wp-pagenavi
domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init
action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114The Linux Kernel is prone to a denial-of-service vulnerability. A local attacker can exploit this issue to crash the kernel.
The vulnerability allows an attacker to execute arbitrary script code in the browser of an unsuspecting user, potentially leading to the theft of authentication credentials and other attacks.
Pagesetter is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts.
SQLiteManager is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.
The vulnerability in PHPBB2 allows attackers to gain administrative access to the application by bypassing access validation. Attackers can modify the user level and user number parameters in the form to gain administrative privileges.
Audins Audiens is prone to multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, because the application fails to sufficiently sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, retrieve and overwrite sensitive information, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, allow an attacker to steal authentication credentials, compromise the application, retrieve and overwrite sensitive information, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
The application fails to sufficiently sanitize user-supplied input, leading to SQL-injection issues and a cross-site scripting issue. Exploiting these vulnerabilities could result in stealing authentication credentials, compromising the application, retrieving and overwriting sensitive information, accessing or modifying data, or exploiting latent vulnerabilities in the database implementation.
Inside the file ‘mobile/php/translation/index.php’ the following code can be found: $langFileLocation = ‘.’; $LZLANG = Array(); if (isset($_GET['g_language'])) { $language = ($_GET['g_language'] != ”) ? $_GET['g_language'] : ‘ein’; require ($langFileLocation . ‘/langmobileorig.php’); $LZLANGEN = $LZLANG; if (file_exists($langFileLocation . ‘/langmobile’ . $language . ‘.php’)) { require ($langFileLocation . ‘/langmobile’ . $language . ‘.php’); } The ‘g_language’ GET parameter is not validated before using it in a php require function call. This allows to include files that are stored on a windows server. It is, in this case, not possible to include files, if the php application is running on a linux server because ‘/langmobile’+ the language is not a directory and therefore cannot be traversed. In recent PHP versions null bytes are blocked. This means that in this case only files with the PHP extension can be
This module exploits a buffer overflow on the Supermicro Onboard IPMI controller web interface. The vulnerability exists on the close_window.cgi CGI application, and is due to the insecure usage of strcpy. In order to get a session, the module will execute system() from libc with an arbitrary CMD payload sent on the User-Agent header. This module has been tested successfully on Supermicro Onboard IPMI (X9SCL/X9SCM) with firmware SMT_X9_214.