MAL-2025-9734 Malicious code in @zalastax/nolb-_agy (npm)

The package @zalastax/nolb-agy was found to contain malicious code...

CVE-2014-9734

Directory traversal vulnerability in the Slider Revolution revslider plugin before 4.2 for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the img parameter in a revslidershowimage action to wp-admin/admin-ajax.php...

CVE-2024-9734

Tungsten Automation Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerabilit...

CVE-2024-9734 Tungsten Automation Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Tungsten Automation Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerabilit...

CVE-2020-9734

The CVE-2020-9734 issue affects Adobe Experience Manager (AEM) Forms add-on versions 6.5.5.0 and earlier and 6.4.8.1 and earlier. It is a stored XSS vulnerability that lets users with Author privileges store scripts in Forms fields, which could be executed in a victim’s browser when opening the a...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxdashboard.php. When parsing the servicerestart parameter, the...

CVE-2020-15611

CVE-2020-15611 affects CentOS Web Panel (cwp-e17.0.9.8.923). The flaw is in ajax_dashboard.php: when parsing the service_restart parameter, the code does not properly validate a user-supplied string before using it in a system call, enabling remote code execution with root privileges. Multiple so...

Attackers Target 1M+ WordPress Sites To Harvest Database Credentials

Attackers were spotted targeting over one million WordPress websites in a campaign over the weekend. The campaign unsuccessfully attempted to exploit old cross-site scripting XSS vulnerabilities in WordPress plugins and themes, with the goal of harvesting database credentials. The attacks were...

CVE-2019-9734

Aquarius CMS through 4.3.5 writes POST and GET parameters including passwords to a log file due to an overwriting of configuration parameters under certain circumstances...

CVE-2019-9734

CVE-2019-9734 affects Aquarius CMS up to version 4.3.5, where an overwriting of configuration parameters causes POST and GET parameters (including passwords) to be written to a log file. The impact is exposure of credentials via logging under certain circumstances. The connected documents do not ...

WordPress Elegant Themes Divi Theme Directory Traversal Nmap NSE Script

local http = require "http" local shortport = require "shortport" local stdnse = require "stdnse" local string = require "string" local vulns = require "vulns" local nmap = require "nmap" description = Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote...

CVE-2014-9734

Directory traversal vulnerability in the Slider Revolution revslider plugin before 4.2 for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the img parameter in a revslidershowimage action to wp-admin/admin-ajax.php...

CVE-2014-9734

CVE-2014-9734 describes a directory traversal vulnerability in the WordPress plugin for Slider Revolution (revslider) prior to 4.2. An attacker can cause a revslider_show_image action to wp-admin/admin-ajax.php with a .. in the img parameter to read arbitrary server files. Affected: Slider Revolu...

Directory traversal

Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the img parameter in a revslidershowimage action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734...

WordPress Slider Revolution Plugin Local File Inclusion (CVE-2014-9734; CVE-2015-1579)

An information disclosure vulnerability has been reported in WordPress Slider Revolution Plugin. Successful exploitation of this vulnerability could allow a remote attacker to download local files, and may lead to disclosure of database credentials...

CVE-2014-9734

creationtimestamp| type| source ---|---|--- 2014-09-01 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/34511 2025-06-20 09:27:38+00:00| seen| https://t.me/breachdetector/791039...

CVE-2009-4661

creationtimestamp| type| source ---|---|--- 2009-09-16 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/9695 2009-09-21 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/9734...