Sql injection

Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/adminsetting.php via galleryname parameter...

CVE-2017-1002015

Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/adminsetting.php via selectMulGallery parameter...

CVE-2017-1002018

Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and attendees.php code do not sanitize input, this allows for blind SQL injection via the event parameter...

Participants Database <= 1.7.5.9 - Cross-Site Scripting

Cross site scripting XSS vulnerability in the Wordpress Participants Database plugin 1.7.59 allows attackers to inject arbitrary javascript via the Name parameter. PoC curl -k -F action=signup -F subsource=participants-database -F shortcodepage=/?pageid=1 -F thankspage=/?pageid=1 -F instanceindex...

HashiCorp Vagrant VMware Fusion Plugin Arbitrary Code Execution Vulnerability

HashiCorp Vagrant VMware Fusion plugin is a tool for building and managing virtual machine environments on VMware virtual machines developed by HashiCorp, USA. A security vulnerability exists in HashiCorp Vagrant VMware Fusion plugin versions prior to 4.0.24, which stems from the program assignin...

CVE-2015-7875

ctools 6.x-1.x before 6.x-1.14 and 7.x-1.x before 7.x-1.8 in Drupal does not verify the "edit" permission for the "content type" plugins that are used on Panels and similar systems to place content and functionality on a page...

CVE-2017-12068

The Event List plugin 0.7.9 for WordPress has XSS in the slug array parameter to wp-admin/admin.php in an eladmincategories deletebulk action...

WordPress REST API plugin user enumeration vulnerability

WordPress is a free and open source blogging software and content management system that uses PHP and MySQL as its platform. A user enumeration vulnerability exists in the WordPress REST API plugin version 1.3.8, which can be exploited by an attacker to stop user enumeration...

Stop User Enumeration <= 1.3.8 - REST API Bypass

The Stop User Enumeration WordPress plugin was affected by a REST API Bypass security vulnerability...

WordPress plugin "Popup Maker" vulnerable to cross-site scripting

Overview The WordPress plugin "Popup Maker" provided by Popup Maker contains a reflected cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary scri...

IrfanView .fpx file buffer overflow vulnerability (CNVD-2017-14131)

IrfanView is an image viewer developed by Irfan Skiljan, a software developer from Bosnia and Herzegovina, which supports image browsing, image editing, image format conversion, etc. FPX Plugin is one of the programmable interface extensions. A buffer overflow vulnerability exists in IrfanView...

IrfanView FPX plugin buffer overflow vulnerability (CNVD-2017-15690)

IrfanView is an image viewer developed by Irfan Skiljan, a software developer from Bosnia and Herzegovina, which supports image browsing, image editing, image format conversion, etc. FPX Plugin is one of the programmable interface extensions. A buffer overflow vulnerability exists in IrfanView...

IrfanView FPX plugin buffer overflow vulnerability (CNVD-2017-15697)

IrfanView is an image viewer developed by Irfan Skiljan, a software developer from Bosnia and Herzegovina, which supports image browsing, image editing, image format conversion, etc. FPX Plugin is one of the programmable interface extensions. A buffer overflow vulnerability exists in IrfanView...

CVE-2017-9887

IrfanView version 4.44 32bit with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at...

WordPress Event Calendar WD Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Event Calendar WD is one of the calendar plugin. A cross-site scripting vulnerability exists in versions of the...

CVE-2017-9604

CVE-2017-9604 details (Mode C): Affected software uses KDE PIM components: kmail and messagelib (KDE Applications before 17.04.2), with the issue occurring in the Send Later flow. The root cause is that the plugin’s sign/encrypt action is not guaranteed to occur during Send Later, enabling potent...

Cross site scripting

The Markdown on Save Improved plugin 2.5 for WordPress has a stored XSS vulnerability in the content of a post...

CVE-2017-9337

The CVE-2017-9337 vulnerability affects the WordPress plugin “Markdown on Save Improved” version 2.5, with a stored cross-site scripting (XSS) flaw in post content. Public data notes: exploitation details are not provided in the included documents; the CVE entry lists XSS in content as the impact...

VideoLAN VLC Multimedia Player Denial of Service Vulnerability

VideoLAN VLC media player is a free, open source cross-platform multimedia player also a multimedia framework developed by the French organization VideoLAN. The product supports playback of a variety of media files, CD-ROMs, etc., a variety of audio and video formats WMV, MP3, etc. and so on. A...

Design/Logic Flaw

plugins\codec\libflacplugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service heap corruption and application crash or possibly have unspecified other impact via a crafted FLAC file...