CVE-2014-125091 codepeople cp-polls Plugin cp-admin-int-message-list.inc.php sql injection

A vulnerability has been found in codepeople cp-polls Plugin 1.0.1 on WordPress and classified as critical. This vulnerability affects unknown code of the file cp-admin-int-message-list.inc.php. The manipulation of the argument lu leads to sql injection. The attack can be initiated remotely...

CVE-2016-15022 mosbth cimage check_system.php cross site scripting

A vulnerability was found in mosbth cimage up to 0.7.18. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file checksystem.php. The manipulation of the argument $SERVER'SERVERSOFTWARE' leads to cross site scripting. The attack can be launched...

myegallery.txt

Product: MyeGallery Versions affected: all /tmp/cmdtemp 2&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp"; $output = obgetcontents; obendclean; printoutput; ? This allows execution of any command on the server with MyeGallery, under the privileges of the Web server usually apache or httpd. 3. Solution...