MAL-2026-4683 Malicious code in tax4all-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 411707aa243c516b714830da4805c4abacaa4d5f7e2e8959773cd93468dd78aa The exported ContactForm Vue component in deploy/dist/index.js hardcodes form submissions to https://formsubmit.co/ajax/[email protected] — the...

Malicious code in gator-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1925735d02fb91f74a11718c3402ad0b10f551eecb8c6d88f02d475b3e0a799f On npm install via scripts.install: node index.js and on every require'gator-client', lib/core.js collects os.userInfo.username, os.hostname, and the...

CVE-2026-3454

CVE-2026-3454 affects the WordPress plugin GenerateBlocks (versions <= 2.2.0). The vulnerability is an Insecure Direct Object Reference in the REST endpoint /wp-json/generateblocks/v1/dynamic-tag-replacements . The endpoint only checks user capability (edit_posts) and does not verify that the ...

CVE-2026-3454 GenerateBlocks <= 2.2.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure via Dynamic Tag Replacements

The GenerateBlocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.0. This is due to missing object-level authorization checks in the /wp-json/generateblocks/v1/dynamic-tag-replacements REST endpoint. The endpoint only verifies that...

Malicious code in ftapi-core (npm)

Multiple suspicious behaviors: hex obfuscation, code execution via constructor, process access, install script, and suspicious author email. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a78a31e9e0e51a5531ac61b714695aa1af1ac1379233e78623ac3ed63285f6c The...

Malicious code in @ceeferenderer/itg-renderer-sdk (npm)

Malicious package due to code obfuscation, dynamic module loading, process exposure, suspicious install script, and untrustworthy author email. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51b9fa22264e38705c3a7ba319515ee66036e72ab14c32d08b01a5695aa191b8 This...

PT-2024-2396 · Phpmyfaq · Phpmyfaq

Name of the Vulnerable Software and Affected Versions: phpMyFAQ version 3.2.5 Description: A SQL injection vulnerability has been discovered in the "Add News" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to...

Find a Place CMS Directory 1.5 - &#039;assets/external/data_2.php cate&#039; SQL Injection

Exploit Title: Find a Place CMS Directory 1.5 - 'assets/external/data2.php cate' SQL Injection Google Dork: inurl:"assets/external/data.php" Date: 14 Feb 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me Vendor Homepage: https://themerig.com/...

Embed Video Scripts - Persistent Cross-Site Scripting

Exploit Title: Embed Video Scripts - Cross-site Script stored Google Dork: N/A Date: 1 Jan 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me POC Video: https://youtu.be/2CFJLwkxpT8 Vendor Homepage: https://codeawesome.in/embed/ Software Link:...

WordPress leenk.me 2.5.0 Cross Site Request Forgery / Cross Site Scripting

I would like to disclose CSRF and stored XSS vulnerability in Wordpress plugin LeenkMe version 2.5.0. The plugin can be found at https://wordpress.org/plugins/leenkme/ In the page wp-content/plugins/leenkme/facebook.php XSS vulnerable Fields are : - facebookmessage - facebooklinkname -...

Zyxware Health Monitoring System - Multiple Vulnerabilities

Zyxware Health Monitoring System - Multiple Vulnerabilities Exploit Title: Zyxware Health Monitoring System Multiple Vulnerability Google Dork: Inurl:maps/layers.php?bdywidth= and more Date: 07 Sep 2013 Vendor Homepage: http://www.zyxware.com/ Software Link:...

Hiverr v2.2 Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Hiverr v2.2 Multiple Vulnerabilities Date: 05.02.2013 Author: xStarCode Exploit Author: xStarCode Version: 2.2 Category: webapps Google Dork: Tested on: Linux Exploit: -----Index Vulnerabilities: == SQL Injections...

A-PDF All to MP3 Converter 2.0.0 - &#039;.wav&#039; Local Buffer Overflow (SEH)

Exploit Title: A-PDF All to MP3 Converter v.2.0.0 SEH overflow Software Link: http://www.a-pdf.com/all-to-mp3/download.htm Version: = 2.0.0 Tested on: Win XP SP2 English Date: 29/01/2011 Author: m0nna Email: [email protected] triggering details: Open the app, drag the crafted .wav file, cal...

New-CMS v1.08 Multiple Vulnerability

Exploit for unknown platform in category web applications ==================================== New-CMS v1.08 Multiple Vulnerability ==================================== Multiple Vulnerability in New-CMS Vendor SW: New-CMS Version: 1.08 but possible all versions Vendor URL: www.new-cms.org Tested...

hostdir-cookie.txt

$ Script.......: HostDirectory Pro $ Download.....: http://www.mediafire.com/?71nvkj199n7 null Real Price :Price single license : $79.95 USD $ Author.......: CrackersChild | [email protected] $ Class........: Insecure Cookie Handling $ Demo.........:...