Lucene search
K

318 matches found

Patchstack
Patchstack
added 2021/04/22 12:0 a.m.12 views

WordPress Visitor Traffic Real Time Statistics plugin <= 2.11 - Arbitrary Plugin Installation and Activation vulnerability

Arbitrary Plugin Installation and Activation vulnerability discovered by Bugbang in WordPress Visitor Traffic Real Time Statistics plugin versions = 2.11. Solution Update the WordPress Visitor Traffic Real Time Statistics plugin to the latest available version at least 2.12...

3.6AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2021/04/22 12:0 a.m.12 views

WordPress Captchinoo, Google recaptcha for admin login page plugin <= 2.3 - Arbitrary Plugin Installation and Activation vulnerability

Arbitrary Plugin Installation and Activation vulnerability discovered by Bugbang in WordPress Captchinoo, Google recaptcha for admin login page plugin versions = 2.3. Solution This plugin has been closed as of March 23, 2021 and is not available for download. This closure is temporary, pending a...

2.1AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2021/04/22 12:0 a.m.12 views

WordPress Login Protection – Limit Failed Login Attempts plugin <= 2.8 - Arbitrary Plugin Installation and Activation vulnerability

Arbitrary Plugin Installation and Activation vulnerability discovered by Bugbang in WordPress Login Protection – Limit Failed Login Attempts plugin versions = 2.8. Solution Update the WordPress Login Protection – Limit Failed Login Attempts plugin to the latest available version at least 2.9...

3.6AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2021/04/22 12:0 a.m.26 views

WordPress WP Maintenance Mode & Site Under Construction plugin <= 1.8.1 - Arbitrary Plugin Installation and Activation vulnerability

Arbitrary Plugin Installation and Activation vulnerability discovered by Bugbang in WordPress WP Maintenance Mode & Site Under Construction plugin versions = 1.8.1. Solution Update the WordPress WP Maintenance Mode & Site Under Construction plugin to the latest available version at least 1.8.2...

8.8CVSS4.2AI score0.01311EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2021/02/08 12:0 a.m.9 views

Extra Charges To Payment Gateway For WooCommerce <= 2.0.2.1 - Unauthorised Arbitrary Plugin Settings Change to Stored XSS

The addformfields method, hooked to the adminhead action is lacking any CSRF and capability checks, allowing low privilege users to arbitrary update those settings, and set XSS payloads in them as well, which could lead to privilege escalation. Unauthenticated users could also make a logged in us...

2.6AI score
Exploits0References2Affected Software1
wpexploit
wpexploit
added 2020/09/22 12:0 a.m.50 views

Ninja Forms < 3.4.27.1 - CSRF leading to Arbitrary Plugin Installation

The plugin is affected by a Cross-Site Request Forgery CSRF which could allow attackers to make a logged administrator install an arbitrary plugin from the WordPress repository. http://example.com/wp-admin/admin-ajax.php?action=nfservicesinstall&plugin=wpscan&installpath=wpscan/wpscan.php...

4.3CVSS4.3AI score0.00593EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2020/09/22 12:0 a.m.23 views

Ninja Forms < 3.4.27.1 - CSRF leading to Arbitrary Plugin Installation

The plugin is affected by a Cross-Site Request Forgery CSRF which could allow attackers to make a logged administrator install an arbitrary plugin from the WordPress repository. PoC http://example.com/wp-admin/admin-ajax.php?action=nfservicesinstall=wpscanpath=wpscan/wpscan.php...

4.3CVSS3.4AI score0.00593EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2020/01/02 12:0 a.m.11 views

WordPress Photo Gallery – Image Gallery by Ape plugin <= 2.0.6 - Authenticated Arbitrary plugin deactivation

Authenticated Arbitrary plugin deactivation found by Jerome Bruandet in WordPress Photo Gallery – Image Gallery by Ape plugin versions = 2.0.6. Solution Update the WordPress Photo Gallery – Image Gallery by Ape plugin to the latest available version at least 2.0.7...

4.1AI score
Exploits0References1Affected Software1
OSV
OSV
added 2018/06/16 1:29 a.m.3 views

CVE-2018-11221

Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin via include/ajax/updatemanager.ajax in the update system...

9.8CVSS5.9AI score0.05023EPSS
Exploits0References2
Prion
Prion
added 2018/06/16 1:29 a.m.14 views

Unrestricted file upload

Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin via include/ajax/updatemanager.ajax in the update system...

7.5CVSS9.4AI score0.05023EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/06/15 9:0 p.m.17 views

CVE-2018-11221

Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin via include/ajax/updatemanager.ajax in the update system...

9.5AI score0.05023EPSS
Exploits0References2
CNVD
CNVD
added 2018/03/27 12:0 a.m.3 views

Ajenti Arbitrary Plugin Download Vulnerability

Ajenti is a Web-based open source server management system developed by Belarusian software developer Eugene Pankov. The system comes with a variety of pre-built plug-ins for configuring and monitoring server software and services such as Apache, scheduled tasks Cron and so on. A security...

6.5CVSS6.9AI score0.00696EPSS
Exploits1References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/05/11 12:0 a.m.35 views

JVN#41772178: Apache Cordova vulnerable to arbitrary plugin execution

Apache Cordova provided by the Apache Software Foundation is a framework for creating mobile applications for various platforms. iOS applications built using Apache Cordova contain a vulnerability where arbitrary plugins may be executed. Impact Accessing a specially crafted URL may result in...

4.4CVSS4.6AI score0.04623EPSS
Exploits0
Cvelist
Cvelist
added 2016/05/09 8:0 p.m.28 views

CVE-2015-5208

Apache Cordova iOS before 4.0.0 allows remote attackers to execute arbitrary plugins via a link...

5.1AI score0.04623EPSS
Exploits0References6
exploitpack
exploitpack
added 2005/02/14 12:0 a.m.16 views

AWStats 6.4 - Denial of Service

AWStats 6.4 - Denial of Service !/usr/bin/perl Summarized the advisory www.ghc.ru GHC: /str0ke 0 Exploitable example raw log plugin: Attacker can read sensitive information http://server/cgi-bin/awstats-6.4/awstats.pl?pluginmode=rawlog&loadplugin=rawlog 1 Perl code execution. This script...

Exploits0
0day.today
0day.today
added 2005/02/14 12:0 a.m.150 views

AwStats <= 6.4 Denial Of Service (with Advisory)

Exploit for cgi platform in category web applications ================================================ AwStats new Proto = "tcp", PeerAddr = "$server", PeerPort = "80" || die "Error\n"; print $socket "GET /cgi-bin/awstats-6.4/awstats.pl?&hack=$rp&PluginMode=:sleep HT...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2005/02/14 12:0 a.m.11 views

AwStats &lt;= 6.4 Denial Of Service (with Advisory)

No description provided by source. !/usr/bin/perl Summarized the advisory www.ghc.ru GHC: /str0ke 0 Exploitable example raw log plugin: Attacker can read sensitive information http://server/cgi-bin/awstats-6.4/awstats.pl?pluginmode=rawlog&loadplugin=rawlog 1 Perl code execution. This script...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2005/02/14 12:0 a.m.79 views

AWStats 6.4 - Denial of Service

!/usr/bin/perl Summarized the advisory www.ghc.ru GHC: /str0ke 0 Exploitable example raw log plugin: Attacker can read sensitive information http://server/cgi-bin/awstats-6.4/awstats.pl?pluginmode=rawlog&loadplugin=rawlog 1 Perl code execution. This script...

7.4AI score
Exploits0
Rows per page
Query Builder