1339 matches found
WordPress Plugin wpDataTables 1.5.3 - SQL Injection
Exploit Title : Wordpress wpDataTables 1.5.3 and below SQL Injection Vulnerability Exploit Author : Claudio Viviani Software Link : http://wpdatatables.com Premium Date : 2014-11-22 Tested on : Windows 7 / Mozilla Firefox Windows 7 / sqlmap 0.8-1 Linux / Mozilla Firefox Linux / sqlmap...
Wordpress wpDataTables 1.5.3 SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title : Wordpress wpDataTables 1.5.3 and below SQL Injection Vulnerability Exploit Author : Claudio Viviani Software Link : http://wpdatatables.com Premium Date : 2014-11-22 Tested on : Windows 7 / Mozilla Firefox Windows 7 / sqlmap...
WordPress SP Client Document Manager 2.4.1 SQL Injection Vulnerability
WordPress SP Client Document Manager plugin version 2.4.1 suffers from multiple remote SQL injection vulnerabilities. Vulnerability title: Multiple SQL Injection in SP Client Document Manager plugin Plugin: SP Client Document Manager Vendor: http://smartypantsplugins.com Product:...
WordPress Plugin Paid Memberships Pro 1.7.14.2 - Directory Traversal
WordPress Plugin Paid Memberships Pro 1.7.14.2 - Directory Traversal Exploit Title: Paid Memberships Pro 1.7.14.2 Path Traversal Date: 14-10-2014 Exploit Author: Kacper Szurek - http://security.szurek.pl Software Link: https://downloads.wordpress.org/plugin/paid-memberships-pro.1.7.14.2.zip...
WordPress Plugin Paid Memberships Pro 1.7.14.2 - Directory Traversal
Exploit Title: Paid Memberships Pro 1.7.14.2 Path Traversal Date: 14-10-2014 Exploit Author: Kacper Szurek - http://security.szurek.pl Software Link: https://downloads.wordpress.org/plugin/paid-memberships-pro.1.7.14.2.zip Category: webapps CVE: CVE-2014-8801 1. Description getfile.php is...
Sql injection
SQL injection vulnerability in GBgallery.php in the GB Gallery Slideshow plugin 1.5 for WordPress allows remote administrators to execute arbitrary SQL commands via the selectedgroup parameter in a gbajaxgetgroup action to wp-admin/admin-ajax.php...
CVE-2014-8375
GB Gallery Slideshow WordPress plugin 1.5 contains a SQL injection vulnerability in GBgallery.php. The issue is exploitable via the selected_group parameter in the gb_ajax_get_group action called through wp-admin/admin-ajax.php, allowing remote attackers (with appropriate privileges) to execute a...
Sql injection
Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 return, 2 display, 3 table, or 4 search parameter to functions/suggest.php; 5 the id parameter to functions/widgets.php, 6 the category parameter to...
Cross site scripting
Cross-site scripting XSS vulnerability in the Google Calendar Events plugin before 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gcefeedids parameter in a gceajax action to wp-admin/admin-ajax.php...
CVE-2014-7138
Cross-site scripting XSS vulnerability in the Google Calendar Events plugin before 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gcefeedids parameter in a gceajax action to wp-admin/admin-ajax.php...
CVE-2014-6315
Multiple cross-site scripting XSS vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 callback, 2 dir, or 3 extensions parameter in an addImages action to wp-admin/admin-ajax.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 callback, 2 dir, or 3 extensions parameter in an addImages action to wp-admin/admin-ajax.php...
CVE-2014-6315
Multiple cross-site scripting XSS vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 callback, 2 dir, or 3 extensions parameter in an addImages action to wp-admin/admin-ajax.php...
OpenSIS ajax.php modname Code Execution (CVE-2013-1349)
A remote code execution vulnerability has been reported in OpenSIS. The vulnerability is due to insufficient validation of modname parameter while parsing requests to ajax.php module. A remote attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable server...
CVE-2014-7152
Cross-site scripting XSS vulnerability in the Easy MailChimp Forms plugin 3.0 through 5.0.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the updateoptions action to wp-admin/admin-ajax.php...
Cross site scripting
Cross-site scripting XSS vulnerability in the Easy MailChimp Forms plugin 3.0 through 5.0.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the updateoptions action to wp-admin/admin-ajax.php...
CVE-2014-7152
Cross-site scripting XSS vulnerability in the Easy MailChimp Forms plugin 3.0 through 5.0.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the updateoptions action to wp-admin/admin-ajax.php...
Nokia Web Security Bug Reward: Directory Traversal / Local File inclusion Vulnerability
Little Insight: Well this is my first Directory Traversal Vulnerability / Local File inclusion Vulnerability which I spotted in http://conversations.nokia.com Report Date : 5th march 2014 Reward For Directory Traversal Vulnerability : Nokia Lumia 925Phone How This Work when i was testing it was...
WordPress Theme !LesPaul Arbitrary File Download Vulnerability
Exploit for php platform in category web applications Exploit Title : WordPress Theme !LesPaul Arbitrary File Download Vulnerability Exploit Author : NULLPointer Date : 18/09/2014 Vendor Homepage: http://themes.webmandesign.eu/lespaul/ Version: 1.3 Google Dork : inurl:"/wp-content/themes/lespaul/...
WordPress Theme Forall Arbitrary File Download Vulnerability
WordPress Theme forall suffers from Arbitrary File Download Vulnerability Exploit : http://127.0.0.1/wp-admin/admin-ajax.php?action=revslidershowimage&img=LFD Google Dork : inurl:wp-content/themes/forall Demo:...