WordPress Recover Abandoned Cart for WooCommerce SQL Injection Vulnerability

WordPress Recover Abandoned Cart for WooCommerce is a plugin designed to recover unfinished orders in WooCommerce. A SQL injection vulnerability exists in WordPress Recover Abandoned Cart for WooCommerce. The vulnerability stems from improper neutralization of special elements. An attacker can...

CVE-2020-8658

The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.php=htaccesseditor CSRF. The flag htccssnoncename passes the nonce to WordPress but the plugin does not validate it correctly, resulting in a wrong implementation of anti-CSRF protection. In this...

Excel Net Computer Institute 4.1 SQL Injection

==================================================================================================================================== | Title : Excel Net Computer Institute Version 4.1 SQL injection authentication bypass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pr...

Apache Commons remote code execution vulnerability

Apache Commons is a project of the Apache Software Foundation. Apache Commons is vulnerable to a remote code execution vulnerability that could be exploited by attackers to execute malicious code via injection attacks, write webshells to websites, and take control of entire websites or even serve...

Code injection

By attempting to connect a website using an unresponsive port, an attacker could have controlled the content of a tab while the URL bar displayed the original domain. Note: This issue only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 84...

Cross site request forgery (csrf)

The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.php&action=htaccesseditor CSRF. The flag htccssnoncename passes the nonce to WordPress but the plugin does not validate it correctly, resulting in a wrong implementation of anti-CSRF protection. In...

ZZZPHP CMS 1.6.1 Remote Code Execution

Exploit Title: dynamic code evaluation of zzzphp cms 1.6.1 Google Dork: intext:"2015-2019 zzcms.com" Date: 24/02/2019 Exploit Author: Yang Chenglong Vendor Homepage: http://www.zzzcms.com/index.html Software Link: http://115.29.55.18/zzzphp.zip Version: 1.6.1 Tested on: windows/Linux,iis/apache C...

zzzphp CMS 1.6.1 - Remote Code Execution

Exploit Title: dynamic code evaluation of zzzphp cms 1.6.1 Google Dork: intext:"2015-2019 zzcms.com" Date: 24/02/2019 Exploit Author: Yang Chenglong Vendor Homepage: http://www.zzzcms.com/index.html Software Link: http://115.29.55.18/zzzphp.zip Version: 1.6.1 Tested on: windows/Linux,iis/apache C...

How to Control What Websites Can Do on Your Computer

If you're not careful, websites can grab all kinds of permissions you don't realize or intend. Take back control in your browser...

Splunk Light Open Redirection Vulnerability

Splunk Light is prone to an open redirection vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:splunk:light";...

WP Mobile Detector Vulnerability

WP Mobile Detector, a WordPress plugin, contains a vulnerability in versions prior to 3.6. Exploitation of this vulnerability could allow an attacker to take control of an affected website. US-CERT encourages users and administrators to disable the configuration option allowurlfopen if it is not...

Multiple Vulnerabilities in the ERP System of Shenzhen Mingyuan Software Co.

Shenzhen Mingyuan Software Co., Ltd. is a real estate application software and solution provider. There are multiple vulnerabilities in the ERP system of Shenzhen Mingyuan Software Co., Ltd. and by comprehensively exploiting the vulnerabilities, an attacker can obtain website control privileges a...

Picture Rating 1.0 - Blind SQL Injection Exploit

No description provided by source. !/usr/bin/perl -- Picture Rating 1.0 Blind SQL Injection Exploit -- -Info/Instructions- After running this perl script, you will have admin details therefore you will be able to login to the admin area at http://site.com/control/ ok once you have logged in has...

VirtueMart Joomla ECommerce Edition 1.0.11 Multiple Input Validation Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/20236/info VirtueMart Joomla eCommerce Edition is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to execute...

Maxtrade AIO CMS LFI Vulnerabilty

Exploit for php platform in category web applications ================================= Maxtrade AIO CMS LFI Vulnerabilty ================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ ...

Adapt CMS Lite 1.5 Remote File Inclusion

/ / / \ \ \ \ \ / / \\ \ \ \ \ // /// \ \ / / \ //|\ / \ \ \ \ \ \ / / \ \ / / \ | | | \ | | || | | |/ / \ V / || |\ V / / \ | / \ | /| | | || / | | | | . | ' || / | || // \ // \|||/|||||||||\ + AdaptCMS Lite 1.5 Remote File Inclusion Vulnerability - Author : v3n0m - Contact :...

AdaptCMS Lite 1.5 - Remote File Inclusion

AdaptCMS Lite 1.5 - Remote File Inclusion / / / \ \ \ \ \ / / \\ \ \ \ \ // /// \ \ / / \ //|\ / \ \ \ \ \ \ / / \ \ / / \ | | | \ | | || | | |/ / \ V / || |\ V / / \ | / \ | /| | | || / | | | | . | ' || / | || // \ // \|||/|||||||||\ + AdaptCMS Lite 1.5 Remote File Inclusion...

AdaptCMS Lite 1.5 - Remote File Inclusion

/ / / \ \ \ \ \ / / \\ \ \ \ \ // /// \ \ / / \ //|\ / \ \ \ \ \ \ / / \ \ / / \ | | | \ | | || | | |/ / \ V / || |\ V / / \ | / \ | /| | | || / | | | | . | ' || / | || // \ // \|||/|||||||||\ + AdaptCMS Lite 1.5 Remote File Inclusion Vulnerability - Author : v3n0m - Contact :...

HotPlug CMS Config File Include Vulnerability

Hello HotPlug CMS Config File Include Vulnerability Discovered by : HACKERS PAL Copyrights : HACKERS PAL Website : WwW.SoQoR.NeT Email : [email protected] After Script Url Add includes/class/config.inc And you will download the config file ,, so that you will be able to connect by remote connect...

MyBB 1.1.7 - Multiple HTML Injection Vulnerabilities

MyBB 1.1.7 - Multiple HTML Injection Vulnerabilities source: https://www.securityfocus.com/bid/19718/info MyBB is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and...