Buddypress Xprofile Custom Fields Type 2.6.3 Remote Code Execution

Exploit Title: Plugin Buddypress Xprofile Custom Fields Type 2.6.3 RCE a Unlink Date: 08/04/2018 Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/buddypress-xprofile-custom-fields-type/ Software Link: https://wordpress.org/plugins/buddypress-xprofile-custom-fields-type/...

Buddypress Xprofile Custom Fields Type 2.6.3 - Remote Code Execution

Buddypress Xprofile Custom Fields Type 2.6.3 - Remote Code Execution Exploit Title: Plugin Buddypress Xprofile Custom Fields Type 2.6.3 RCE – Unlink Date: 08/04/2018 Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/buddypress-xprofile-custom-fields-type/ Software Link:...

Buddypress Xprofile Custom Fields Type 2.6.3 - Remote Code Execution

Exploit Title: Plugin Buddypress Xprofile Custom Fields Type 2.6.3 RCE – Unlink Date: 08/04/2018 Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/buddypress-xprofile-custom-fields-type/ Software Link: https://wordpress.org/plugins/buddypress-xprofile-custom-fields-type/...

buddypress-xprofile-custom-fields-type 2.6.3 - Authenticated Arbitrary File Deletion

Type user access: any user registered used in BuddyPress. $POST 'field' . $fieldid . 'hiddenfile' is not escaped. $POST 'field' . $fieldid . 'deleteimg' is not escaped. Code File: wp-conent/plugin/buddypress-xprofile-custom-fields-type/bp-xprofile-custom-fields-type.php Lines: 452, 472, 496, 513,...

CVE-2017-16633

In Joomla! before 3.8.2, a logic bug in comfields exposed read-only information about a site's custom fields to unauthorized users...

CVE-2017-16633

In Joomla! before 3.8.2, a logic bug in comfields exposed read-only information about a site's custom fields to unauthorized users...

CVE-2017-16633

In Joomla! before 3.8.2, a logic bug in comfields exposed read-only information about a site's custom fields to unauthorized users...

Information disclosure

In Joomla! before 3.8.2, a logic bug in comfields exposed read-only information about a site's custom fields to unauthorized users...

CVE-2017-16633

In Joomla! before 3.8.2, a logic bug in comfields exposed read-only information about a site's custom fields to unauthorized users...

CVE-2017-12199

The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQL injection with these wp-admin/admin-ajax.php POST actions: catalogueupdateorder list-item, videoupdateorder video-item, imageupdateorder list-item, taggroupupdateorder listitem, categoryproductsupdateorder...

Cross site scripting

Cross-site scripting XSS vulnerability in the Webhammer WP Custom Fields Search plugin 0.3.28 for WordPress allows remote attackers to inject arbitrary JavaScript via the cs-all-0 parameter...

PT-2017-18908 · Webhammer · Webhammer Wp Custom Fields Search

Name of the Vulnerable Software and Affected Versions: Webhammer WP Custom Fields Search plugin version 0.3.28 Description: The issue is related to a cross-site scripting XSS vulnerability that allows remote attackers to inject arbitrary JavaScript code. This is achieved via the cs-all-0 paramete...

WP Custom Fields Search - Unauthenticated Reflected Cross-Site Scripting (XSS)

The WP Custom Fields Search WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability...

[20171103] - Core - Information Disclosure

A logic bug in comfields exposed read-only information about a site's custom fields to unauthorized users...

PT-2023-2058

Name of the Vulnerable Software and Affected Versions phpipam versions prior to 1.5.2 Description The issue is related to a lack of protection against SQL query structure manipulation in the app/admin/custom-fields/edit-result.php script of the phpipam web application for IP address management...

Atlassian JIRA 6.4.x < 6.4.10 CSRF / XSRF (Bar Mitzvah)

Binary data 9736.prm...

Joomla com_aicontactsafe Arbitrary File Upload / SQL injection Vulnerability

Exploit for php platform in category web applications Exploit Title : Joomla comaicontactsafe Arbitrary File Upload / SQL injection Vulnerability Exploit Author : xBADGIRL21 Dork : inurl:index.php?option=comaicontactsafe Software link :...

WordPress Theme Directory 2.0.16 Shell Upload

Exploit Title : Wordpress Theme Directory Arbitrary Shell Upload Vulnerability Exploit Author : xBADGIRL21 Dork : inurl:/wp-content/themes/Directory/ Vendor Homepage : https://templatic.com/ version : 2.0.16 - 2.0.14 & maybe high or lower Tested on: BackBox skype:xbadgirl21 Date: 15/08/2016 video...

WordPress Advanced Custom Fields Plugin <= 1.1.12 - Stored Cross Site Scripting

Because of this vulnerability, users can inject JavaScript into pages within /wp-admin/. Solution Upgrade the plugin...

Joomla AI Contact Safe 2.0.20 Shell Upload / SQL Injection

Exploit Title : Joomla comaicontactsafe Arbitrary File Upload / SQL injection Vulnerability Exploit Author : xBADGIRL21 Dork : inurl:index.php?option=comaicontactsafe Software link : http://www.algisinfo.com/en/download/category/1-free-extensions.html Vendor Homepage : http://www.algisinfo.com/...