EUVD-2016-10680

Malware in sbrugna...

EUVD-2015-7310

Malware in sbrugna...

WordPress plugin Logo Showcase with Slick Slider 访问控制错误漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. An access control error vulnerability exists in the WordPress...

CVE-2021-36850

Cross-Site Request Forgery CSRF vulnerability in WordPress Media File Renamer – Auto & Manual Rename plugin versions = 5.1.9. Affected parameters "posttitle", "filename", "lock". This allows changing the uploaded media title, media file name, and media locking state...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in WordPress Media File Renamer – Auto & Manual Rename plugin versions = 5.1.9. Affected parameters "posttitle", "filename", "lock". This allows changing the uploaded media title, media file name, and media locking state...

Media File Renamer - Auto & Manual Rename < 5.2.7 - Media Title/Filename/Locking State Update via CSRF

The plugin does not have CSRF in place, which could allow attacker to make a logged in admin change arbitrary uploaded media title, filename, as well as locking state via a CSRF attack Notes: - We were unable to reproduce the issue from an attacker point of view, the endpoints are expecting JSON...

Dotclear cross-site scripting vulnerability (CNVD-2017-00084)

Dotclear is a software developer OlivierMeunier developed a free PHP and MySQL-based blog Blog publishing software. A cross-site scripting vulnerability exists in the admin/media.php and admin/mediaitem.ph files in versions of Dotclear prior to 2.11. A remote attacker can inject arbitrary web...

Cross site scripting

Cross-site scripting XSS vulnerability in admin/media.php and admin/mediaitem.php in Dotclear before 2.11 allows remote authenticated users to inject arbitrary web script or HTML via the upfiletitle or mediatitle parameter aka the media title...

UBUNTU-CVE-2016-9891

Cross-site scripting XSS vulnerability in admin/media.php and admin/mediaitem.php in Dotclear before 2.11 allows remote authenticated users to inject arbitrary web script or HTML via the upfiletitle or mediatitle parameter aka the media title...

CVE-2016-9891

Dotclear before version 2.11 contains a cross-site scripting (XSS) vulnerability in admin/media.php and admin/media_item.php that allows remote authenticated users to inject arbitrary web script or HTML via the upfiletitle or media_title parameters. Impact is described as XSS with typical user in...

CVE-2015-7386

Multiple cross-site scripting XSS vulnerabilities in includes/metaboxes.php in the Gallery - Photo Albums - Portfolio plugin 1.3.47 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the 1 Media Title or 2 Media Subtitle fields...