22 matches found
EUVD-2014-5078
Malware in sbrugna...
EUVD-2023-53183
Malicious code in bioql PyPI...
CVE-2023-49178
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mr. Hdwplayer HDW Player Plugin Video Player & Video Gallery allows Reflected XSS.This issue affects HDW Player Plugin Video Player & Video Gallery: from n/a through 5.0...
CVE-2014-5180
SQL injection vulnerability in the videos page in the HDW Player Plugin hdw-player-video-player-video-gallery 2.4.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the edit action to wp-admin/admin.php...
CVE-2023-49178
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mr. Hdwplayer HDW Player Plugin Video Player & Video Gallery allows Reflected XSS.This issue affects HDW Player Plugin Video Player & Video Gallery: from n/a through 5.0...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mr. Hdwplayer HDW Player Plugin Video Player & Video Gallery allows Reflected XSS.This issue affects HDW Player Plugin Video Player & Video Gallery: from n/a through 5.0...
CVE-2023-49178 WordPress HDW Player Plugin (Video Player & Video Gallery) Plugin <= 5.0 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mr. Hdwplayer HDW Player Plugin Video Player & Video Gallery allows Reflected XSS.This issue affects HDW Player Plugin Video Player & Video Gallery: from n/a through 5.0...
CVE-2023-49178
CVE-2023-49178 describes a cross-site scripting (XSS) vulnerability in the WordPress plugin HDW Player Plugin (Video Player & Video Gallery) . The issue is caused by improper neutralization of input during web page generation, enabling a Reflected XSS. Affected software: HDW Player Plugin (Video ...
WordPress Plugin HDW Player Plugin Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
HDW Player Plugin (Video Player & Video Gallery) <= 5.0 - Cross-Site Scripting
Description The HDW Player Plugin Video Player & Video Gallery plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 5.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
WordPress HDW Player Plugin (Video Player & Video Gallery) Plugin <= 5.0 is vulnerable to Cross Site Scripting (XSS)
Software HDW Player Plugin Video Player & Video Gallery Type Plugin Vulnerable versions = 5.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-49178 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 27d63d522c9...
HDW Player,4.0.0, RCE
HDW Player,4.0.0 and all other versions, remote code execution Note that this vulnerabilitiy was supposedly fixed by the developer in version 3.2.2, the fact that this issue has arisen again suggests that the developer is aware of it and has created a deliberate back door. The VEL believe that th...
WordPress HDW Player Plugin SQL Injection Vulnerability
HDW Player is an application plugin available on the official WordPress Store that provides streaming media playback services. The WordPress HDW Player plugin suffers from a SQL injection vulnerability, which is exploited by attackers to read sensitive information in the database...
HDW Player, 3.2.1 and older
HDW Player, 3.2.1 and older including 3.1 and 3.0 Remote code execution Please see https://vel.joomla.org/vel-blog/2033-hdw-player-4-0-0-rce for further information...
HDW Player 2.4.2 - wp-admin/admin.php videos Page id Parameter SQL Injection
The HDW Player Plugin Video Player & Video Gallery WordPress plugin was affected by a wp-admin/admin.php videos Page id Parameter SQL Injection security vulnerability...
CVE-2014-5180
SQL injection vulnerability in the videos page in the HDW Player Plugin hdw-player-video-player-video-gallery 2.4.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the edit action to wp-admin/admin.php...
Sql injection
SQL injection vulnerability in the videos page in the HDW Player Plugin hdw-player-video-player-video-gallery 2.4.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the edit action to wp-admin/admin.php...
CVE-2014-5180
SQL injection vulnerability in the videos page in the HDW Player Plugin hdw-player-video-player-video-gallery 2.4.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the edit action to wp-admin/admin.php...
CVE-2014-5180
The CVE-2014-5180 vulnerability affects the WordPress HDW Player Plugin (Video Player & Video Gallery) version 2.4.2. The flaw is a SQL injection in the videos page caused by an id parameter in the wp-admin/admin.php edit action, allowing remote authenticated administrators to execute arbitrary S...
WordPress Plugin HDW Player - '/wp-admin/admin.php' SQL Injection
source: https://www.securityfocus.com/bid/69105/info The WordPress HDW Player plugin Video Player & Video Gallery is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to compromi...