WordPress 5.4.x < 5.4.16 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A Cross-Site Scripting XSS vulnerability affecting the HTML API. - A Cross-Site Scripting XSS vulnerability affecting the Template Part block. - A path traversal issue...

WordPress 5.4.x < 5.4.15 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A PHP file upload bypass via Plugin Installer requiring admin privileges. - An RCE POP Chains vulnerability. Note that the scanner has not tested for these issues but has...

Exploit for Use After Free in Google Android

Bad Spin: Android Binder LPE Author: Moshe Kol Privilege esc...

WordPress 5.4.x < 5.4.7 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A data exposure vulnerability within the REST API. - A Lodash library prior to 4.17.21 vulnerbaility. Note that the scanner has not tested for these issues but has instead...

PHP 5.4.x < 5.4.0 Multiple Vulnerabilities

According to its banner, the version of PHP installed on the remote host is 5.4.x earlier than 5.4.0, and, therefore, potentially affected by multiple vulnerabilities : - cryptblowfish as used in PHP does not properly handle 8-bit characters, which makes it easier for context-dependent attackers ...

Fortinet FortiGate <= 5.2.x / 5.4.x < 5.4.9 / 5.6.x < 5.6.3 Multiple Vulnerabilities (FG-IR-17-231, FG-IR-17-245 and FG-IR-17-172)

The remote host is running FortiOS 5.2.x or prior, 5.4.x prior to 5.4.9, or 5.6.x prior to 5.6.3. It is, therefore, affected by multiple vulnerabilities. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid110415; scriptversion"1.9";...

NagiosXI <= 5.4.12 info.php SQL injection(CVE-2018-10736)

NagiosXI = 5.4.12 info.php SQL injectionCVE-2018-10736 Description A SQL injection issue was discovered in Nagios XI via the admin/info.php key1 parameter. Affected Version Nagios XI 5.2.x Nagios XI 5.4.x before 5.4.13 Proof of concept...

Photo Fusion 1.0 Cross Site Scripting

Exploit Title: Photo Fusion - Free Stock Photos Script - Xss Google Dork: N/A Date: 2017/31/12 Exploit Author: ShanoWeb Author Mail : MrdotNet2NetatGmaildotcom Vendor Homepage: https://codecanyon.net/user/teamworktec Software Buy:...

Fortinet FortiOS Information Disclosure Vulnerability (CNVD-2017-37067)

Fortinet FortiOS is a set of security operating system developed by the U.S. Fiat Fortinet company dedicated to FortiGate network security platform. The system provides users with firewall, antivirus, IPSec/SSL VPN, Web content filtering and anti-spam and other security features. An information...

Default credentials

Laravel 5.4.x before 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote attackers to conduct phishing attacks by specifying an attacker-controlled host...

CVE-2013-1824

The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue in the soapxmlParseFile and...

PHP 5.4.x < 5.4.44 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.4.x prior to 5.4.44. It is, therefore, affected by multiple vulnerabilities: - Multiple use-after-free vulnerabilities exist in the SPL component, due to improper handling of a specially crafted serialized object. A...

PHP 5.4.x < 5.4.41 Multiple Vulnerabilities

According to its banner, the version of PHP 5.4.x running on the remote web server is prior to 5.4.41. It is, therefore, affected by multiple vulnerabilities : - Multiple unspecified flaws in pcrelib. CVE-2015-2325, CVE-2015-2326 - A flaw in the pharparsetarfile function in ext/phar/tar.c could...

Hardcoded credentials

ftagent.exe in EMC AutoStart 5.4.x and 5.5.x before 5.5.0.508 HF4 allows remote attackers to execute arbitrary commands via crafted packets...

CVE-2015-0538

ftagent.exe in EMC AutoStart 5.4.x and 5.5.x before 5.5.0.508 HF4 allows remote attackers to execute arbitrary commands via crafted packets...

PHP 5.4.x < 5.4.39 Multiple Vulnerabilities

According to its banner, the version of PHP 5.4.x installed on the remote host is prior to 5.4.39. It is, therefore, affected by multiple vulnerabilities : - A use-after-free error exists related to function 'unserialize', which can allow a remote attacker to execute arbitrary code. Note that thi...

PHP 5.4.x < 5.4.35 / 5.5.x < 5.5.19 / 5.6.x < 5.6.3 Out-of-Bounds Read

Binary data 8908.prm...

PHP 5.4.x < 5.4.37 Multiple Vulnerabilities

According to its banner, the version of PHP 5.4.x installed on the remote host is prior to 5.4.37. It is, therefore, affected by multiple vulnerabilities: - The CGI component has an out-of-bounds read flaw in file 'cgimain.c' when nmap is used to process an invalid file that begins with a hash...

PHP 5.4.x < 5.4.32 Multiple Vulnerabilities

According to its banner, the remote web server is running a version of PHP 5.4.x prior to 5.4.32. It is, therefore, affected by the following vulnerabilities : - LibGD contains a NULL pointer dereference flaw in its 'gdImageCreateFromXpm' function in the 'gdxpm.c' file. By using a specially craft...

CVE-2014-5120

gdctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the 1 imagegd, 2 imagegd2, 3 imagegif, 4 imagejpeg, 5...