wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
XennoBB is prone to multiple SQL injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful attack could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Various D-Link Routers are vulnerable to OS command injection in the UPnP SOAP interface. This module has been tested successfully on DIR-300, DIR-600, DIR-645, DIR-845 and DIR-865. According to the vulnerability discoverer, more D-Link devices may be affected.
The centre.php file in Messagerie Locale script allows remote attackers to include arbitrary files via a URL in the page parameter.
Bomberclone is prone to remote information-disclosure and denial-of-service vulnerabilities because it fails to properly sanitize user-supplied input.These issues allow remote attackers to access sensitive information and to crash the application, denying further service to legitimate users.
The Microsoft Windows GDI+ library 'gdiplus.dll' is prone to a denial-of-service vulnerability because the software fails to handle malformed image files properly. An attacker may leverage this issue to trigger a denial-of-service condition in software implementing the vulnerable library. Other attacks may also be possible.
The Hitron Technologies CDE-30364 router is prone to CSRF vulnerabilities which allow attackers to change router parameters and perform modifications. The exploit allows enabling/disabling web site blocking and adding new keywords/URLs for blocking. It also allows enabling/disabling the Intrusion Detection System.
PHP Pro Bid is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because the application fails to properly sanitize user-supplied input. A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
1. XSS (Reflected): CMS suffers from cross site scripting due to lack of user's input sanitization.Exploit: http://192.168.0.106/zimplit/zimplit.php?action=load&file=[XSS]http://192.168.0.106/zimplit/zimplit.php?action=load&file=%27%22%28%29%26%251%3CScRiPt%20%3Ealert%28944002%29%3C%2fScRiPt%3E2. CSRF / Directory traversal: The following URL provides files' lists to attacker. Although it requires authorized user such as admin, with an appropriate javascript exploit an attacker is capable of having administrator's view of vulnerable link.Exploit: http://192.168.0.106/zimplit/zimplit.php?action=listAllFiles&file=[Directory]
The D-Link DSL-2640B's web interface is prone to CSRF vulnerabilities which allows to change router parameters and perform modifications to the router's parameters. The specific changes described in the advisory are disabling/enabling Wireless MAC Address Filter, disabling/enabling all the Firewall protections, and enabling/disabling Remote Management.
Three proof-of-concept exploit files have been released that trigger vulnerabilities in Microsoft PowerPoint. It is currently unknown if these exploits target newly discovered vulnerabilities or exploit previously disclosed issues. These vulnerabilities may allow remote attackers to cause crashes or execute arbitrary machine code in the context of the affected application. Microsoft PowerPoint 2003 is confirmed to be vulnerable.
Services By CQR