762 matches found
CVE-2016-1000124
Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6...
Sql injection
Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6...
CVE-2016-1000124
Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6...
CVE-2016-1000124
CVE-2016-1000124 affects Joomla! Huge-IT Portfolio Gallery Plugin 1.0.6 with an unauthenticated SQL injection in ajax_url.php. The vulnerability stems from unsafely handling POST data (e.g., page, perpage, galleryid) enabling SQL injection. Documented exploitation references exist (Exploit-DB, 0d...
WordPress Photo Gallery Plugin Stored Cross-Site Vulnerability
WordPress is a blogging platform developed using the PHP language that allows users to set up their own websites on servers that support PHP and MySQL databases. A cross-site scripting vulnerability exists in the Photo Gallery plugin in WordPress version 1.8.5. The vulnerability is triggered by a...
WordPress Vertical Gallery Plugin - Cross Site Scripting
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...
Gallery Photo Gallery < 1.0.1 - SQL Injection
The Gallery – Photo Gallery WordPress plugin was affected by a SQL Injection security vulnerability...
CloudBees Jenkins CI Image Gallery Plugin Path Traversal Vulnerability
CloudBees Jenkins CI formerly known as Hudson Labs is a set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Jenkins CI Image Gallery is one of the workspace for reading and...
WordPress Robo Gallery Plugin remote Code Execution
A code execution vulnerability exists in WordPress Robo Gallery Plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Uber: DOM based XSS on
Possible Remote code execution DOM based XSS Vuln Jquery param : var strliID=jQuerylocation.attr'hash'; Target: Logged admin Go url https://drive.uber.com/melbourne/wp-admin/admin.php?page=Optionsgallerystyles" Solution : Upgrade latest version gallery plugin Your version v1.9.55 Test my localhos...
Input validation
lib/core.php in the Cool Video Gallery plugin 1.9 for WordPress allows remote attackers to execute arbitrary code via shell metacharacters in the "Width of preview image" and possibly other input fields in the "Video Gallery Settings" page...
Wordpress Cool Video Gallery plugin command injection vulnerability
WordPress is the WordPress Software Foundation's set of blogging platforms developed using the PHP language.Cool Video Gallery is one of the video gallery plugin. A command injection vulnerability exists in Wordpress Cool Video Gallery plugin version 1.9 and earlier. An attacker can use this...
Wordpress Contest Gallery plugin XSS Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress plugin contest-gallery XSS Vulnerability Software Link: https://wordpress.org/plugins/contest-gallery/ Version:2.03 Google dork: inurl:/wp-content/plugins/contest-gallery The code in...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in includes/metaboxes.php in the Gallery - Photo Albums - Portfolio plugin 1.3.47 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the 1 Media Title or 2 Media Subtitle fields...
CVE-2015-7386
Multiple cross-site scripting XSS vulnerabilities in includes/metaboxes.php in the Gallery - Photo Albums - Portfolio plugin 1.3.47 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the 1 Media Title or 2 Media Subtitle fields...
CVE-2015-5599
Multiple SQL injection vulnerabilities in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the 1 albumid or 2 name parameter...
Unrestricted file upload
Unrestricted file upload vulnerability in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploadfolder/big/...
CVE-2015-5681
Unrestricted file upload vulnerability in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploadfolder/big/...
CVE-2015-5599
CVE-2015-5599 affects the WordPress plugin Powerplay Gallery (plugin version 3.3 and earlier) with multiple SQL injection vulnerabilities in upload.php. Attackers could remotely execute arbitrary SQL commands via the albumid or name parameters, as described by multiple sources (NVD entry and asso...
CVE-2015-5681
CVE-2015-5681 affects the WordPress Powerplay Gallery plugin, version 3.3. It describes an unrestricted file upload vulnerability in upload.php that allows a remote attacker to upload a file with an executable extension and then access it via a direct request to the file in *_uploadfolder/big/, p...