WordPress Content Visibility for Divi Builder plugin <= 4.02 - Authenticated (Contributor+) Remote Code Execution vulnerability

Authenticated Contributor+ Remote Code Execution vulnerability discovered by ZAST.AI - ZAST.AI in WordPress Plugin Content Visibility for Divi Builder versions = 4.02...

CVE-2026-29516

Buffalo TeraStation NAS TS5400R firmware version 4.02-0.06 and prior contain an excessive file permissions vulnerability that allows authenticated attackers to read the /etc/shadow file by uploading and executing a PHP file through the webserver. Attackers can exploit world-readable permissions o...

CVE-2026-29516

Affected product : Buffalo TeraStation NAS TS5400R (firmware 4.02-0.06 and earlier). Vulnerability : excessive file permissions allow an authenticated attacker to read /etc/shadow by uploading and executing a PHP file via the webserver, enabling disclosure of hashed passwords for all accounts inc...

CVE-2024-7897

A vulnerability classified as critical has been found in Tosei Online Store Management System ネット店舗管理システム 4.02/4.03/4.04. This affects an unknown part of the file /cgi-bin/toseikikai.php. The manipulation of the argument kikaibangou leads to command injection. It is possible to initiate the attac...

PT-2024-38667 · Unknown · Tosei Online Store Management System

Name of the Vulnerable Software and Affected Versions: Tosei Online Store Management System versions 4.02 through 4.04 Description: A critical issue affects some unknown functionality of the file /cgi-bin/p1 ftpserver.php. The manipulation of the adr txt argument leads to command injection. The...

PT-2024-1194

Name of the Vulnerable Software and Affected Versions Hitron Systems DVR HVR-4781 versions 1.03 through 4.02 Description The issue is related to the use of default credentials in the Hitron Systems DVR HVR-4781, which can be exploited by a remote attacker to cause a denial of service by utilizing...

WordPress Sponsors Carousel Plugin <= 4.02 is vulnerable to Cross Site Scripting (XSS)

Software Sponsors Carousel Type Plugin Vulnerable versions = 4.02 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23808 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 268e027bdd31 Credits Rio Darmawan Required...

SEMA API < 4.02 - Unauthenticated SQLi

The plugin does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauthenticated users v 3.64: curl http://example.com/wp-admin/admin-ajax.php --data 'action=getsemadata&type=attributes&catid=-3 UNION...

PT-2021-7969 · Xpdf +1 · Xpdf +1

Name of the Vulnerable Software and Affected Versions: xpdf version 4.02 Description: The issue is related to an infinite recursion in the Catalog::findDestInTree function, which can cause a denial of service. This function is part of the xpdf software, used for viewing PDF files. The recursion i...

Xpdf Stack Depletion Vulnerability

Xpdf is a free PDF viewer and toolkit that includes a text extractor, image converter, HTML converter and more. A stack consumption vulnerability exists in the FoFiType1C::getOp function in Xpdf 4.02. The vulnerability stems from a failure to correctly reference a subroutine in a Type 1C font...

[ASA-201910-10] xpdf: arbitrary code execution

Arch Linux Security Advisory ASA-201910-10 ========================================== Severity: Medium Date : 2019-10-16 CVE-ID : CVE-2019-16927 Package : xpdf Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-1048 Summary ======= The package xpdf before versio...

Xpdf <= 4.02 Denial of Service (DoS) Vulnerability

Xpdf is prone to a denial of service DoS vulnerability. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you c...

HPE UCMDB Browser Information Disclosure Vulnerability

HPE UCMDB Browser is a lightweight web client for accessing UCMDB data. A security vulnerability exists in HPE UCMDB Browser versions prior to 4.02. A remote attacker could exploit this vulnerability to obtain sensitive information or bypass targeted access restrictions...

Calendars for the Web 4.02 - Admin Authentication Bypass

Exploit discovered by SecVuln from http://secvuln.com Come join our clan! contact [email protected] Author == SecVuln Version == 4.02 Software == Calendars for the web by great hill corporation Calendars for the web has a vulnerability in the administration page. The page saves the past session...

OBlog (tags. asp) Remote SQL Injection Exploit-vulnerability warning-the black bar safety net

The official has been fixed the vulnerability. –==+=================== www.nspcn.org =================+==– –==+ OBlog tags. asp Remote SQL Injection Exploit +==– –==+====================================================================================+==– Author: Whytt & Tr4c3at1 2 6dotcom...