EUVD-2015-5632

Malware in sbrugna...

CVE-2015-5682

The CVE concerns the WordPress Powerplay Gallery plugin, version 3.3, where upload.php allows remote attackers to create arbitrary directories through vectors related to the targetDir parameter. This is a remote, unauthenticated vulnerability that enables directory creation, potentially aiding fu...

CVE-2015-5599

Multiple SQL injection vulnerabilities in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the 1 albumid or 2 name parameter...

Unrestricted file upload

Unrestricted file upload vulnerability in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploadfolder/big/...

CVE-2015-5599

CVE-2015-5599 affects the WordPress plugin Powerplay Gallery (plugin version 3.3 and earlier) with multiple SQL injection vulnerabilities in upload.php. Attackers could remotely execute arbitrary SQL commands via the albumid or name parameters, as described by multiple sources (NVD entry and asso...

CVE-2015-5681

CVE-2015-5681 affects the WordPress Powerplay Gallery plugin, version 3.3. It describes an unrestricted file upload vulnerability in upload.php that allows a remote attacker to upload a file with an executable extension and then access it via a direct request to the file in *_uploadfolder/big/, p...

CVE-2015-5681

Unrestricted file upload vulnerability in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploadfolder/big/...