Lucene search
K

685 matches found

Patchstack
Patchstack
added 2015/06/12 12:0 a.m.22 views

WordPress Aviary Image Editor Add On For Gravity Forms Plugin - Beta Shell Upload

The remote file upload vulnerability is in aviary-image-editor-add-on-for-gravity-forms/includes/upload.php. Because of this vulnerability anyone can upload any file to the system. Solution Upgrade the plugin...

9.8CVSS3.2AI score0.41478EPSS
Exploits3References1Affected Software1
Exploit DB
Exploit DB
added 2015/06/12 12:0 a.m.51 views

WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0 Beta - Arbitrary File Upload

Title: Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin Author: Larry W. Cashdollar, @larry0 Date: 2015-06-07 Download Site: https://wordpress.org/plugins/aviary-image-editor-add-on-for-gravity-forms Vendor: Waters Edge Web Design and...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2015/06/11 12:0 a.m.45 views

WordPress Aviary Image Editor Add On For Gravity Forms 3.0 Beta Shell Upload

Title: Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin Author: Larry W. Cashdollar, @larry0 Date: 2015-06-07 Download Site: https://wordpress.org/plugins/aviary-image-editor-add-on-for-gravity-forms Vendor: Waters Edge Web Design and...

0.1AI score0.41478EPSS
Exploits3
0day.today
0day.today
added 2015/06/11 12:0 a.m.54 views

WordPress Aviary Image Editor Add On For Gravity Forms 3.0 Beta Shell Upload Exploit

WordPress Aviary Image Editor Add On For Gravity Forms plugin version 3.0 beta suffers from a remote shell upload vulnerability. Title: Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin Author: Larry W. Cashdollar, @larry0 Date: 2015-06-07...

7.5CVSS0.2AI score0.41478EPSS
Exploits3
WPVulnDB
WPVulnDB
added 2015/06/09 12:0 a.m.31 views

Aviary Image Editor Add-on For Gravity Forms <= 3.0beta - Unauthenticated File Upload

There is a remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms/includes/upload.php. An unauthenticated user can upload any file to the system, including PHP files. upload.php does not check that the user is authenticated and a simple POST request will allow arbitrary...

7.5CVSS4.2AI score0.41478EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
added 2015/04/20 12:0 a.m.16 views

WordPress Gravity Forms Plugin <= 1.9.6 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update the plugin to the latest version...

2.1AI score
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2015/03/24 12:0 a.m.38 views

Wordpress InfusionSoft Shell Upload

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Wordpress InfusionSoft Upload Vulnerability', 'Description' = %q This module exploits an arbitrary PHP code upload in the WordPress...

7.5CVSS6.5AI score0.46174EPSS
Exploits8
Metasploit
Metasploit
added 2015/03/23 7:15 a.m.23 views

Wordpress InfusionSoft Upload Vulnerability

This module exploits an arbitrary PHP code upload in the WordPress Infusionsoft Gravity Forms plugin, versions from 1.5.3 to 1.5.10. The vulnerability allows for arbitrary file upload and remote code execution. This module requires Metasploit: https://metasploit.com/download Current source:...

7.5CVSS7.1AI score0.46174EPSS
Exploits8
WPVulnDB
WPVulnDB
added 2015/03/17 12:0 a.m.22 views

Gravity Forms 1.8 <= 1.9.3.5 - Authenticated Blind SQL Injection

Title: Gravity Forms 1.8 = 1.9.3.5 - Blind SQL Injection CVE-2015-2260 Version/s Tested: 1.9.3.1 Description: Gravity Forms is one of the most popular WordPress plugins gravityforms used to create forms for WordPress sites. The latest version at the time of writing 1.9.3.5 contains an authenticat...

8.4AI score0.05785EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
added 2015/03/17 12:0 a.m.6 views

WordPress Gravity Forms Plugin <= 1.9.3.5 - SQL Injection

This plugin is prone to an SQL injection vulnerability, because the sortcolumn GET parameter is not sufficiently sanitised before being used within an SQL query. Solution Update the plugin...

2.4AI score
Exploits0References1Affected Software1
seebug.org
seebug.org
added 2015/03/16 12:0 a.m.23 views

Wordpress Gravity Forms 1.8.19 /include/upload.php 文件上传漏洞

/includes/upload.php$filename = isset$REQUEST"name" ? $REQUEST"name" : ''; $fieldid = rgpost"fieldid"; $field = GFFormsModel::getfield$form, $fieldid; if empty $field die; // Clean the fileName for security reasons $filename = pregreplace'/^\w.+/', '', $filename; …. $tmpfilename = $formuniqueid...

7.1AI score
Exploits0
myhack58
myhack58
added 2015/03/06 12:0 a.m.24 views

Malware cleanup to Gravity Forms arbitrary file upload-vulnerability warning-the black bar safety net

Regular malware detection cleanup process, we encountered one case of infection, caused our attention. Our environment does not have any special or fancy stuff, just updated wordpress and 3 expired plug-in; this situation is quite reasonable. The processing process ends, the environment is clean...

6.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2015/02/19 12:0 a.m.1 views

WordPress Infusionsoft Gravity Forms Add-on Plugin Unrestricted File Upload

An unauthorized file upload vulnerability has been reported in WordPress Infusionsoft Gravity Forms Add-on Plugin. A remote attacker could exploit this vulnerability by uploading a file to a server running the vulnerable application. Successful exploitation of this vulnerability could allow a...

3.5AI score
Exploits0
seebug.org
seebug.org
added 2014/10/10 12:0 a.m.25 views

Wordpress InfusionSoft Plugin Upload Vulnerability

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::HTTP::Wordpress include...

7.5CVSS6.5AI score0.46174EPSS
Exploits8
Packet Storm
Packet Storm
added 2014/10/09 12:0 a.m.36 views

Wordpress InfusionSoft Upload

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Wordpress InfusionSoft Upload Vulnerability', 'Description' = %q This module exploits an arbitrary PHP code upload in the wordpress...

7.5CVSS6.5AI score0.46174EPSS
Exploits8
Exploit DB
Exploit DB
added 2014/10/09 12:0 a.m.35 views

WordPress Plugin InfusionSoft - Arbitrary File Upload (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Wordpress InfusionSoft Upload Vulnerability', 'Description' = %q This module exploits an arbitrary PHP code upload in the wordpress...

7.5CVSS9.1AI score0.46174EPSS
Exploits8
WPVulnDB
WPVulnDB
added 2014/10/06 5:26 p.m.16 views

Infusionsoft Gravity Forms 1.5.3 - 1.5.10 Arbitrary File Upload

The Infusionsoft Gravity Forms Add-on WordPress plugin was affected by a 1.5.10 Arbitrary File Upload security vulnerability...

7.5CVSS3AI score0.46174EPSS
Exploits8References3Affected Software1
OpenVAS
OpenVAS
added 2014/09/29 12:0 a.m.55 views

WordPress Infusionsoft Gravity Forms Add-on Arbitrary File Upload Vulnerability

WordPress Infusionsoft Gravity Forms Add-on is prone to remote file upload vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS6.6AI score0.46174EPSS
Exploits8References2
NVD
NVD
added 2014/09/26 9:55 p.m.28 views

CVE-2014-6446

The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via a request to utilities/codegenerator.php...

7.5CVSS7.5AI score0.46174EPSS
Exploits8References5
Prion
Prion
added 2014/09/26 9:55 p.m.14 views

Code injection

The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via a request to utilities/codegenerator.php...

7.5CVSS8.1AI score0.46174EPSS
Exploits8References5Affected Software1
Rows per page
Query Builder