Category Archives: CVE

CVE

Vulnerability in wordpress plugin surveys v1.01.8, The code in questions.php does not sanitize the survey variable befor

CVE-2017-1002022 : Vulnerability in wordpress plugin surveys v1.01.8, The code in questions.php does not sanitize the survey variable befor

CVEdetails.com the ultimate security vulnerability data source

Vulnerability in wordpress plugin surveys v1.01.8, The code in questions.php does not sanitize the survey variable before placing it inside of an SQL query.

Publish Date : 2017-09-14 Last Update Date : 2017-09-14


CVSS Scores & Vulnerability Types

CVSS Score

0.0

Confidentiality Impact ???
Integrity Impact ???
Availability Impact ???
Access Complexity ???
Authentication ???
Gained Access None
Vulnerability Type(s)
CWE ID CWE id is not defined for this vulnerability


Products Affected By CVE-2017-1002022

# Product Type Vendor Product Version Update Edition Language

No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days.


References For CVE-2017-1002022


Metasploit Modules Related To CVE-2017-1002022

CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE’s CVE web site.

CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE’s CWE web site.

OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE’s OVAL web site.

Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user’s risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.

Powered by WPeMatico

Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id

CVE-2017-1002021 : Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id

CVEdetails.com the ultimate security vulnerability data source

Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id variable before placing it inside of an SQL query.

Publish Date : 2017-09-14 Last Update Date : 2017-09-14


CVSS Scores & Vulnerability Types

CVSS Score

0.0

Confidentiality Impact ???
Integrity Impact ???
Availability Impact ???
Access Complexity ???
Authentication ???
Gained Access None
Vulnerability Type(s)
CWE ID CWE id is not defined for this vulnerability


Products Affected By CVE-2017-1002021

# Product Type Vendor Product Version Update Edition Language

No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days.


References For CVE-2017-1002021


Metasploit Modules Related To CVE-2017-1002021

CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE’s CVE web site.

CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE’s CWE web site.

OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE’s OVAL web site.

Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user’s risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.

Powered by WPeMatico

Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize the action variable bef

CVE-2017-1002020 : Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize the action variable bef

CVEdetails.com the ultimate security vulnerability data source

Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize the action variable before placing it inside of an SQL query.

Publish Date : 2017-09-14 Last Update Date : 2017-09-14


CVSS Scores & Vulnerability Types

CVSS Score

0.0

Confidentiality Impact ???
Integrity Impact ???
Availability Impact ???
Access Complexity ???
Authentication ???
Gained Access None
Vulnerability Type(s)
CWE ID CWE id is not defined for this vulnerability


Products Affected By CVE-2017-1002020

# Product Type Vendor Product Version Update Edition Language

No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days.


References For CVE-2017-1002020


Metasploit Modules Related To CVE-2017-1002020

CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE’s CVE web site.

CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE’s CWE web site.

OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE’s OVAL web site.

Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user’s risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.

Powered by WPeMatico

Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and event_form.php code do not sanitize input, this

CVE-2017-1002019 : Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and event_form.php code do not sanitize input, this

CVEdetails.com the ultimate security vulnerability data source

Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and event_form.php code do not sanitize input, this allows for blind SQL injection via the event parameter.

Publish Date : 2017-09-14 Last Update Date : 2017-09-14


CVSS Scores & Vulnerability Types

CVSS Score

0.0

Confidentiality Impact ???
Integrity Impact ???
Availability Impact ???
Access Complexity ???
Authentication ???
Gained Access None
Vulnerability Type(s) Sql Injection
CWE ID CWE id is not defined for this vulnerability


Products Affected By CVE-2017-1002019

# Product Type Vendor Product Version Update Edition Language

No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days.


References For CVE-2017-1002019


Metasploit Modules Related To CVE-2017-1002019

CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE’s CVE web site.

CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE’s CWE web site.

OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE’s OVAL web site.

Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user’s risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.

Powered by WPeMatico

Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and attendees.php code do not sanitize input, this a

CVE-2017-1002018 : Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and attendees.php code do not sanitize input, this a

CVEdetails.com the ultimate security vulnerability data source

Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and attendees.php code do not sanitize input, this allows for blind SQL injection via the event parameter.

Publish Date : 2017-09-14 Last Update Date : 2017-09-14


CVSS Scores & Vulnerability Types

CVSS Score

0.0

Confidentiality Impact ???
Integrity Impact ???
Availability Impact ???
Access Complexity ???
Authentication ???
Gained Access None
Vulnerability Type(s) Sql Injection
CWE ID CWE id is not defined for this vulnerability


Products Affected By CVE-2017-1002018

# Product Type Vendor Product Version Update Edition Language

No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days.


References For CVE-2017-1002018


Metasploit Modules Related To CVE-2017-1002018

CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE’s CVE web site.

CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE’s CWE web site.

OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE’s OVAL web site.

Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user’s risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.

Powered by WPeMatico

Vulnerability in wordpress plugin gift-certificate-creator v1.0, The code in gc-list.php doesn’t sanitize user inpu

CVE-2017-1002017 : Vulnerability in wordpress plugin gift-certificate-creator v1.0, The code in gc-list.php doesn’t sanitize user inpu

CVEdetails.com the ultimate security vulnerability data source

Vulnerability in wordpress plugin gift-certificate-creator v1.0, The code in gc-list.php doesn’t sanitize user input to prevent a stored XSS vulnerability.

Publish Date : 2017-09-14 Last Update Date : 2017-09-14


CVSS Scores & Vulnerability Types

CVSS Score

0.0

Confidentiality Impact ???
Integrity Impact ???
Availability Impact ???
Access Complexity ???
Authentication ???
Gained Access None
Vulnerability Type(s) Cross Site Scripting
CWE ID CWE id is not defined for this vulnerability


Products Affected By CVE-2017-1002017

# Product Type Vendor Product Version Update Edition Language

No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days.


References For CVE-2017-1002017


Metasploit Modules Related To CVE-2017-1002017

CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE’s CVE web site.

CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE’s CWE web site.

OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE’s OVAL web site.

Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user’s risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.

Powered by WPeMatico

Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code in flickr-picture-download.php doesn’t check

CVE-2017-1002016 : Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code in flickr-picture-download.php doesn’t check

CVEdetails.com the ultimate security vulnerability data source

Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code in flickr-picture-download.php doesn’t check to see if the user is authenticated or that they have permission to upload files.

Publish Date : 2017-09-14 Last Update Date : 2017-09-14


CVSS Scores & Vulnerability Types

CVSS Score

0.0

Confidentiality Impact ???
Integrity Impact ???
Availability Impact ???
Access Complexity ???
Authentication ???
Gained Access None
Vulnerability Type(s)
CWE ID CWE id is not defined for this vulnerability


Products Affected By CVE-2017-1002016

# Product Type Vendor Product Version Update Edition Language

No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days.


References For CVE-2017-1002016


Metasploit Modules Related To CVE-2017-1002016

CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE’s CVE web site.

CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE’s CWE web site.

OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE’s OVAL web site.

Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user’s risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.

Powered by WPeMatico

Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slidesh

CVE-2017-1002015 : Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slidesh

CVEdetails.com the ultimate security vulnerability data source

Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via selectMulGallery parameter.

Publish Date : 2017-09-14 Last Update Date : 2017-09-14


CVSS Scores & Vulnerability Types

CVSS Score

0.0

Confidentiality Impact ???
Integrity Impact ???
Availability Impact ???
Access Complexity ???
Authentication ???
Gained Access None
Vulnerability Type(s) Sql Injection
CWE ID CWE id is not defined for this vulnerability


Products Affected By CVE-2017-1002015

# Product Type Vendor Product Version Update Edition Language

No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days.


References For CVE-2017-1002015


Metasploit Modules Related To CVE-2017-1002015

CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE’s CVE web site.

CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE’s CWE web site.

OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE’s OVAL web site.

Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user’s risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.

Powered by WPeMatico

Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slidesh

CVE-2017-1002014 : Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slidesh

CVEdetails.com the ultimate security vulnerability data source

Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via gallery_name parameter.

Publish Date : 2017-09-14 Last Update Date : 2017-09-14


CVSS Scores & Vulnerability Types

CVSS Score

0.0

Confidentiality Impact ???
Integrity Impact ???
Availability Impact ???
Access Complexity ???
Authentication ???
Gained Access None
Vulnerability Type(s) Sql Injection
CWE ID CWE id is not defined for this vulnerability


Products Affected By CVE-2017-1002014

# Product Type Vendor Product Version Update Edition Language

No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days.


References For CVE-2017-1002014


Metasploit Modules Related To CVE-2017-1002014

CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE’s CVE web site.

CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE’s CWE web site.

OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE’s OVAL web site.

Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user’s risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.

Powered by WPeMatico

Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection via imgid parameter in image-

CVE-2017-1002013 : Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection via imgid parameter in image-

CVEdetails.com the ultimate security vulnerability data source

Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection via imgid parameter in image-gallery-with-slideshow/admin_setting.php.

Publish Date : 2017-09-14 Last Update Date : 2017-09-14


CVSS Scores & Vulnerability Types

CVSS Score

0.0

Confidentiality Impact ???
Integrity Impact ???
Availability Impact ???
Access Complexity ???
Authentication ???
Gained Access None
Vulnerability Type(s) Sql Injection
CWE ID CWE id is not defined for this vulnerability


Products Affected By CVE-2017-1002013

# Product Type Vendor Product Version Update Edition Language

No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days.


References For CVE-2017-1002013


Metasploit Modules Related To CVE-2017-1002013

CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE’s CVE web site.

CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE’s CWE web site.

OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE’s OVAL web site.

Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user’s risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.

Powered by WPeMatico