CVE-2017-1000227

Stored XSS in Salutation Responsive WordPress + BuddyPress Theme version 3.0.15 could allow logged-in users to do almost anything an admin can...

CVE-2017-1000227

The CVE targets Salutation Responsive WordPress + BuddyPress Theme, version 3.0.15. A Stored XSS vulnerability exists in this theme, enabling a logged-in attacker to perform admin-like actions. Several sources (e.g., NVD entry for CVE-2017-1000227 and related advisories) describe the issue as a C...

WordPress JTRT Responsive Tables plugin 4.1 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability found by Lenon Leite in WordPress JTRT Responsive Tables plugin version 4.1. Solution 7th November 2017 - we were unable to find a patched version of this plugin...

WordPress Plugin JTRT Responsive Tables 4.1 - SQL Injection

WordPress Plugin JTRT Responsive Tables 4.1 - SQL Injection Exploit Title: JTRT Responsive Tables 4.1 – WordPress Plugin – Sql Injection Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/jtrt-responsive-tables/ Software Link:...

JTRT Responsive Tables <= 4.1 – Authenticated SQL Injection

Type user access: single user. $POST‘tableId’ is not escaped. File / Code: Path: /wp-content/plugins/jtrt-responsive-tables/admin/class-jtrt-responsive-tables-admin.php Line : 183 $getTableId = $POST'tableId'; ... $retrievedata = $wpdb-getresults "SELECT FROM $jtrttablesname WHERE jttableIDD = "...

WordPress JTRT Responsive Tables 4.1 SQL Injection

Exploit Title: JTRT Responsive Tables 4.1 a WordPress Plugin a Sql Injection Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/jtrt-responsive-tables/ Software Link: https://wordpress.org/plugins/jtrt-responsive-tables/ Contact: http://twitter.com/lenonleite Website:...

JTRT Responsive Tables <= 4.1 – Authenticated SQL Injection

Type user access: single user. $POST‘tableId’ is not escaped. File / Code: Path: /wp-content/plugins/jtrt-responsive-tables/admin/class-jtrt-responsive-tables-admin.php Line : 183 $getTableId = $POST'tableId'; ... $retrievedata = $wpdb-getresults "SELECT FROM $jtrttablesname WHERE jttableIDD = "...

WordPress Plugin JTRT Responsive Tables 4.1 - SQL Injection

Exploit Title: JTRT Responsive Tables 4.1 – WordPress Plugin – Sql Injection Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/jtrt-responsive-tables/ Software Link: https://wordpress.org/plugins/jtrt-responsive-tables/ Contact: http://twitter.com/lenonleite Website:...

Responsive Newspaper Magazine&Blog CMS SQL Injection Vulnerability

Responsive Newspaper Magazine&Blog CMS is a content management system mainly used for information websites. A SQL injection vulnerability exists in Responsive Newspaper Magazine&Blog CMS version 1.0. A remote attacker can inject SQL commands by sending the 'id' parameter to the...

CVE-2017-15981

CVE-2017-15981 affects the Text/Content CMS “Responsive Newspaper Magazine & Blog CMS 1.0.” The vulnerability is SQL Injection via the id parameter on admin/admin_process.php during form editing. It is confirmed in multiple sources (NVD entry; related advisories and exploit references) and is exp...

ZKTime Web Software 2.0 - Cross-Site Request Forgery Vulnerability

Exploit for windows platform in category web applications Exploit Title: ZKTime Web Software 2.0 - Cross Site Request Forgery CVE-ID: CVE-2017-13129 Vendor Homepage: https://www.zkteco.com/product/ZKTimeWeb2.0435.html Vendor of Product: ZKTeco Affected Product Code: ZKTime Web - 2.0.1.12280...

CVE-2017-14125

SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an addedittheme task in the wpdevartgallerythemes page to wp-admin/admin.php...

WordPress Responsive Image Gallery Plugin SQL Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL server set up a personal blog site.Responsive Image Gallery plugin is one of the image management plugin. A SQL injection vulnerability exists in WordPre...

WordPress Responsive Image Gallery 1.1.8 SQL Injection Vulnerability

WordPress Responsive Image Gallery plugin version 1.1.8 suffers from a remote SQL injection vulnerability. ============================================= - Discovered by: Manuel GarcAa CA!rdenas - Severity: 7,1/10 CVSS Base Score - CVE-ID: CVE-2017-14125 ===========================================...

WordPress rk-responsive-contact-form SQL Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers. rk-responsive-contact-form is one of the responsive contact form plugin. A SQL injection vulnerability exists in...

CVE-2017-1002027

Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn't sanitized before being passed into an SQL query in file ./rk-responsive-contact-form/include/rkuserlist.php...

CVE-2017-1002027

CVE-2017-1002027 affects the WordPress plugin rk-responsive-contact-form v1.0. The root cause is SQL injection in rk_user_list.php where the parameter $delid is not sanitized before inclusion in a query. Public references describe this as an Authenticated Blind SQL Injection (WPVulndb) and the NV...

Joomla Responsive Portfolio 1.6.1 Component - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Joomla! Component RPC - Responsive Portfolio 1.6.1 - SQL Injection Dork: N/A Date: 25.08.2017 Vendor Homepage: https://extro.media/ Software Link: https://extensions.joomla.org/extension/rpc-responsive-portfolio/ Demo:...

Joomla! Component Responsive Portfolio 1.6.1 - SQL Injection

Joomla! Component Responsive Portfolio 1.6.1 - SQL Injection Exploit Title: Joomla! Component RPC - Responsive Portfolio 1.6.1 - SQL Injection Dork: N/A Date: 25.08.2017 Vendor Homepage: https://extro.media/ Software Link: https://extensions.joomla.org/extension/rpc-responsive-portfolio/ Demo:...

Joomla! Component Responsive Portfolio 1.6.1 - SQL Injection

Exploit Title: Joomla! Component RPC - Responsive Portfolio 1.6.1 - SQL Injection Dork: N/A Date: 25.08.2017 Vendor Homepage: https://extro.media/ Software Link: https://extensions.joomla.org/extension/rpc-responsive-portfolio/ Demo: https://demo.extro.media/responsive-joomla-extensions-en/video-...