbitrary SQL queries and retrieve sensitive information from the database. The vulnerability can be exploited by appending a UNION ALL SELECT statement to the URL, allowing the attacker to extract data from the 'jos_users' table.
ZipTorrent 1.3.7.3 stores proxy server information and password in plain text, allowing a local user to read passwords and others.
The ItSecTeam has discovered a blind SQL injection vulnerability in PHP Classifieds version 7.5. The vulnerability allows an attacker to inject SQL code through the 'bid' parameter in the 'ad_click.php' file. The vulnerable code fails to properly sanitize user input, allowing the attacker to execute arbitrary SQL queries on the database.
The PhpMyLogon application is vulnerable to SQL injection. By manipulating the username field during the login process, an attacker can bypass authentication and gain unauthorized access to the application. The vulnerable code retrieves user information from the database using a SQL query that is constructed with user-supplied input without proper sanitization or parameterization, allowing an attacker to inject malicious SQL statements. This vulnerability can be exploited by entering a specially crafted username, such as 'blake' or '1'='1' #', which will cause the query to return all records from the database, effectively bypassing the authentication check. This allows the attacker to log in as any user without knowing their password.
The exploit allows an attacker to cause a Denial of Service (DoS) by sending a specially crafted request to the Kerio MailServer 6.2.2. The vulnerability is fixed in Kerio MailServer 6.3.1.
The vulnerability exists in the forgotpassword.php file of MicroWorld eScan Antivirus < 3.x on Linux. The script does not properly validate user input in the 'uname' parameter, allowing an attacker to inject malicious commands and execute them with root privileges. By sending a specially crafted POST request to the forgotpassword.php script, an attacker can execute arbitrary commands on the target system.
This exploit targets the com_invoke(), com_propput(), com_propset(), and iconv_mime_encode() functions in PHP versions 4.4.6 and 5.0.3. It causes a local denial of service by repeatedly calling these functions with a large buffer size, resulting in resource exhaustion.
Remote rpc exploit breaking non exec memory protection schemes. Tested against OverflowGuard and StackDefender (kernel32 imagebase randomization). Currently breaking Windows 2000 SP0 (english) and Windows XP SP0 (english).
This vulnerability allows an attacker to add a new link through Cross-Site Request Forgery (CSRF) on the Admin module of AneCMS. By exploiting this vulnerability, an attacker can submit a form with hidden fields containing malicious data, which will be executed when the form is submitted by an authenticated user.
Services By CQR