CVE-2025-9632 PhpList Subber <= 1.1 - Cross-Site Request Forgery

The PhpList Subber plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the bulkactionhandler function. This makes it possible for unauthenticated attackers to trigger bulk synchronizati...

PhpList 安全漏洞

PhpList is a suite of open source newsletter and email marketing software from PhpList UK. A security vulnerability exists in phpList 3.5.3 that stems from the use of == instead of === for password hashing. No details of the vulnerability are provided at this time...

Nextcloud: Bruteforce attack is possible on newsletter.nextcloud.com

Since HTTP Basic authentication is used on https://newsletter.nextcloud.com, This type of authentication is vulnerable to Bruteforce attack. refer the attachment below F100241 refer the attachment below F100240 Attacking via metasploit auxilary scanner httplogin: refer the attachment below F10023...

PHP-List Remote Code Execution

phplist 2.10.x remote code execution Credit:AmnPardaz Security Research Team for the vuln exploit author [email protected] Poc root@server pentest perl phplistrce.pl http://www.helpcenter.it/list/ phplist 2.10.x 0day RCE may b others by mozi: uname -a 686 i686 i386 GNU/Linux mozi: w 04:43:41 up...

PHP List

Product : PHP List Version : 1.1.1b WebSite : http://phplist.kipu.co.uk Problem : phpinfo Description: ------------ info.php =========== ? echo phpinfo ? =========== Exploit: -------- http://somehost/list/info.php...