CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2015-5682 – Powerplay Gallery <= 3.3 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2015-5682
upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to create arbitrary directories via vectors related to the targetDir variable. El plugin Powerplay Gallery 3.3 para WordPress presenta una vulnerabilidad en el archivo Upload.php, que permite a atacantes remotos crear directorios arbitrarios a través de vectores relacionados con la variable targetDir. • http://www.openwall.com/lists/oss-security/2015/07/27/8 http://www.vapid.dhs.org/advisory.php?v=132 • CWE-264: Permissions, Privileges, and Access Controls CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 4CVE-2015-5599 – Powerplay Gallery <= 3.3 - SQL Injection
https://notcve.org/view.php?id=CVE-2015-5599
Multiple SQL injection vulnerabilities in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) albumid or (2) name parameter. Vulnerabilidad de inyección SQL múltiple en upload.php en el plugin Powerplay Gallery 3.3 para WordPress, permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de un parámetro (1) albumid o (2) nombre. • http://packetstormsecurity.com/files/132671/WordPress-WP-PowerPlayGallery-3.3-File-Upload-SQL-Injection.html http://seclists.org/fulldisclosure/2015/Jul/64 http://www.openwall.com/lists/oss-security/2015/07/20/1 http://www.vapid.dhs.org/advisory.php?v=132 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3921 – Coppermine Gallery 1.5.34 XSS / Open Redirection
https://notcve.org/view.php?id=CVE-2015-3921
Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter. Vulnerabilidad de XSS en contact.php en Coppermine Photo Gallery anterior a 1.5.36 permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través del parámetro referer. Coppermine Gallery version 1.5.34 suffers from cross site scripting, open redirection, and directory enumeration vulnerabilities. • http://forum.coppermine-gallery.net/index.php/topic%2C78194.0.html http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html http://www.securityfocus.com/bid/74872 http://www.securitytracker.com/id/1032558 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3922 – Coppermine Gallery 1.5.34 XSS / Open Redirection
https://notcve.org/view.php?id=CVE-2015-3922
Open redirect vulnerability in mode.php in Coppermine Photo Gallery before 1.5.36 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter. Vulnerabilidad de la redirección abierta en mode.php en Coppermine Photo Gallery anterior a 1.5.36 permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a través de una URL en el parámetro referer. Coppermine Gallery version 1.5.34 suffers from cross site scripting, open redirection, and directory enumeration vulnerabilities. • http://forum.coppermine-gallery.net/index.php/topic%2C78194.0.html http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html http://www.securityfocus.com/bid/74869 http://www.securitytracker.com/id/1032558 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2015-3923 – Coppermine Gallery 1.5.34 XSS / Open Redirection
https://notcve.org/view.php?id=CVE-2015-3923
Coppermine Photo Gallery before 1.5.36 allows remote attackers to enumerate directories via a full path in the folder parameter to minibrowser.php. Coppermine Photo Gallery anterior a 1.5.36 permite a atacantes remotos enumerar directorios a través de una ruta completa en el parámetro folder en minibrowser.php. Coppermine Gallery version 1.5.34 suffers from cross site scripting, open redirection, and directory enumeration vulnerabilities. • http://forum.coppermine-gallery.net/index.php/topic%2C78194.0.html http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html http://www.securityfocus.com/bid/75140 http://www.securitytracker.com/id/1032558 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •