Lucene search
+L

70 matches found

Cvelist
Cvelist
added 2017/05/23 3:56 a.m.19 views

CVE-2015-5609

Absolute path traversal vulnerability in the Image Export plugin 1.1 for WordPress allows remote attackers to read and delete arbitrary files via a full pathname in the file parameter to download.php...

9.2AI score0.03207EPSS
Exploits1References3
CVE
CVE
added 2017/05/23 3:56 a.m.45 views

CVE-2015-5609

The CVE-2015-5609 entry describes an absolute path traversal in the WordPress Image Export plugin 1.1, allowing remote attackers to read and delete arbitrary files via a full pathname passed to download.php. Affected component is the WordPress Image Export plugin (version 1.1); root cause is a pa...

9.1CVSS9.1AI score0.03207EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2017/03/28 2:59 a.m.19 views

CVE-2016-9465

Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification o...

5.4CVSS5.2AI score0.01118EPSS
Exploits1References6
OSV
OSV
added 2017/03/28 2:59 a.m.8 views

CVE-2016-9465

Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification o...

5.4CVSS5.1AI score
Exploits0References6
Prion
Prion
added 2017/03/28 2:59 a.m.17 views

Cross site scripting

Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification o...

3.5CVSS5.3AI score0.01118EPSS
Exploits1References6Affected Software2
UbuntuCve
UbuntuCve
added 2017/03/28 2:59 a.m.27 views

CVE-2016-9465

Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification o...

5.4CVSS6.1AI score0.01118EPSS
Exploits1References7
Cvelist
Cvelist
added 2017/03/28 2:46 a.m.30 views

CVE-2016-9465

Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification o...

5.4AI score0.01118EPSS
Exploits1References6
CVE
CVE
added 2017/03/28 2:46 a.m.55 views

CVE-2016-9465

CVE-2016-9465 affects Nextcloud Server < 10.0.1 and ownCloud Server

5.4CVSS5.2AI score0.01118EPSS
Exploits1References6Affected Software2
OwnCloud
OwnCloud
added 2016/11/10 7:9 p.m.488 views

Stored XSS in CardDAV image export - ownCloud

The CardDAV image export functionality as implemented in ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification on the image content this is prone to a stored Cross-Site Scripting attack. Note:ownCloud employs a very strict Content Security...

5.8AI score
Exploits0Affected Software1
OwnCloud
OwnCloud
added 2016/11/10 11:59 a.m.492 views

Server: Stored XSS in CardDAV image export

The CardDAV image export functionality as implemented in ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification on the image content this is prone to a stored Cross-Site Scripting attack. Note:ownCloud employs a very strict Content Security...

5.9AI score
Exploits0Affected Software1
Nextcloud
Nextcloud
added 2016/10/10 12:0 a.m.25 views

Stored XSS in CardDAV image export (NC-SA-2016-008)

The CardDAV image export functionality as implemented in Nextcloud allows the download of images stored within a vCard. Due to not performing any kind of verification on the image content this is prone to a stored Cross-Site Scripting attack.Note: Nextcloud employs a very strict Content Security...

3.5CVSS1.3AI score0.01118EPSS
Exploits1Affected Software1
seebug.org
seebug.org
added 2016/09/27 12:0 a.m.13 views

WordPress Plugin Image Export local file inclusion vulnerability

No description provided by source...

7.1AI score
Exploits0
CNVD
CNVD
added 2016/09/23 12:0 a.m.3 views

WordPress Plugin Image Export Local File Leakage Vulnerability

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A local file disclosure vulnerability exists in the WordPress plugin Image Export 'download/php'. An attacker...

6.3AI score
Exploits0References1
OpenVAS
OpenVAS
added 2016/04/01 12:0 a.m.9 views

WordPress Image Export Directory Traversal Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescription...

7.2AI score
Exploits0References1
exploitpack
exploitpack
added 2016/03/21 12:0 a.m.9 views

WordPress Plugin Image Export 1.1.0 - Arbitrary File Disclosure

WordPress Plugin Image Export 1.1.0 - Arbitrary File Disclosure Exploit Title: Wordpress image-export LFD Date: 03/21/2016 Exploit Author: AMAR^SHG Vendor Homepage: http://www.1efthander.com Software Link: http://www.1efthander.com/category/wordpress-plugins/image-export Version: Everything is...

0.1AI score
Exploits0
Patchstack
Patchstack
added 2016/03/21 12:0 a.m.16 views

WordPress Image Export Plugin 1.1.0 - Arbitrary File Disclosure

An attacker can access wp-config.php and get database credentials. Vulnerability exists in download.php file: localhost/wp/wp-content/plugins/image-export/download.php?file=../../../wp-config.php. Solution Upgrade the plugin...

3.4AI score
Exploits0References1Affected Software1
Exploit DB
Exploit DB
added 2016/03/21 12:0 a.m.38 views

WordPress Plugin Image Export 1.1.0 - Arbitrary File Disclosure

Exploit Title: Wordpress image-export LFD Date: 03/21/2016 Exploit Author: AMAR^SHG Vendor Homepage: http://www.1efthander.com Software Link: http://www.1efthander.com/category/wordpress-plugins/image-export Version: Everything is affected including latest 1.1.0 Tested on: Windows/Unix on localho...

7.4AI score
Exploits0
CNVD
CNVD
added 2015/07/24 12:0 a.m.3 views

WordPress image-export plugin 'download.php' arbitrary file download vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress image-export 1.1 and other versions have a security vulnerability in the implementation of 'download.php', which...

9.1CVSS8.9AI score0.03207EPSS
Exploits1References1
0day.today
0day.today
added 2015/07/14 12:0 a.m.24 views

WordPress Image Export 1.1 Arbitrary File Download Vulnerability

WordPress Image Export plugin version 1.1 suffers from an arbitrary file download vulnerability. Title: Remote file download vulnerability in Wordpress Plugin image-export v1.1 Author: Larry W. Cashdollar, @larry0 Date: 2015-07-01 Download Site: https://wordpress.org/plugins/image-export Vendor:...

7.2AI score
Exploits0
Packet Storm
Packet Storm
added 2015/07/14 12:0 a.m.21 views

WordPress Image Export 1.1 Arbitrary File Download

Title: Remote file download vulnerability in Wordpress Plugin image-export v1.1 Author: Larry W. Cashdollar, @larry0 Date: 2015-07-01 Download Site: https://wordpress.org/plugins/image-export Vendor: www.1efthander.com Vendor Notified: 2015-07-05 Vendor Contact: https://twitter.com/1eftHander...

7AI score
Exploits0
Rows per page
Query Builder