CVE-2017-17627 – Readymade Video Sharing Script 3.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2017-17627
Readymade Video Sharing Script 3.2 has SQL Injection via the single-video-detail.php report_videos array parameter. Readymade Video Sharing Script 3.2 tiene una inyección SQL mediante el parámetro del array en single-video-detail.php. • https://www.exploit-db.com/exploits/43296 https://packetstormsecurity.com/files/145339/Readymade-Video-Sharing-Script-3.2-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2017-15956 – ConverTo Video Downloader & Converter 1.4.1 - Arbitrary File Download
https://notcve.org/view.php?id=CVE-2017-15956
ConverTo Video Downloader & Converter 1.4.1 allows Arbitrary File Download via the token parameter to download.php. ConverTo Video Downloader & Converter 1.4.1 permite la subida de archivos arbitrarios mediante el parámetro token en download.php. • https://www.exploit-db.com/exploits/42927 https://packetstormsecurity.com/files/144456/ConverTo-Video-Downloader-And-Converter-1.4.1-Arbitrary-File-Download.html • CWE-20: Improper Input Validation •
CVE-2016-1000148 – S3 Video <= 0.983 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-1000148
Reflected XSS in wordpress plugin s3-video v0.983 XSS reflejado en el plugin de wordpress s3-video v0.983 The S3 Video plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘media' parameter in versions up to, and including, 0.983 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • http://www.securityfocus.com/bid/93583 http://www.vapidlabs.com/wp/wp_advisory.php?v=240 https://wordpress.org/plugins/s3-video • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-7527 – Cool Video Gallery <= 1.9 - Authenticated Command Injection
https://notcve.org/view.php?id=CVE-2015-7527
lib/core.php in the Cool Video Gallery plugin 1.9 for WordPress allows remote attackers to execute arbitrary code via shell metacharacters in the "Width of preview image" and possibly other input fields in the "Video Gallery Settings" page. lib/core.php en el plugin Cool Video Gallery 1.9 para WordPress permite a atacantes remotos ejecutar código arbitrario a través de meta carácteres shell en el 'Ancho de la imagen de vista previa' y posiblemente en otros campos de entrada en la página 'Video Gallery Settings'. WordPress Cool Video Gallery plugin version 1.9 suffers from a remote command injection vulnerability. • http://packetstormsecurity.com/files/134626/WordPress-Cool-Video-Gallery-1.9-Command-Injection.html http://www.openwall.com/lists/oss-security/2015/12/02/9 http://www.securityfocus.com/archive/1/537051/100/0/threaded http://www.vapidlabs.com/advisory.php?v=158 https://wordpress.org/support/topic/command-injection-vulnerability-in-v19 https://wpvulndb.com/vulnerabilities/8348 • CWE-20: Improper Input Validation CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2015-5492
https://notcve.org/view.php?id=CVE-2015-5492
Cross-site scripting (XSS) vulnerability in the Video Consultation module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el módulo Video Consultation para Drupal, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2015/07/04/4 https://www.drupal.org/node/2484195 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •