70 matches found
CVE-2015-5609
Absolute path traversal vulnerability in the Image Export plugin 1.1 for WordPress allows remote attackers to read and delete arbitrary files via a full pathname in the file parameter to download.php...
CVE-2015-5609
The CVE-2015-5609 entry describes an absolute path traversal in the WordPress Image Export plugin 1.1, allowing remote attackers to read and delete arbitrary files via a full pathname passed to download.php. Affected component is the WordPress Image Export plugin (version 1.1); root cause is a pa...
CVE-2016-9465
Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification o...
CVE-2016-9465
Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification o...
Cross site scripting
Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification o...
CVE-2016-9465
Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification o...
CVE-2016-9465
Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification o...
CVE-2016-9465
CVE-2016-9465 affects Nextcloud Server < 10.0.1 and ownCloud Server
Stored XSS in CardDAV image export - ownCloud
The CardDAV image export functionality as implemented in ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification on the image content this is prone to a stored Cross-Site Scripting attack. Note:ownCloud employs a very strict Content Security...
Server: Stored XSS in CardDAV image export
The CardDAV image export functionality as implemented in ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification on the image content this is prone to a stored Cross-Site Scripting attack. Note:ownCloud employs a very strict Content Security...
Stored XSS in CardDAV image export (NC-SA-2016-008)
The CardDAV image export functionality as implemented in Nextcloud allows the download of images stored within a vCard. Due to not performing any kind of verification on the image content this is prone to a stored Cross-Site Scripting attack.Note: Nextcloud employs a very strict Content Security...
WordPress Plugin Image Export local file inclusion vulnerability
No description provided by source...
WordPress Plugin Image Export Local File Leakage Vulnerability
WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A local file disclosure vulnerability exists in the WordPress plugin Image Export 'download/php'. An attacker...
WordPress Image Export Directory Traversal Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescription...
WordPress Plugin Image Export 1.1.0 - Arbitrary File Disclosure
WordPress Plugin Image Export 1.1.0 - Arbitrary File Disclosure Exploit Title: Wordpress image-export LFD Date: 03/21/2016 Exploit Author: AMAR^SHG Vendor Homepage: http://www.1efthander.com Software Link: http://www.1efthander.com/category/wordpress-plugins/image-export Version: Everything is...
WordPress Image Export Plugin 1.1.0 - Arbitrary File Disclosure
An attacker can access wp-config.php and get database credentials. Vulnerability exists in download.php file: localhost/wp/wp-content/plugins/image-export/download.php?file=../../../wp-config.php. Solution Upgrade the plugin...
WordPress Plugin Image Export 1.1.0 - Arbitrary File Disclosure
Exploit Title: Wordpress image-export LFD Date: 03/21/2016 Exploit Author: AMAR^SHG Vendor Homepage: http://www.1efthander.com Software Link: http://www.1efthander.com/category/wordpress-plugins/image-export Version: Everything is affected including latest 1.1.0 Tested on: Windows/Unix on localho...
WordPress image-export plugin 'download.php' arbitrary file download vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress image-export 1.1 and other versions have a security vulnerability in the implementation of 'download.php', which...
WordPress Image Export 1.1 Arbitrary File Download Vulnerability
WordPress Image Export plugin version 1.1 suffers from an arbitrary file download vulnerability. Title: Remote file download vulnerability in Wordpress Plugin image-export v1.1 Author: Larry W. Cashdollar, @larry0 Date: 2015-07-01 Download Site: https://wordpress.org/plugins/image-export Vendor:...
WordPress Image Export 1.1 Arbitrary File Download
Title: Remote file download vulnerability in Wordpress Plugin image-export v1.1 Author: Larry W. Cashdollar, @larry0 Date: 2015-07-01 Download Site: https://wordpress.org/plugins/image-export Vendor: www.1efthander.com Vendor Notified: 2015-07-05 Vendor Contact: https://twitter.com/1eftHander...