CVE-2020-10866

An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service AvastSvc.exe allows attackers to enumerate the network interfaces and access points from a Low Integrity process via RPC...

CVE-2019-10866

In the Form Maker plugin before 1.13.3 for WordPress, it's possible to achieve SQL injection in the function getlabelsparameters in the file form-maker/admin/models/Submissionsfm.php with a crafted value of the /models/Submissioc parameter...

Linux Distros Unpatched Vulnerability : CVE-2018-10866

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to remove...

CVE-2024-10866

creationtimestamp| type| source ---|---|--- 2025-01-07 07:25:22+00:00| seen| https://infosec.exchange/users/cve/statuses/113785878716135383 2025-01-07 07:37:07+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/366 2025-01-07 08:15:43+00:00| seen|...

CVE-2024-10866 Export Import Menus <= 1.9.1 - Missing Authorization to Unauthenticated Menu Export

The Export Import Menus plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the dspexportimportmenus function in all versions up to, and including, 1.9.1. This makes it possible for unauthenticated attackers to export menu data and settings...

CVE-2024-10866 Export Import Menus <= 1.9.1 - Missing Authorization to Unauthenticated Menu Export

The Export Import Menus plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the dspexportimportmenus function in all versions up to, and including, 1.9.1. This makes it possible for unauthenticated attackers to export menu data and settings...

CVE-2018-10866

It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to remove a "system" file, that is an xml file with host related information, not belonging to him...

CVE-2018-10866

CVE-2018-10866 affects redhat-certification version 7. The vulnerability stems from the /configuration view not performing an authorization check, enabling an unauthenticated user to remove a host-specific XML file (a “system” file). This represents an integrity/availability risk without requirin...

CVE-2020-10866

CVE-2020-10866 affects Avast Antivirus before version 20. The vulnerability stems from the aswTask RPC endpoint in the TaskEx library used by AvastSvc.exe, which allows a Low Integrity process to enumerate network interfaces and access points via RPC. This exposes potential exposure of network to...

CVE-2016-10866

The CVE-2016-10866 entry concerns the All In One WP Security & Firewall WordPress plugin. Connected sources confirm multiple XSS vulnerabilities in the plugin prior to version 4.2.0. Affected software: all-in-one-wp-security-and-firewall for WordPress (pre-4.2.0). Root cause: unspecified in the d...

WordPress Form Maker Plugin SQL Injection (CVE-2019-10866)

An SQL injection vulnerability exists in WordPress Form Maker Plugin. Successful exploitation of this vulnerability could lead to disclosure of database credentials...

WordPress Form Maker 1.13.3 Plugin - SQL Injection Exploit

Exploit for php platform in category web applications -- coding: utf-8 -- Exploit Title: WordPress Plugin Form Maker 1.13.3 - SQL Injection Exploit Author: Daniele Scanu @ Certimeter Group Vendor Homepage: https://10web.io/plugins/ Software Link: https://wordpress.org/plugins/form-maker/ Version:...

WordPress Plugin Form Maker 1.13.3 - SQL Injection

-- coding: utf-8 -- Exploit Title: WordPress Plugin Form Maker 1.13.3 - SQL Injection Date: 22-03-2019 Exploit Author: Daniele Scanu @ Certimeter Group Vendor Homepage: https://10web.io/plugins/ Software Link: https://wordpress.org/plugins/form-maker/ Version: 1.13.3 Tested on: Ubuntu 18.04 CVE :...

WordPress Plugin Form Maker 1.13.3 - SQL Injection

WordPress Plugin Form Maker 1.13.3 - SQL Injection -- coding: utf-8 -- Exploit Title: WordPress Plugin Form Maker 1.13.3 - SQL Injection Date: 22-03-2019 Exploit Author: Daniele Scanu @ Certimeter Group Vendor Homepage: https://10web.io/plugins/ Software Link:...

CVE-2019-10866

creationtimestamp| type| source ---|---|--- 2019-05-23 19:48:27+00:00| seen| https://t.me/cvemitreorg/261...

CVE-2019-10866

In the Form Maker plugin before 1.13.3 for WordPress, it's possible to achieve SQL injection in the function getlabelsparameters in the file form-maker/admin/models/Submissionsfm.php with a crafted value of the /models/Submissioc parameter...

CVE-2019-10866

The CVE-2019-10866 vulnerability affects WordPress Form Maker plugin prior to version 1.13.3. A SQL injection exists in the get_labels_parameters flow inside form-maker/admin/models/Submissions_fm.php, triggered by crafted values (notably via the asc_or_desc parameter in PoC scenarios). Documente...

WordPress Form Maker 1.13.3 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress Plugin Form Maker 1.13.3 - SQL Injection Exploit Author: Daniele Scanu @ Certimeter Group Vendor Homepage: https://10web.io/plugins/ Software Link: https://wordpress.org/plugins/form-maker/ Version: 1.13.3 Tested on:...

WordPress Form Maker 1.13.3 SQL Injection

Exploit Title: WordPress Plugin Form Maker 1.13.3 - SQL Injection Date: 22-03-2019 Exploit Author: Daniele Scanu @ Certimeter Group Vendor Homepage: https://10web.io/plugins/ Software Link: https://wordpress.org/plugins/form-maker/ Version: 1.13.3 Tested on: Wordpress 5.1 Description: In the Form...