Authorization

The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the downloadorderdetaillist, changeorderlist, and downloadmemberlist functions called via admininit hooks in versions up to, and including, 2.2.7. This makes it possible for...

CVE-2022-1821

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for a subgroup member to access the members list of their parent group...

PT-2022-14140 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 10.8 through 14.9.4 GitLab CE/EE versions 14.10 through 14.10.3 GitLab CE/EE versions 15.0 through 15.0.0 Description: An issue has been discovered in GitLab CE/EE. It may be possible for a subgroup member to access the...

Members List < 4.3.7 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters in various pages before outputting them back, leading to Reflected Cross-Site Scripting issues PoC https://example.com/wp-content/plugins/members-list/admin/view/user.php?page=%22%3E%3Cimg/src/onerror=alert/XSS/%20x...

Members List < 4.3.7 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters in various pages before outputting them back, leading to Reflected Cross-Site Scripting issues https://example.com/wp-content/plugins/members-list/admin/view/user.php?page=%22%3E%3Cimg/src/onerror=alert/XSS/%20x...

WordPress Members List plugin <= 4.3.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Jan w Oleju in WordPress Members List plugin versions = 4.3.0. Solution Update the WordPress Members List plugin to the latest available version at least 4.3.7...

Chinese design website database hacked by Team Jmc H4x0rs

Chinese design website database hacked by Team Jmc H4x0rs Webpage Members List: Database View: Admin Panel: Webpage https://www.333cn.com/ Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post...

Exero CMS 1.0.1 - theme Multiple Local File Inclusions

Exero CMS 1.0.1 - theme Multiple Local File Inclusions Exero CMS 1.0.1 theme Multiple Local File Inclusion Vulnerabilities Script : http://switch.dl.sourceforge.net/sourceforge/exerocms/ExeroCMS1-0-1.rar Home Page : http://ecms.getox.net/ POC :...

phpnuke60.txt

Informations : °°°°°°°°°°°°°° Language : PHP Website : http://www.phpnuke.org Versions : 6.0 & 6.5? Modules : MembersList, YourAccount Problem : SQL Injection PHP Configuration : This will work if magicquotesgpc=OFF. PHP Code/Location : °°°°°°°°°°°°°°°°°°° /modules/MembersList/index.php :...