CVE-2019-25213 Advanced Access Manager <= 5.9.8.1 - Unauthenticated Arbitrary File Read

The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media parameter. This allows unauthenticated attackers to read any file on the server, including sensitive file...

VulnCheck KEV: CVE-2019-25213

The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media parameter. This allows unauthenticated attackers to read any file on the server, including sensitive...

DEBIAN-CVE-2019-5824

Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2018-7748

reportviewer.do in ServiceNow Release Jakarta Patch 8 and earlier allows remote attackers to execute arbitrary code via '$xyz' Glide Scripting Injection in the sysparmmedia parameter...

WordPress mgl-instagram-gallery plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports the PHP and MySQL servers to set up a personal blog site. mgl-instagram-gallery plugin is used in one of the responsive gallery plugin. A cross-site scripting...

CVE-2017-17869

The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter...

CVE-2017-17869

The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter...

Design/Logic Flaw

The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter...

CVE-2017-17869

The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter...

CVE-2017-17869

The CVE-2017-17869 entry concerns the WordPress plugin mgl-instagram-gallery . A Cross‑Site Scripting (XSS) vulnerability exists in the plugin’s single-gallery.php file via the media parameter, as described by CVE entries and CNVD/NVD records. The issue is caused by handling the media parameter i...

Wordpress SQLi — PoC

In order to understand the writing here, you need to read the previous explanation https://medium.com/websec/wordpress-sqli-bbb2afcc8e94. If you got it, then we can jump to the part and solve the question e.g. how to update / insert our sql payload into thumbnailid post meta. PoC start - Login to...

CVE-2014-9253

The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows remote attackers to execute arbitrary web script or HTML by uploading an SWF file, then accessing it via the media parameter to lib/exe/fetch.php...

Default credentials

The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows remote attackers to execute arbitrary web script or HTML by uploading an SWF file, then accessing it via the media parameter to lib/exe/fetch.php...