Lucene search
K

760 matches found

Patchstack
Patchstack
added 2014/07/24 12:0 a.m.30 views

WordPress Video Gallery Plugin 2.5 - Multiple Vulnerabilities

Video Gallery plugin is prone to multiple vulnerabilities, such as SQL injection and XSS vulnerabilities. Solution Upgrade the plugin...

7.5CVSS2.5AI score0.05017EPSS
Exploits2References1Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.25 views

Wordpress Gallery Plugin 3.06 Arbitrary File Upload

No description provided by source. Description : Wordpress Plugins - Gallery Arbitrary File Upload Vulnerability Version : 3.06 Link : http://wordpress.org/extend/plugins/gallery-plugin/ Plugins : http://downloads.wordpress.org/plugin/gallery-plugin.3.06.zip Date : 01-06-2012 Google Dork :...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.20 views

WordPress Ajax Gallery plugin <= 3.0 - SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress Ajax Gallery plugin = 3.0 SQL Injection Vulnerability Date: 2011-08-18 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/ajaxgallery.3.0.zip Version: 3.0 tested --- PoC --...

7.1AI score
Exploits0
0day.today
0day.today
added 2014/06/27 12:0 a.m.53 views

Wordpress TimThumb 2.8.13 WebShot - Remote Code Execution Exploit

Exploit for php platform in category web applications | | / | \ | |/ |/ | / | | | | | | | | | | | | | / \ | | | || || | |\ | || | | / | | |/|| ||// \| Wordpress TimThumb 2.8.13 WebShot Remote Code Execution 0-day Affected website : a lot Wordpress Themes, Plugins, 3rd party components...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2014/06/24 12:0 a.m.210 views

Multiple WordPress Plugins (TimThumb 2.8.13 / WordThumb 1.07) - &#039;WebShot&#039; Remote Code Execution

| | / | \ | |/ |/ | / | | | | | | | | | | | | | / \ | | | || || | |\ | || | | / | | |/|| ||// \| Wordpress TimThumb 2.8.13 WebShot Remote Code Execution 0-day Affected website : a lot Wordpress Themes, Plugins, 3rd party components Exploit Author : @u0x Pichaya Morimoto Release dates :...

7AI score
Exploits0
CVE
CVE
added 2014/05/06 2:0 p.m.38 views

CVE-2014-2558

The CVE-2014-2558 entry concerns the WordPress File Gallery plugin (versions before 1.7.9.2). The vulnerability stems from improper escaping in the Settings Page that allows a remote attacker to trigger arbitrary PHP code execution via a backslash-quote in fields referencing /wp-admin/options-med...

6.5CVSS7.8AI score0.01746EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2014/04/11 2:55 p.m.15 views

CVE-2014-2333

Cross-site scripting XSS vulnerability in the Lazyest Gallery plugin before 1.1.21 for WordPress allows remote attackers to inject arbitrary web script or HTML via an EXIF tag. NOTE: some of these details are obtained from third party information...

2.6CVSS5.8AI score0.02072EPSS
Exploits0References4
CVE
CVE
added 2014/04/11 2:0 p.m.43 views

CVE-2014-2333

CVE-2014-2333 affects the WordPress plugin Lazyest Gallery (pre-1.1.21). The vulnerability is a stored/reflected XSS via an EXIF tag in the image handling code, enabling remote attackers to inject arbitrary script or HTML. Public details come from NVD/NVD-related feeds and WPVulnDB entries; explo...

2.6CVSS6AI score0.02072EPSS
Exploits0References4Affected Software1
0day.today
0day.today
added 2013/03/16 12:0 a.m.23 views

Wordpress bp-gallery plugin v1.2.5 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/02/11 12:0 a.m.22 views

Gallery Plugin for WordPress 'load' Parameter Remote File Inclusion

The Gallery Plugin for WordPress installed on the remote host is affected by a remote file inclusion vulnerability because it fails to properly sanitize user-supplied input to the 'load' parameter of the 'updateorder.php' script. This vulnerability allows an unauthenticated, remote attacker to vi...

9.8CVSS8.7AI score0.0286EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2013/01/11 12:0 a.m.36 views

WordPress Gallery 3.8.3 Arbitrary File Read

​ Exploit Title : Wordpress gallery-3.8.3 plugin Arbitrary File Read Vulnerability Author : IrIsT.Ir Discovered By : BeniVanda Home : http://IrIsT.Ir/forum/ Software Link : http://wordpress.org/extend/plugins/gallery-plugin/ Security Risk : High Version : All Version Tested on : GNU/Linux Ubuntu ...

0.4AI score
Exploits0
Patchstack
Patchstack
added 2013/01/10 12:0 a.m.11 views

WordPress Gallery Plugin - Remote Arbitrary File Access

WordPress Gallery plugin is prone to a remote arbitrary file access vulnerability that allows an attacker to read arbitrary files. Other attacks are also possible. Solution Update the plugin...

5AI score
Exploits0References1Affected Software1
NVD
NVD
added 2012/06/16 12:55 a.m.10 views

CVE-2012-3575

Unrestricted file upload vulnerability in uploader.php in the RBX Gallery plugin 2.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/rbxslider...

10CVSS7.7AI score0.15828EPSS
Exploits2References4
Patchstack
Patchstack
added 2012/06/06 12:0 a.m.12 views

WordPress Gallery Plugin 3.06 - Arbitrary File Upload

WordPress Gallery plugin is prone to an arbitrary file upload vulnerability. Restricted access to this script is not properly realized. In that way an attacker can to upload files containing malicious PHP code and run it in the context of the web server process. Other attacks are also possible...

1.9AI score
Exploits0References1Affected Software1
wpexploit
wpexploit
added 2012/06/01 12:0 a.m.13 views

Gallery 3.06 - Unauthenticated File Upload PHP Code Execution

The Gallery by BestWebSoft WordPress plugin was affected by an Unauthenticated File Upload PHP Code Execution security vulnerability. The vulnerable file was: http://www.example.com/wp-content/plugins/gallery-plugin/upload/php.php...

1.4AI score
Exploits0References1
exploitpack
exploitpack
added 2011/12/12 12:0 a.m.13 views

WordPress Plugin GRAND FlAGallery 1.57 - flagshow.php Cross-Site Scripting

WordPress Plugin GRAND FlAGallery 1.57 - flagshow.php Cross-Site Scripting source: https://www.securityfocus.com/bid/51012/info GRAND FlAGallery plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverag...

0.5AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2011/11/02 9:55 p.m.2 views

CVE-2010-5041

SQL injection vulnerability in index.php in the NPGallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary SQL commands via the id parameter in a plugin action...

7.5CVSS6.4AI score0.01179EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2011/11/02 9:55 p.m.2 views

CVE-2010-5040

PHP remote file inclusion vulnerability in nucleus/plugins/NPgallery.php in the NPGallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary PHP code via a URL in the DIRNUCLEUS parameter. NOTE: some of these details are obtained from third party information...

6.8CVSS6.2AI score0.02059EPSS
Exploits1References6
CVE
CVE
added 2010/04/07 3:0 p.m.63 views

CVE-2010-1186

The CVE-2010-1186 entry documents a Cross-Site Scripting (XSS) vulnerability in the NextGEN Gallery WordPress plugin. Affected component: xml/media-rss.php; vulnerable until version 1.5.2 where the mode parameter is reflected without proper escaping, enabling remote attackers to inject arbitrary ...

4.3CVSS5.7AI score0.04727EPSS
Exploits6References7Affected Software1
Prion
Prion
added 2008/12/30 5:30 p.m.11 views

Directory traversal

Directory traversal vulnerability in getConfig.php in the Page Flip Image Gallery plugin 0.2.2 and earlier for WordPress, when magicquotesgpc is disabled, allows remote attackers to read arbitrary files via a .. dot dot in the bookid parameter. NOTE: some of these details are obtained from third...

4.3CVSS7.2AI score0.05808EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder