Lucene search
K

1339 matches found

Exploit DB
Exploit DB
added 2014/11/24 12:0 a.m.23 views

WordPress Plugin wpDataTables 1.5.3 - SQL Injection

Exploit Title : Wordpress wpDataTables 1.5.3 and below SQL Injection Vulnerability Exploit Author : Claudio Viviani Software Link : http://wpdatatables.com Premium Date : 2014-11-22 Tested on : Windows 7 / Mozilla Firefox Windows 7 / sqlmap 0.8-1 Linux / Mozilla Firefox Linux / sqlmap...

7.4AI score
Exploits0
0day.today
0day.today
added 2014/11/23 12:0 a.m.26 views

Wordpress wpDataTables 1.5.3 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title : Wordpress wpDataTables 1.5.3 and below SQL Injection Vulnerability Exploit Author : Claudio Viviani Software Link : http://wpdatatables.com Premium Date : 2014-11-22 Tested on : Windows 7 / Mozilla Firefox Windows 7 / sqlmap...

7.1AI score
Exploits0
0day.today
0day.today
added 2014/11/21 12:0 a.m.30 views

WordPress SP Client Document Manager 2.4.1 SQL Injection Vulnerability

WordPress SP Client Document Manager plugin version 2.4.1 suffers from multiple remote SQL injection vulnerabilities. Vulnerability title: Multiple SQL Injection in SP Client Document Manager plugin Plugin: SP Client Document Manager Vendor: http://smartypantsplugins.com Product:...

8.3AI score
Exploits0
exploitpack
exploitpack
added 2014/11/19 12:0 a.m.55 views

WordPress Plugin Paid Memberships Pro 1.7.14.2 - Directory Traversal

WordPress Plugin Paid Memberships Pro 1.7.14.2 - Directory Traversal Exploit Title: Paid Memberships Pro 1.7.14.2 Path Traversal Date: 14-10-2014 Exploit Author: Kacper Szurek - http://security.szurek.pl Software Link: https://downloads.wordpress.org/plugin/paid-memberships-pro.1.7.14.2.zip...

5CVSS0.18028EPSS
Exploits5
Exploit DB
Exploit DB
added 2014/11/19 12:0 a.m.33 views

WordPress Plugin Paid Memberships Pro 1.7.14.2 - Directory Traversal

Exploit Title: Paid Memberships Pro 1.7.14.2 Path Traversal Date: 14-10-2014 Exploit Author: Kacper Szurek - http://security.szurek.pl Software Link: https://downloads.wordpress.org/plugin/paid-memberships-pro.1.7.14.2.zip Category: webapps CVE: CVE-2014-8801 1. Description getfile.php is...

5CVSS6.5AI score0.18028EPSS
Exploits5
Prion
Prion
added 2014/10/21 2:55 p.m.15 views

Sql injection

SQL injection vulnerability in GBgallery.php in the GB Gallery Slideshow plugin 1.5 for WordPress allows remote administrators to execute arbitrary SQL commands via the selectedgroup parameter in a gbajaxgetgroup action to wp-admin/admin-ajax.php...

6.5CVSS9.1AI score0.0323EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2014/10/21 2:0 p.m.43 views

CVE-2014-8375

GB Gallery Slideshow WordPress plugin 1.5 contains a SQL injection vulnerability in GBgallery.php. The issue is exploitable via the selected_group parameter in the gb_ajax_get_group action called through wp-admin/admin-ajax.php, allowing remote attackers (with appropriate privileges) to execute a...

6.5CVSS8.7AI score0.0323EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2014/10/20 2:55 p.m.21 views

Sql injection

Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 return, 2 display, 3 table, or 4 search parameter to functions/suggest.php; 5 the id parameter to functions/widgets.php, 6 the category parameter to...

7.5CVSS9.1AI score0.015EPSS
Exploits5References7Affected Software1
Prion
Prion
added 2014/10/16 7:55 p.m.23 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Google Calendar Events plugin before 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gcefeedids parameter in a gceajax action to wp-admin/admin-ajax.php...

4.3CVSS6.2AI score0.02388EPSS
Exploits3References7Affected Software1
Cvelist
Cvelist
added 2014/10/16 7:0 p.m.41 views

CVE-2014-7138

Cross-site scripting XSS vulnerability in the Google Calendar Events plugin before 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gcefeedids parameter in a gceajax action to wp-admin/admin-ajax.php...

5.7AI score0.02388EPSS
Exploits3References7
NVD
NVD
added 2014/10/10 2:55 p.m.29 views

CVE-2014-6315

Multiple cross-site scripting XSS vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 callback, 2 dir, or 3 extensions parameter in an addImages action to wp-admin/admin-ajax.php...

4.3CVSS5.8AI score0.02374EPSS
Exploits3References7
Prion
Prion
added 2014/10/10 2:55 p.m.17 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 callback, 2 dir, or 3 extensions parameter in an addImages action to wp-admin/admin-ajax.php...

4.3CVSS6.1AI score0.02374EPSS
Exploits3References7Affected Software1
Cvelist
Cvelist
added 2014/10/10 2:0 p.m.36 views

CVE-2014-6315

Multiple cross-site scripting XSS vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 callback, 2 dir, or 3 extensions parameter in an addImages action to wp-admin/admin-ajax.php...

5.8AI score0.02374EPSS
Exploits3References7
Check Point Advisories
Check Point Advisories
added 2014/10/05 12:0 a.m.45 views

OpenSIS ajax.php modname Code Execution (CVE-2013-1349)

A remote code execution vulnerability has been reported in OpenSIS. The vulnerability is due to insufficient validation of modname parameter while parsing requests to ajax.php module. A remote attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable server...

7.5CVSS6.4AI score0.23322EPSS
Exploits6
NVD
NVD
added 2014/09/26 9:55 p.m.14 views

CVE-2014-7152

Cross-site scripting XSS vulnerability in the Easy MailChimp Forms plugin 3.0 through 5.0.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the updateoptions action to wp-admin/admin-ajax.php...

4.3CVSS5.8AI score0.0195EPSS
Exploits1References2
Prion
Prion
added 2014/09/26 9:55 p.m.12 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Easy MailChimp Forms plugin 3.0 through 5.0.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the updateoptions action to wp-admin/admin-ajax.php...

4.3CVSS6.2AI score0.0195EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2014/09/26 9:0 p.m.22 views

CVE-2014-7152

Cross-site scripting XSS vulnerability in the Easy MailChimp Forms plugin 3.0 through 5.0.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the updateoptions action to wp-admin/admin-ajax.php...

5.8AI score0.0195EPSS
Exploits1References2
Web Security Log
Web Security Log
added 2014/09/21 8:30 a.m.20 views

Nokia Web Security Bug Reward: Directory Traversal / Local File inclusion Vulnerability

Little Insight: Well this is my first Directory Traversal Vulnerability / Local File inclusion Vulnerability which I spotted in http://conversations.nokia.com Report Date : 5th march 2014 Reward For Directory Traversal Vulnerability : Nokia Lumia 925Phone How This Work when i was testing it was...

7.1AI score
Exploits0
0day.today
0day.today
added 2014/09/18 12:0 a.m.24 views

WordPress Theme !LesPaul Arbitrary File Download Vulnerability

Exploit for php platform in category web applications Exploit Title : WordPress Theme !LesPaul Arbitrary File Download Vulnerability Exploit Author : NULLPointer Date : 18/09/2014 Vendor Homepage: http://themes.webmandesign.eu/lespaul/ Version: 1.3 Google Dork : inurl:"/wp-content/themes/lespaul/...

7.1AI score
Exploits0
0day.today
0day.today
added 2014/09/18 12:0 a.m.18 views

WordPress Theme Forall Arbitrary File Download Vulnerability

WordPress Theme forall suffers from Arbitrary File Download Vulnerability Exploit : http://127.0.0.1/wp-admin/admin-ajax.php?action=revslidershowimage&img=LFD Google Dork : inurl:wp-content/themes/forall Demo:...

7AI score
Exploits0
Rows per page
Query Builder