Pexip Infinity before 27.3 allows remote attackers to force a software abort via HTTP. An attacker can sometimes join a conference (call join) if it has a lock but not a PIN. Pexip Infinity 27.x before 27.2 has Improper Access Control. Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join. Pexip Infinity before 27.3 allows remote attackers to trigger a software abort, and possibly enumerate usernames, via One Touch Join. The OAuth Single Sign On WordPress plugin before 6.22.6 doesn’t validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user’s email address.ĮIPStackGroup OpENer v2.3.0 was discovered to contain a stack overflow via /bin/posix/src/ports/POSIX/OpENer+0x56073d. The Jquery Validation For Contact Form 7 WordPress plugin before 5.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change Blog options like default_role, users_can_register via a CSRF attackĪn Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that allows attackers to getshell via the Settings Upload Picture section by uploading pictures with malicious code, user.ini. Jquery_validation_for_contact_form_7_project - jquery_validation_for_contact_form_7 The exploit has been disclosed to the public and may be used.
It is possible to launch the attack remotely.
The manipulation of the argument scat with the input =51′ AND 4941=4941 AND ‘hoCP’=’hoCP leads to sql injection. Affected is an unknown function of the file /subpage.php. The exploit has been disclosed to the public and may be used.Ī vulnerability classified as critical has been found in Itech Classifieds Script 7.27. The manipulation of the argument token with the input 704667c6a1e7ce56d3d6fa748ab6d9af3fd7′ AND 6539=6539 AND ‘Fakj’=’Fakj leads to sql injection. This issue affects some unknown processing of the file /catcompany.php. The Insights from Google PageSpeed WordPress plugin before 4.0.7 does not verify for CSRF before doing various actions such as deleting Custom URLs, which could allow attackers to make a logged in admin perform such actions via CSRF attacksĪ vulnerability was found in Itech B2B Script 4.28. Insights_from_google_pagespeed_project - insights_from_google_pagespeed The Import CSV Files WordPress plugin through 1.0 does not sanitise and escaped imported data before outputting them back in a page, and is lacking CSRF check when performing such action as well, resulting in a Reflected Cross-Site Scripting Import_csv_files_project - import_csv_files The Discount Rules for WooCommerce WordPress plugin before 2.4.2 does not escape a parameter before outputting it back in an attribute of the plugin’s discount rule page, leading to Reflected Cross-Site Scripting The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not escape the $_SERVER parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers The CDI WordPress plugin before 5.1.9 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site ScriptingĬontact_form_7_captcha_project - contact_form_7_captcha It is possible to initiate the attack remotely.Ĭollect_and_deliver_interface_for_woocommerce_project - collect_and_deliver_interface_for_woocommerce The manipulation of the argument mcid with the input 4′ AND 1734=1734 AND ‘Ggks’=’Ggks leads to sql injection (Blind). This affects an unknown part of the file /mcategory.php. Because these accounts cannot be deactivated or have their passwords changed, they are considered to be backdoor accounts.Ī vulnerability was found in Itech Auction Script 6.49. The binary file /usr/local/sbin/webproject/set_param.cgi contains hardcoded credentials to the web application.
The webserver contains an endpoint that can execute arbitrary commands by manipulating the cmd_string URL parameter.Īn issue was discovered in Infiray IRAY-A8Z3 1.0.957.
#WINBOX 3.29 PASSWORD#
There is a blank root password for TELNET by default.Īn issue was discovered in Infiray IRAY-A8Z3 1.0.957. The firmware contains a potential buffer overflow by calling strcpy() without checking the string length beforehand.Īn issue was discovered in Infiray IRAY-A8Z3 1.0.957. An issue was discovered in Infiray IRAY-A8Z3 1.0.957.
0 kommentar(er)
