📄 motionEye 0.43.1b4 Remote Code Execution

Client-side validation in motionEye's web UI can be bypassed via overriding the JS validation function. Arbitrary values including shell interpolation syntax can be saved into the motion config. When motion is restarted, the motion process interprets the config and can execute shell syntax embedd...

CVE-2024-6393 NextGEN Gallery < 3.59.5 - Admin+ Stored XSS

The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.5 does not sanitise and escape some of its Images settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example i...

BIT-ABANTECART-2022-26521

Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the CatalogMedia ManagerImages settings can be changed by an administrator e.g., by configuring .php to be a valid image file type...

Nevma Adaptive Images Arbitrary File Deletion Vulnerability

WordPress plugin Adaptive Images is used to serve images in Wordpress based on device resolution, allowing dynamic resizing. An arbitrary file deletion vulnerability exists in WordPress plugin Adaptive Images versions prior to 0.6.67. An attacker can exploit this vulnerability to delete arbitrary...

PT-2019-13530 · Nevma · Nevma Adaptive Images

Name of the Vulnerable Software and Affected Versions: Nevma Adaptive Images plugin versions prior to 0.6.67 Description: The issue allows remote attackers to delete arbitrary files via the adaptive-images-settings parameter in adaptive-images-script.php. This is achieved by exploiting the...