45 matches found
PT-2026-44092
Name of the Vulnerable Software and Affected Versions weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WordPress plugin versions prior to 2.1.3 Description The plugin fails to properly escape a user-supplied parameter before reflecting it into an...
📄 NCR Command Center Agent 16.3 Remote Command Execution
Proof of concept exploit for a remote command execution vulnerability in NCR Command Center Agent version 16.3 on Aloha POS/BOH servers. The vulnerability allows remote, unauthenticated attackers to execute arbitrary commands with SYSTEM privileges by sending a specially crafted XML document to...
MiracleLinux 9 : podman-4.9.4-3.el9 (AXSA:2024-8089:04)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8089:04 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods...
NCR Command Center Agent Remote Code Execution
CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter within an XML document sent to port 8089 that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021. The...
📄 NCR Command Center Agent 16.3 Remote Code Execution
CMCAgent in NCR Command Center Agent version 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter within an XML document sent to port 8089 that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021...
CVE-2025-8089
creationtimestamp| type| source ---|---|--- 2025-08-16 07:05:56+00:00| seen| Telegram/XOeZnnwtog5Xm0eJTP7Usf2xMEM4HAKoGUZyiYXKdryGv8w...
CVE-2025-8089 Advanced iFrame <= 2025.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'additional' parameter in version less than, or equal to, 2025.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
WordPress Advanced iFrame plugin <= 2025.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Advanced iFrame versions = 2025.6...
CVE-2020-8089
Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to the grouplist page...
CVE-2024-8089
creationtimestamp| type| source ---|---|--- 2024-08-23 02:54:45+00:00| seen| https://t.me/cvedetector/3972...
CVE-2024-8089 SourceCodester E-Commerce System controller.php unrestricted upload
A vulnerability was found in SourceCodester E-Commerce System 1.0. It has been classified as critical. Affected is an unknown function of the file /ecommerce/admin/products/controller.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack...
CVE-2024-8089 SourceCodester E-Commerce System controller.php unrestricted upload
A vulnerability was found in SourceCodester E-Commerce System 1.0. It has been classified as critical. Affected is an unknown function of the file /ecommerce/admin/products/controller.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack...
FreePBX 安全漏洞
FreePBX formerly known as Asterisk Management Portal is a set of tools from the FreePBX project for configuring Asterisk an IP telephony system via a GUI web-based graphical interface. A security vulnerability exists in FreePBX that stems from the addition of the AMPDBUSER, AMPDBPASS, AMPMGRUSER,...
Debian: Security Advisory (DLA-251-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2014-0434)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-3122
CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter within an XML document sent to port 8089 that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021. NOTE: th...
Design/Logic Flaw
CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter within an XML document sent to port 8089 that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021. NOTE: th...
PT-2021-19204
Name of the Vulnerable Software and Affected Versions NCR Command Center Agent version 16.3 Description The issue allows for the remote, unauthenticated execution of an arbitrary command as SYSTEM. This is achieved by submitting a runCommand parameter within an XML document sent to port 8089. The...
VulnCheck KEV: CVE-2021-3122
CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter within an XML document sent to port 8089 that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021...
NCR Command Center Agent Operating System Command Injection Vulnerability
NCR Aloha Essentials is the mobile POS enabled hardware from NCR USA. It provides an end-to-end restaurant management platform A security vulnerability exists in the CMCAgent in NCR Command Center Agent 16.3, which originates from allowing submission of the runCommand parameter in an XML document...