760 matches found
WordPress Video Gallery Plugin 2.5 - Multiple Vulnerabilities
Video Gallery plugin is prone to multiple vulnerabilities, such as SQL injection and XSS vulnerabilities. Solution Upgrade the plugin...
Wordpress Gallery Plugin 3.06 Arbitrary File Upload
No description provided by source. Description : Wordpress Plugins - Gallery Arbitrary File Upload Vulnerability Version : 3.06 Link : http://wordpress.org/extend/plugins/gallery-plugin/ Plugins : http://downloads.wordpress.org/plugin/gallery-plugin.3.06.zip Date : 01-06-2012 Google Dork :...
WordPress Ajax Gallery plugin <= 3.0 - SQL Injection Vulnerability
No description provided by source. Exploit Title: WordPress Ajax Gallery plugin = 3.0 SQL Injection Vulnerability Date: 2011-08-18 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/ajaxgallery.3.0.zip Version: 3.0 tested --- PoC --...
Wordpress TimThumb 2.8.13 WebShot - Remote Code Execution Exploit
Exploit for php platform in category web applications | | / | \ | |/ |/ | / | | | | | | | | | | | | | / \ | | | || || | |\ | || | | / | | |/|| ||// \| Wordpress TimThumb 2.8.13 WebShot Remote Code Execution 0-day Affected website : a lot Wordpress Themes, Plugins, 3rd party components...
Multiple WordPress Plugins (TimThumb 2.8.13 / WordThumb 1.07) - 'WebShot' Remote Code Execution
| | / | \ | |/ |/ | / | | | | | | | | | | | | | / \ | | | || || | |\ | || | | / | | |/|| ||// \| Wordpress TimThumb 2.8.13 WebShot Remote Code Execution 0-day Affected website : a lot Wordpress Themes, Plugins, 3rd party components Exploit Author : @u0x Pichaya Morimoto Release dates :...
CVE-2014-2558
The CVE-2014-2558 entry concerns the WordPress File Gallery plugin (versions before 1.7.9.2). The vulnerability stems from improper escaping in the Settings Page that allows a remote attacker to trigger arbitrary PHP code execution via a backslash-quote in fields referencing /wp-admin/options-med...
CVE-2014-2333
Cross-site scripting XSS vulnerability in the Lazyest Gallery plugin before 1.1.21 for WordPress allows remote attackers to inject arbitrary web script or HTML via an EXIF tag. NOTE: some of these details are obtained from third party information...
CVE-2014-2333
CVE-2014-2333 affects the WordPress plugin Lazyest Gallery (pre-1.1.21). The vulnerability is a stored/reflected XSS via an EXIF tag in the image handling code, enabling remote attackers to inject arbitrary script or HTML. Public details come from NVD/NVD-related feeds and WPVulnDB entries; explo...
Wordpress bp-gallery plugin v1.2.5 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...
Gallery Plugin for WordPress 'load' Parameter Remote File Inclusion
The Gallery Plugin for WordPress installed on the remote host is affected by a remote file inclusion vulnerability because it fails to properly sanitize user-supplied input to the 'load' parameter of the 'updateorder.php' script. This vulnerability allows an unauthenticated, remote attacker to vi...
WordPress Gallery 3.8.3 Arbitrary File Read
Exploit Title : Wordpress gallery-3.8.3 plugin Arbitrary File Read Vulnerability Author : IrIsT.Ir Discovered By : BeniVanda Home : http://IrIsT.Ir/forum/ Software Link : http://wordpress.org/extend/plugins/gallery-plugin/ Security Risk : High Version : All Version Tested on : GNU/Linux Ubuntu ...
WordPress Gallery Plugin - Remote Arbitrary File Access
WordPress Gallery plugin is prone to a remote arbitrary file access vulnerability that allows an attacker to read arbitrary files. Other attacks are also possible. Solution Update the plugin...
CVE-2012-3575
Unrestricted file upload vulnerability in uploader.php in the RBX Gallery plugin 2.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/rbxslider...
WordPress Gallery Plugin 3.06 - Arbitrary File Upload
WordPress Gallery plugin is prone to an arbitrary file upload vulnerability. Restricted access to this script is not properly realized. In that way an attacker can to upload files containing malicious PHP code and run it in the context of the web server process. Other attacks are also possible...
Gallery 3.06 - Unauthenticated File Upload PHP Code Execution
The Gallery by BestWebSoft WordPress plugin was affected by an Unauthenticated File Upload PHP Code Execution security vulnerability. The vulnerable file was: http://www.example.com/wp-content/plugins/gallery-plugin/upload/php.php...
WordPress Plugin GRAND FlAGallery 1.57 - flagshow.php Cross-Site Scripting
WordPress Plugin GRAND FlAGallery 1.57 - flagshow.php Cross-Site Scripting source: https://www.securityfocus.com/bid/51012/info GRAND FlAGallery plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverag...
CVE-2010-5041
SQL injection vulnerability in index.php in the NPGallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary SQL commands via the id parameter in a plugin action...
CVE-2010-5040
PHP remote file inclusion vulnerability in nucleus/plugins/NPgallery.php in the NPGallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary PHP code via a URL in the DIRNUCLEUS parameter. NOTE: some of these details are obtained from third party information...
CVE-2010-1186
The CVE-2010-1186 entry documents a Cross-Site Scripting (XSS) vulnerability in the NextGEN Gallery WordPress plugin. Affected component: xml/media-rss.php; vulnerable until version 1.5.2 where the mode parameter is reflected without proper escaping, enabling remote attackers to inject arbitrary ...
Directory traversal
Directory traversal vulnerability in getConfig.php in the Page Flip Image Gallery plugin 0.2.2 and earlier for WordPress, when magicquotesgpc is disabled, allows remote attackers to read arbitrary files via a .. dot dot in the bookid parameter. NOTE: some of these details are obtained from third...