WordPress BlindMatrix e-Commerce plugin < 3.1 - Contributor+ LFI vulnerability

Contributor+ LFI vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin BlindMatrix e-Commerce versions 3.1...

CVE-2025-10406

creationtimestamp| type| source ---|---|--- 2025-10-15 06:18:34+00:00| seen| Telegram/iQbH5fKbPR9XoOkZH19IVjH3bp-IWTP3rsolJkTelzzhNE...

CVE-2024-10406

creationtimestamp| type| source ---|---|--- 2024-10-27 00:51:12+00:00| seen| https://t.me/cvedetector/9044...

CVE-2024-10406 SourceCodester Petrol Pump Management Software edit_fuel.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/editfuel.php. The manipulation of the argument id leads to sql injection. The attack may be launched...

CVE-2024-10406 SourceCodester Petrol Pump Management Software edit_fuel.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/editfuel.php. The manipulation of the argument id leads to sql injection. The attack may be launched...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1574 more potentially affected by CVE-2019-10406 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.17)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2019-10406 Source advisory: OSV:GHSA-HW55-F8WC-82M6...

CVE-2020-10406

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/edit-group.php by adding a question mark ? followed by the payload...

CVE-2020-10406

Chadha PHPKB Standard Multi-Language 9 contains a reflected XSS in the admin area: the way URIs are handled in admin/header.php enables injection when a payload is added after a ? in admin/edit-group.php. Connected Red Hat CVEs (CVE-2020-10391, CVE-2020-10456) describe similar URI-based XSS in ot...

CVE-2020-10406

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/edit-group.php by adding a question mark ? followed by the payload...

CVE-2019-10406

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not restrict or filter values set as Jenkins URL in the global configuration, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission...

CVE-2019-10406

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not restrict or filter values set as Jenkins URL in the global configuration, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission...

CVE-2019-10406

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not restrict or filter values set as Jenkins URL in the global configuration, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission...

CVE-2019-10406

CVE-2019-10406 affects Jenkins 2.196 and earlier, including LTS 2.176.3 and earlier. The root cause is that the global configuration did not restrict or filter values set in the Jenkins URL field, allowing a stored XSS vulnerability. Exploitation requires Overall/Administer permission and can be ...

CVE-2018-10406

CVE-2018-10406 — Yelp OSXCollector : Affected product is Yelp OSXCollector. The vulnerability describes that a maliciously crafted Universal/fat binary can bypass third-party code signing checks by not completing full inspection of the multi-architecture binary, causing the tool to report that th...

CVE-2016-10406

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, and SD 835, while printing debug message of a pointer in wlanqmierrcb, the real...

CVE-2016-10406

CVE-2016-10406 affects Qualcomm-based Android devices (notably Snapdragon SoCs including MDM9650 and a wide range of SD 210/212/205, 410/12, 430, 450, 615/16/415, 617, 625, 650/52, 808, 810, 820, 835) where printing a pointer in wlan_qmi_err_cb prints the real kernel address regardless of kptr_re...

CVE-2017-10406

CVE-2017-10406 affects Oracle PeopleSoft Products, specifically the PeopleTools component subcomponent PIA Core Technology . Affected versions: 8.54, 8.55, 8.56. The vulnerability is exploitable by an unauthenticated attacker with network access via HTTP and, though requiring user interaction, ca...

CVE-2017-10406

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: PIA Core Technology. Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...

Apple Safari 3 for Windows Protocol Handler Command Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24434/info Apple Safari for Windows is prone to a protocol handler command-injection vulnerability. Exploiting the issue allows remote attackers to pass arbitrary command-line arguments to any application that can be call...

Icecast (<= 2.0.1) Header Overwrite (win32)

No description provided by source. $Id: icecastheader.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of us...