CVE-2026-3194

A flaw has been found in Chia Blockchain 2.1.0. The affected element is the function sendtransaction/getprivatekey of the component RPC Server Master Passphrase Handler. This manipulation causes missing authentication. The attack can only be executed locally. The attack's complexity is rated as...

CVE-2026-3194

A flaw has been found in Chia Blockchain 2.1.0. The affected element is the function sendtransaction/getprivatekey of the component RPC Server Master Passphrase Handler. This manipulation causes missing authentication. The attack can only be executed locally. The attack's complexity is rated as...

CVE-2026-3193

A vulnerability was detected in Chia Blockchain 2.1.0. Impacted is an unknown function of the file /sendtransaction. The manipulation results in cross-site request forgery. The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is considered...

CVE-2026-3192 Chia Blockchain RPC Credential rpc_server_base.py _authenticate improper authentication

A security vulnerability has been detected in Chia Blockchain 2.1.0. This issue affects the function authenticate of the file rpcserverbase.py of the component RPC Credential Handler. The manipulation leads to improper authentication. The attack is possible to be carried out remotely. The attack ...

CVE-2026-2852

A vulnerability was identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This issue affects the function addSales/updateSales/deleteSales of the file dataset\repos\warehouse\src\main\java\com\yeqifu\bus\controller\SalesController.java of the component Sales Endpoint. The...

PT-2025-43865

Name of the Vulnerable Software and Affected Versions Kamailio version 5.5 Description A flaw exists in Kamailio that involves a use-after-free condition. This issue is located within the Configuration File Handler component, specifically in the sr push yy state function of the src/core/cfg.lex...

PT-2025-32467 · Unknown · Litmuschaos

Name of the Vulnerable Software and Affected Versions: LitmusChaos Litmus versions up to 3.19.0 Description: A problematic issue exists in LitmusChaos Litmus due to improper control of resource identifiers resulting from the manipulation of the projectID argument. This issue can be exploited...

PT-2025-32445 · Vsftpd +1 · Vsftpd +1

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-822DRE version FW103B02 Description: A vulnerability exists in TRENDnet TEW-822DRE FW103B02, affecting an unknown part of the vsftpd component. The issue results in a least privilege violation. Local access is required for...

WordPress Photocart Link 1.6 Local File Inclusion

Exploit Title: Wordpress Plugin Photocart Link - Local File Inclusion Exploit Author: CrashBandicot @DosPerl Date: 2016-03-27 Google Dork : inurl:/wp-content/plugins/photocart-link/ Vendor Homepage: https://fr.wordpress.org/plugins/photocart-link/ Tested on: MSWin32 Version: 1.6 Vuln file :...

WordPress Plugin Photocart Link 1.6 - Local File Inclusion

Exploit Title: Wordpress Plugin Photocart Link - Local File Inclusion Exploit Author: CrashBandicot @DosPerl Date: 2016-03-27 Google Dork : inurl:/wp-content/plugins/photocart-link/ Vendor Homepage: https://fr.wordpress.org/plugins/photocart-link/ Tested on: MSWin32 Version: 1.6 Vuln file :...

UNIT4 Prosoft HRMS 8.14.230.47 Cross Site Scripting

Vulnerability type: Cross-site Scripting Vendor: http://www.unit4.com/ Product: UNIT4 Prosoft HRMS Product site: http://www.unit4apac.com/products/prosofthrms Affected version: 8.14.230.47 Fixed version: 8.14.330.43 Credit: Jerold Hoong & Edric Teo PROOF OF CONCEPT The login page of UNIT4's Proso...

Novell Sentinel Log Manager <= 1.2.0.2 - Retention Policy Vulnerability

No description provided by source. Novell Sentinel Log Manager ver. =1.2.0.2 allows unauthenticated users configuring retention policies. Vendor informed: 2012/09/06 Patch Released: 2012/09/21 PoC: !/bin/bash TARGET=$1 PORT=8443 if $ -ne 1 ; then echo Usage: basename $0 target exit 1 fi echo POST...

Syhunt Advisory: CGILua session.lua Predictable Session ID Vulnerability

Syhunt Advisory: CGILua session.lua Predictable Session ID Vulnerability Advisory-ID: 201404301 Discovery Date: 03.27.2014 Release Date: 04.30.2014 Affected Applications: CGILua 5.0.x, CGILua 5.1.x., CGILua 5.2 alpha 1 & CGILua 5.2 alpha 2 Class: Predictable Session ID Status: Unpatched/Vendor...

Novell Sentinel Log Manager 1.2.0.2 - Retention Policy

Novell Sentinel Log Manager 1.2.0.2 - Retention Policy Novell Sentinel Log Manager ver. =1.2.0.2 allows unauthenticated users configuring retention policies. Vendor informed: 2012/09/06 Patch Released: 2012/09/21 PoC: !/bin/bash TARGET=$1 PORT=8443 if $ -ne 1 ; then echo "Usage: basename $0 targe...

Linux Kernel 2.6.38 Remote NULL Pointer Dereference

Linux Kernel 2.6.38 Remote NULL Pointer Dereference ==================================================== Advisory Information Title: Linux kernel 2.6.38: Remote NULL pointer dereference Release date: 11/05/2011 Last update: 11/05/2011 Credits: Aristide Fattori, Universitа degli Studi di Milano...

cpcommerce-bypass.txt

Author: girex Homepage: girex.altervista.org CMS: cpCommerce 1.2.6 Site: http://cpcommerce.cpradio.org/ Bug: URL Rewrite - Input variables overwrite PoC: Auth bypass - Shell upload Note: Works regardless php.ini settings Vendor informed: 23/11/08 cpCommerce 1.2.7 released: 30/11/08 Public advisor...

Social Engine 2.7 CRLF Injection + SQL injection

HACKATTACK Advisory 2008-11-20Social Engine 2.7 CRLF Injection + SQL injection Details Product: Social Engine Security-Risk: moderate Remote-Exploit: yes Vendor-URL: http://www.socialengine.net/ Vendor-Status: informed Advisory-Status: published Credits Discovered by: David Vieira-Kurz of...

social-sql.txt

HACKATTACK Advisory 2008-11-20Social Engine 2.7 CRLF Injection + SQL injection Details Product: Social Engine Security-Risk: moderate Remote-Exploit: yes Vendor-URL: http://www.socialengine.net/ Vendor-Status: informed Advisory-Status: published Credits Discovered by: David Vieira-Kurz of...

[MajorSecurity Advisory #53]BLUEPAGE CMS - Cross Site Scripting and Session Fixation Issues

MajorSecurity Advisory 53BLUEPAGE CMS - Cross Site Scripting and Session Fixation Issues Details ======= Product: BLUEPAGE CMS Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.bluepage-cms.com/ Vendor-Status: informed Advisory-Status: published Credits ============ Discovered b...

miniBB 2.2 (CSS/SQL/FPD) Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ======================================================== miniBB 2.2 CSS/SQL/FPD Multiple Remote Vulnerabilities ======================================================== Author: GiReX Date: 21/04/2008 CMS: miniBB 2.2 and maybe prior Site:...