wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Multiple vulnerabilities have been found in Airlive devices. These include Cross Site Request Forgery (CWE-352) and Clickjacking (CAPEC-103), Relative Path Traversal (CWE-23), Information Exposure (CWE-200) and Permissions, Priveleges and Access Controls (CWE-264), Clear Text Storage of Sensitive Information (CWE-312), and Denial of Service.
The Isemarket JaguarControl ActiveX control is prone to a buffer overflow. This could result in a failure of the client application invoking the control or potentially execution of arbitrary code.
This module exploits a flaw in the Web Start component of the Sun Java Runtime Environment. Parameters intial-heap-size and max-heap-size in a JNLP file can contain a double quote which is not properly sanitized when creating the command line for javaw.exe. This allows the injection of the -XXaltjvm option to load a jvm.dll from a remote UNC path into the java process. Thus an attacker can execute arbitrary code in the context of a browser user. This flaw was fixed in Oct. 2012 and affects JRE <= 1.6.35 and <= 1.7.07.In order for this module to work, it must be ran as root on a server that does not serve SMB. Additionally, the target host must have the WebClient service (WebDAV Mini-Redirector) enabled. Alternatively an UNC path containing a jvm.dll can be specified with an own SMB server.
This exploit allows an attacker to execute arbitrary code with the privileges of the mscreen program on SCO OpenServer 5.0.5. By providing a specially crafted input, the attacker can overflow the buffer and overwrite the return address, redirecting the execution flow to their own malicious code.
The MobileIron Virtual Smartphone Platform has a command injection vulnerability within the telnet/SSH shell that allows for elevation of privileges to "root" from a low privileged user as well as escaping the restrictive shell.
PluggedOut CMS is prone to multiple cross-site scripting and SQL injection vulnerabilities. Exploitation could allow for theft of cookie-based authentication credentials or unauthorized access to database data. Other attacks are also possible.
The Contrexx CMS is affected by multiple input validation vulnerabilities that allow for HTML injection, SQL injection, and information disclosure attacks. An attacker can exploit these vulnerabilities by supplying a specially crafted value for the 'votingoption' parameter and submitting the form. Additionally, the vulnerabilities can be exploited through the 'section' and 'term' parameters in specific URLs. These vulnerabilities can be used to carry out attacks such as executing arbitrary JavaScript code (XSS) and retrieving sensitive information from the database.
This is a local exploit for splitvt version less than 1.6.5. It allows an attacker to gain unauthorized access to the system.
This script can be used to check whether a user exists on a remote server running OpenSSH. It relies on the timing difference between valid and invalid user login attempts to determine if a user exists or not. It is accurate against Red Hat boxes and Linux boxes running grsecurity, but not vulnerable on *BSD boxes which always have a 10-second delay.
The mod_oradav module for Oracle HTTP Server included in Oracle9i Application Server is prone to a vulnerability. This is related to access controls on the '/dav_public' and '/dav_portal' directories, allowing a malicious user to fill up the directory. It is not known if this could have other security impacts.
Services By CQR