705 matches found
Responsive Lightbox by dFactory <= 1.7.1 - Authenticated Cross-Site Scripting (XSS)
The Responsive Lightbox & Gallery WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability...
Lightbox <= 1.6.7 - Cross-Site Scripting (XSS)
The lightbox WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...
WordPress Form Lightbox Plugin - BYPASS
This vulnerability allows the attackers to update any option in the WordPress database. It includes gaining an admin access. Solution There is no fix, because this plugin is no longer in the WordPress repository...
Form Lightbox - Arbitrary Option Update Leading to Admin Account
This is a plugin that is no longer in the WordPress repository, however, is still in use on some sites. With this vulnerability an attacker can update any option in the WordPress database. This includes gaining an admin access. Using the file ajax.php that contains the following line: updateoptio...
Lightbox Plus <= 2.7.2 - CSRF to XSS
The lightbox-plus WordPress plugin was affected by a CSRF to XSS security vulnerability...
Colorbox - Access bypass - Less Critical - SA-CONTRIB-2015-156
This module allows for integration of Colorbox, a jQuery lightbox plugin, into Drupal. The module allows unprivileged users to add unexpected content to a Colorbox, including content from external sites. This allows an unprivileged user to deface a site. This vulnerability is mitigated by the fac...
PHP Kobo Photo Gallery CMS for PC/smartphone and feature phone Cross Site Scripting Vulnerability
PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone is a photo gallery content management system CMS for PC, smartphone and feature phone from PHP Kobo Japan. A cross-site scripting vulnerability exists in the jquery.lightbox-0.5.min.js file in PHP Kobo Photo Gallery CMS for PC,...
WordPress WP Video Lightbox Plugin <= 1.7.4 - Cross Site Scripting
Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
WordPress Responsive Lightbox Plugin <= 1.4.11 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
WordPress 3.5.1 Lightbox Plus RCE
Remote Code Execution in the Wordpress core using maybeunserialize and the simplehtmldomnode class Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...
WordPress FooBox Image Lightbox Plugin <= 1.0.4 - Cross Site Scripting
Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update this plugin...
WordPress plugin Lightbox Photo Gallery suffers from multiple cross-site request forgery vulnerabilities
WordPress is a use of PHP language development of blogging platform , users can support PHP and MySQL database server set up their own weblog . Lightbox Photo Gallery plugin is to provide automatic generation of thumbnails , watermarks , the use of slideshow way to view pictures and other feature...
CVE-2014-9441
Multiple cross-site request forgery CSRF vulnerabilities in the Lightbox Photo Gallery plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings via unspecified vectors or conduct cross-site scripting XSS attacks via...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the Lightbox Photo Gallery plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings via unspecified vectors or conduct cross-site scripting XSS attacks via...
CVE-2014-9441
The CVE-2014-9441 entry concerns the WordPress Lightbox Photo Gallery 1.0 plugin, which is vulnerable to multiple CSRF (and associated XSS) flaws. According to the sources, remote attackers can hijack administrator authentication to perform actions such as changing plugin settings via unspecified...
WordPress Lightbox Photo Gallery Plugin <= 1.0 - Multiple CSRF and XSS
Because of these cross site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution Update the plugin...
WordPress Lightbox Photo Gallery 1.0 CSRF / XSS
Title: WordPress 'Lightbox Photo Gallery' plugin - CSRF/XSS Version: 1.0 Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej Date: 2014/12/12 Download: https://wordpress.org/plugins/lightbox-photo-gallery/ Notified WordPress: 2014/11/27...
Wordpress Plugin plg_novana Sql Injection Vulnerability
WordPress Plg Novana third party plugin suffers from a remote SQL injection vulnerability. Exploit Title : Wordpress plgnovana plugin Sql Injection Exploit Author : Ashiyane Digital Security Team Discovered By : sil3nt Home : www.ashiyane.org Security Risk : High - SQL Injection Dork :...
Joomla Component com_allcinevid 1.0.0 Blind SQL Injection Vulnerability
Exploit for php platform in category web applications allCineVid Joomla Component 1.0.0 Blind SQL Injection Vulnerability Name allCineVid Vendor http://www.joomtraders.com Versions Affected 1.0.0 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta...
Joomla! Component allCineVid 1.0.0 - Blind SQL Injection
http://adv.salvatorefresta.net/allCineVidJoomlaComponent1.0.0BlindSQLInjectionVulnerability-18012011.txt allCineVid Joomla Component 1.0.0 Blind SQL Injection Vulnerability Name allCineVid Vendor http://www.joomtraders.com Versions Affected 1.0.0 Author Salvatore Fresta aka Drosophila Website...