CVE-2017-12977

CVE-2017-12977 affects the Web-Dorado Photo Gallery by WD – Responsive Photo Gallery WordPress plugin prior to 1.3.51. The vulnerability is a SQL injection in bwg_edit_tag() (photo-gallery.php) and edit_tag() (admin/controllers/BWGControllerTags_bwg.php) that is exploitable by administrators via ...

WordPress Photo Gallery by WD - Responsive Photo Gallery SQL Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Photo Gallery by WD - Responsive Photo Gallery is one of the image management plugin. A SQL injection vulnerabilit...

CVE-2017-7783

If a long user name is used in a username/password combination in a site URL such as " http://UserName:[email protected]", the resulting modal prompt will hang in a non-responsive state or crash, causing a denial of service. This vulnerability affects Firefox 55...

CVE-2017-7783

If a long user name is used in a username/password combination in a site URL such as " http://UserName:[email protected]", the resulting modal prompt will hang in a non-responsive state or crash, causing a denial of service. This vulnerability affects Firefox 55...

rk-responsive-contact-form 1.0 - Authenticated Blind SQL Injection

The rk-responsive-contact-form WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability...

Salutation Responsive 3.0.15 Cross Site Scripting

Details ================ Software: Salutation Responsive WordPress + BuddyPress Theme Version: 3.0.15 Homepage: https://themeforest.net/item/salutation-responsive-wordpress-buddypress-theme/548199 Advisory report: https://security.dxw.com/advisories/stored-xss-salutation-theme/ CVE: Awaiting...

Salutation Responsive < 3.0.16 - Stored XSS

The parallelus-salutation WordPress theme was affected by a Stored XSS security vulnerability...

CVE-2017-2243

Cross-site scripting vulnerability in Responsive Lightbox prior to version 1.7.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors...

CVE-2017-2243

Cross-site scripting vulnerability in Responsive Lightbox prior to version 1.7.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting vulnerability in Responsive Lightbox prior to version 1.7.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors...

CVE-2017-2243

Cross-site scripting vulnerability in Responsive Lightbox prior to version 1.7.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors...

CVE-2017-2243

CVE-2017-2243 targets the WordPress plugin Responsive Lightbox (dFactory). The vulnerability is a cross-site scripting flaw in versions before 1.7.2, described as a reflected XSS (CWE-79) with the ability to inject arbitrary script/HTML via unspecified vectors. Multiple sources (NVD, JVN/JVND, CV...

WordPress plugin "Responsive Lightbox" vulnerable to cross-site scripting

Overview The WordPress plugin "Responsive Lightbox" provided by dFactory contains a reflected cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...

JVN#39819446: WordPress plugin "Responsive Lightbox" vulnerable to cross-site scripting

The WordPress plugin "Responsive Lightbox" provided by dFactory contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the...

Responsive Lightbox by dFactory <= 1.7.1 - Authenticated Cross-Site Scripting (XSS)

The Responsive Lightbox & Gallery WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability...

WordPress Responsive Lightbox Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on servers with PHP and MySQL.WordPress Responsive Lightbox is one of the image viewing plugin. A cross-site scripting vulnerability exists ...

WordPress Responsive Menu plugin <= 3.1.3 - Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) Vulnerability

Wordpress Responsive Menu plugin Cross-Site Request Forgery CSRF and Cross-Site Scripting XSS Vulnerabilities. There's a lack of sanitization for saving the options in updateOptions function, in the /app/Controllers/AdminController.php file. Also, a nonce is missing in the plugin's settings page...

Responsive Menu <= 3.1.3 - XSS and CSRF

The Responsive Menu – Create Mobile-Friendly Menu WordPress plugin was affected by a XSS and CSRF security vulnerability...

WordPress WebDorado Gallery 1.3.29 Plugin - SQL Injection Vulnerability

Exploit for php platform in category web applications Source: http://www.defensecode.com/advisories/DC-2017-02-011WordPressWebDoradoGalleryPluginAdvisory.pdf DefenseCode ThunderScan SAST Advisory WordPress WebDorado Gallery Plugin - SQL Injection Vulnerability Advisory ID: DC-2017-02-011 Software...

Broadcom: Heap overflow in TDLS Teardown Request while handling Fast Transition IE (CVE-2017-0561)

详细分析：https://googleprojectzero.blogspot.tw/2017/04/over-air-exploiting-broadcoms-wi-fi4.html Posted by Gal Beniamini, Project Zero It's a well understood fact that platform security is an integral part of the security of complex systems. For mobile devices, this statement rings even truer; modern...