| Reporter | Title | Published | Views | Family All 17 |
|---|---|---|---|---|
| Wordpress VideoWhisper 4.27.3 - Multiple Vulnerabilities | 28 Feb 201400:00 | – | zdt | |
| CVE-2014-1905 | 5 Oct 201802:25 | – | circl | |
| WordPress VideoWhisper Live Streaming Integration Plugin Unrestricted File Upload (CVE-2014-1905) | 6 Jan 201500:00 | – | checkpoint_advisories | |
| CVE-2014-1905 | 29 Dec 201420:00 | – | cvelist | |
| WordPress Plugin VideoWhisper 4.27.3 - Multiple Vulnerabilities | 28 Feb 201400:00 | – | exploitdb | |
| WordPress Plugin VideoWhisper 4.27.3 - Multiple Vulnerabilities | 28 Feb 201400:00 | – | exploitpack | |
| Multiple Vulnerabilities in VideoWhisper Live Streaming Integration WP Plugin | 6 Feb 201400:00 | – | htbridge | |
| CVE-2014-1905 | 29 Dec 201420:59 | – | nvd | |
| WordPress VideoWhisper Live Streaming Integration Multiple Vulnerabilities | 1 Apr 201400:00 | – | openvas | |
| VideoWhisper Live Streaming Integration 4.27.3 XSS / Shell Upload / Traversal | 27 Feb 201400:00 | – | packetstorm |
| Source | Link |
|---|---|
| htbridge | www.htbridge.com/advisory/HTB23199 |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| file | upload data | wp-content/plugins/videowhisper-live-streaming-integration/ls/vw_snapshots.php | Unrestricted file upload leads to arbitrary PHP code execution via uploaded file with double extension | CWE-77 |
| filename | upload data | wp-content/plugins/videowhisper-live-streaming-integration/ls/vw_snapshots.php | Unrestricted file upload leads to arbitrary PHP code execution via uploaded file with double extension | CWE-77 |
| extension | upload data | wp-content/plugins/videowhisper-live-streaming-integration/ls/vw_snapshots.php | Unrestricted file upload leads to arbitrary PHP code execution via uploaded file with double extension | CWE-77 |
| m | request body | wp-content/plugins/videowhisper-live-streaming-integration/ls/lb_status.php | XSS via insufficient filtration of POST parameter m (and related ct) leading to injected HTML/JS | CWE-77 |
| u | request body | wp-content/plugins/videowhisper-live-streaming-integration/ls/lb_status.php | XSS via insufficient filtration of POST parameter m (and related ct) leading to injected HTML/JS | CWE-77 |
| r | request body | wp-content/plugins/videowhisper-live-streaming-integration/ls/lb_status.php | XSS via insufficient filtration of POST parameter m (and related ct) leading to injected HTML/JS | CWE-77 |
| ct | request body | wp-content/plugins/videowhisper-live-streaming-integration/ls/lb_status.php | XSS via insufficient filtration of POST parameter m (and related ct) leading to injected HTML/JS | CWE-77 |
| msg | request body | wp-content/plugins/videowhisper-live-streaming-integration/ls/vc_chatlog.php | XSS via insufficient filtration of POST parameter msg allowing injected HTML/JS | CWE-77 |
| r | request body | wp-content/plugins/videowhisper-live-streaming-integration/ls/vc_chatlog.php | XSS via insufficient filtration of POST parameter msg allowing injected HTML/JS | CWE-77 |
| n | query param | wp-content/plugins/videowhisper-live-streaming-integration/ls/channel.php | XSS/path traversal risk via GET parameter n in channel.php | CWE-77 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation