Lucene search
+L

762 matches found

nvd
nvd
added 2016/10/06 2:59 p.m.17 views

CVE-2016-1000124

Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6...

9.8CVSS9.9AI score0.0255EPSS
Exploits9References4
prion
prion
added 2016/10/06 2:59 p.m.16 views

Sql injection

Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6...

7.5CVSS8.3AI score0.0255EPSS
Exploits9References4Affected Software1
cvelist
cvelist
added 2016/10/06 2:0 p.m.30 views

CVE-2016-1000124

Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6...

10AI score0.0255EPSS
Exploits9References4
cve
cve
added 2016/10/06 2:0 p.m.62 views

CVE-2016-1000124

CVE-2016-1000124 affects Joomla! Huge-IT Portfolio Gallery Plugin 1.0.6 with an unauthenticated SQL injection in ajax_url.php. The vulnerability stems from unsafely handling POST data (e.g., page, perpage, galleryid) enabling SQL injection. Documented exploitation references exist (Exploit-DB, 0d...

9.8CVSS9.8AI score0.0255EPSS
Exploits9References4Affected Software1
cnvd
cnvd
added 2016/08/16 12:0 a.m.1 views

WordPress Photo Gallery Plugin Stored Cross-Site Vulnerability

WordPress is a blogging platform developed using the PHP language that allows users to set up their own websites on servers that support PHP and MySQL databases. A cross-site scripting vulnerability exists in the Photo Gallery plugin in WordPress version 1.8.5. The vulnerability is triggered by a...

5.8AI score
Exploits0
patchstack
patchstack
added 2016/07/27 12:0 a.m.10 views

WordPress Vertical Gallery Plugin - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

2.4AI score
Exploits0References1Affected Software1
wpvulndb
wpvulndb
added 2016/07/11 12:0 a.m.16 views

Gallery Photo Gallery < 1.0.1 - SQL Injection

The Gallery – Photo Gallery WordPress plugin was affected by a SQL Injection security vulnerability...

7.5CVSS2.7AI score0.01815EPSS
Exploits0Affected Software1
cnvd
cnvd
added 2016/06/21 12:0 a.m.3 views

CloudBees Jenkins CI Image Gallery Plugin Path Traversal Vulnerability

CloudBees Jenkins CI formerly known as Hudson Labs is a set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Jenkins CI Image Gallery is one of the workspace for reading and...

6.5CVSS6.7AI score0.03005EPSS
Exploits0References1
checkpoint_advisories
checkpoint_advisories
added 2016/05/24 12:0 a.m.2 views

WordPress Robo Gallery Plugin remote Code Execution

A code execution vulnerability exists in WordPress Robo Gallery Plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

5.5AI score
Exploits0
hackerone
hackerone
added 2016/05/19 9:27 p.m.106 views

Uber: DOM based XSS on

Possible Remote code execution DOM based XSS Vuln Jquery param : var strliID=jQuerylocation.attr'hash'; Target: Logged admin Go url https://drive.uber.com/melbourne/wp-admin/admin.php?page=Optionsgallerystyles" Solution : Upgrade latest version gallery plugin Your version v1.9.55 Test my localhos...

1.5AI score
Exploits0
prion
prion
added 2015/12/17 7:59 p.m.13 views

Input validation

lib/core.php in the Cool Video Gallery plugin 1.9 for WordPress allows remote attackers to execute arbitrary code via shell metacharacters in the "Width of preview image" and possibly other input fields in the "Video Gallery Settings" page...

7.5CVSS8.5AI score0.05232EPSS
Exploits3References6Affected Software1
cnvd
cnvd
added 2015/12/17 12:0 a.m.9 views

Wordpress Cool Video Gallery plugin command injection vulnerability

WordPress is the WordPress Software Foundation's set of blogging platforms developed using the PHP language.Cool Video Gallery is one of the video gallery plugin. A command injection vulnerability exists in Wordpress Cool Video Gallery plugin version 1.9 and earlier. An attacker can use this...

7.5CVSS8.1AI score0.05232EPSS
Exploits3References1
zdt
zdt
added 2015/12/01 12:0 a.m.21 views

Wordpress Contest Gallery plugin XSS Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress plugin contest-gallery XSS Vulnerability Software Link: https://wordpress.org/plugins/contest-gallery/ Version:2.03 Google dork: inurl:/wp-content/plugins/contest-gallery The code in...

7.1AI score
Exploits0
prion
prion
added 2015/09/28 3:59 p.m.14 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in includes/metaboxes.php in the Gallery - Photo Albums - Portfolio plugin 1.3.47 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the 1 Media Title or 2 Media Subtitle fields...

3.5CVSS5.8AI score0.01242EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2015/09/28 3:0 p.m.21 views

CVE-2015-7386

Multiple cross-site scripting XSS vulnerabilities in includes/metaboxes.php in the Gallery - Photo Albums - Portfolio plugin 1.3.47 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the 1 Media Title or 2 Media Subtitle fields...

5.5AI score0.01242EPSS
Exploits1References2
nvd
nvd
added 2015/08/18 3:59 p.m.15 views

CVE-2015-5599

Multiple SQL injection vulnerabilities in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the 1 albumid or 2 name parameter...

7.5CVSS8.6AI score0.03166EPSS
Exploits1References4
prion
prion
added 2015/08/18 3:59 p.m.12 views

Unrestricted file upload

Unrestricted file upload vulnerability in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploadfolder/big/...

7.5CVSS8.3AI score0.04811EPSS
Exploits1References5Affected Software1
cvelist
cvelist
added 2015/08/18 3:0 p.m.24 views

CVE-2015-5681

Unrestricted file upload vulnerability in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploadfolder/big/...

7.7AI score0.04811EPSS
Exploits1References5
cve
cve
added 2015/08/18 3:0 p.m.42 views

CVE-2015-5599

CVE-2015-5599 affects the WordPress plugin Powerplay Gallery (plugin version 3.3 and earlier) with multiple SQL injection vulnerabilities in upload.php. Attackers could remotely execute arbitrary SQL commands via the albumid or name parameters, as described by multiple sources (NVD entry and asso...

7.5CVSS8.9AI score0.03166EPSS
Exploits1References4Affected Software1
cve
cve
added 2015/08/18 3:0 p.m.53 views

CVE-2015-5681

CVE-2015-5681 affects the WordPress Powerplay Gallery plugin, version 3.3. It describes an unrestricted file upload vulnerability in upload.php that allows a remote attacker to upload a file with an executable extension and then access it via a direct request to the file in *_uploadfolder/big/, p...

7.5CVSS8AI score0.04811EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder