Lucene search
K

29 matches found

WPVulnDB
WPVulnDB
added 2022/07/22 12:0 a.m.81 views

VR Calendar < 2.3.2 - Unauthenticated Arbitrary Function Call

The plugin lets any user execute arbitrary PHP functions on the site. PoC https://example.com/wp-admin/admin-post.php?vrccmd=phpinfo...

9.8CVSS1.3AI score0.12442EPSS
Exploits2Affected Software1
Patchstack
Patchstack
added 2022/07/22 12:0 a.m.48 views

WordPress VR Calendar plugin < 2.3.1 - Unauthenticated Arbitrary Function Call vulnerability

Unauthenticated Arbitrary Function Call vulnerability discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in WordPress VR Calendar plugin versions 2.3.1. Solution Update the WordPress VR Calendar plugin to the latest available version at least 2.3.1...

9.8CVSS2.2AI score0.12442EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2022/06/13 1:15 p.m.5 views

CVE-2022-0885

The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments...

9.8CVSS7.4AI score0.09105EPSS
Exploits2References1
Code423n4
Code423n4
added 2022/05/02 12:0 a.m.13 views

User can call liquidate() and steal all collateral due to arbitrary router call

Lines of code Vulnerability details Impact A malicious user is able to steal all collateral of an unhealthy position in PARMinerV2.sol. The code for the liquidate function is written so that the following steps are followed: User calls PARMinerV2.liquidate PARMinerV2 performs the liquidation with...

7.2AI score
Exploits0
Cvelist
Cvelist
added 2022/04/18 5:10 p.m.27 views

CVE-2022-1020 Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call

The Product Table for WooCommerce wooproducttable WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wptadminupdatenoticeoption AJAX action available to both unauthenticated and authenticated users, as well as does not validate the callback parameter, allowing...

9.7AI score0.26586EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/03/22 12:0 a.m.85 views

Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call

The plugin does not have authorisation and CSRF checks in the wptadminupdatenoticeoption AJAX action available to both unauthenticated and authenticated users, as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or o...

9.8CVSS3AI score0.26586EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2022/03/22 12:0 a.m.23 views

Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call

The plugin does not have authorisation and CSRF checks in the wptadminupdatenoticeoption AJAX action available to both unauthenticated and authenticated users, as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or o...

9.8CVSS4.1AI score0.26586EPSS
Exploits2Affected Software1
exploitpack
exploitpack
added 2019/04/08 12:0 a.m.10515 views

Apache 2.4.17 2.4.38 - apache2ctl graceful logrotate Local Privilege Escalation

Apache 2.4.17 2.4.38 - apache2ctl graceful logrotate Local Privilege Escalation ?php CARPE DIEM: CVE-2019-0211 Apache Root Privilege Escalation Charles Fol @cfreal 2019-04-08 INFOS https://cfreal.github.io/carpe-diem-cve-2019-0211-apache-local-root.html USAGE 1. Upload exploit to Apache HTTP serv...

7.2CVSS0.8AI score0.65005EPSS
Exploits8
Hacker One
Hacker One
added 2019/04/02 3:17 p.m.1406 views

Internet Bug Bounty: Apache HTTP [2.4.17-2.4.38] Local Root Privilege Escalation

Hello, I reported a Local Root privilege escalation vulnerability on Apache HTTPd at the beginning of the year. Apache has now patched it, as you can see here. The vulnerability affects modprefork, modevent, and modworker, the most used mods on Linux. Basically, this is an arbitrary function call...

7.2CVSS9.1AI score0.65116EPSS
Exploits14
Rows per page
Query Builder