Web application abuses : WordPress Digital Zoom Studio (DZS) Video Gallery Plugin Multiple Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.804899

Categoría: Web application abuses

Título: WordPress Digital Zoom Studio (DZS) Video Gallery Plugin Multiple Vulnerabilities

Resumen: WordPress Digital Zoom Studio (DZS) Video Gallery Plugin is prone to multiple vulnerabilities.

Descripción: Summary:
WordPress Digital Zoom Studio (DZS) Video Gallery Plugin is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws exist as,

- Input passed via 'designrand'and 'swfloc' parameters to
dzs-videogallery/deploy/designer/preview.php script is not properly validated
before returning it to users.

- Direct request for the /videogallery.php and /admin/sliderexport.php scripts
discloses the software's installation path.

- Input passed via the 'src' parameter is not properly sanitized upon submission
to the img.php script.

Vulnerability Impact:
Successful exploitation will allow remote
attackers to execute arbitrary script code in a user's browser session within the
trust relationship between their browser and the server, result in loss of
confidentiality and execute arbitrary commands.

Affected Software/OS:
WordPress Digital Zoom Studio (DZS) Video
Gallery Plugin

Solution:
No known solution was made available
for at least one year since the disclosure of this vulnerability. Likely none will
be provided anymore. General solution options are to upgrade to a newer release,
disable respective features, remove the product or replace the product by another
one.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-9094
BugTraq ID: 108579
http://www.securityfocus.com/bid/108579
BugTraq ID: 68525
http://www.securityfocus.com/bid/68525
http://seclists.org/fulldisclosure/2014/Jul/65
http://websecurity.com.ua/7152/

Copyright Copyright (C) 2014 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.804899
Categoría:	Web application abuses
Título:	WordPress Digital Zoom Studio (DZS) Video Gallery Plugin Multiple Vulnerabilities
Resumen:	WordPress Digital Zoom Studio (DZS) Video Gallery Plugin is prone to multiple vulnerabilities.
Descripción:	Summary: WordPress Digital Zoom Studio (DZS) Video Gallery Plugin is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist as, - Input passed via 'designrand'and 'swfloc' parameters to dzs-videogallery/deploy/designer/preview.php script is not properly validated before returning it to users. - Direct request for the /videogallery.php and /admin/sliderexport.php scripts discloses the software's installation path. - Input passed via the 'src' parameter is not properly sanitized upon submission to the img.php script. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server, result in loss of confidentiality and execute arbitrary commands. Affected Software/OS: WordPress Digital Zoom Studio (DZS) Video Gallery Plugin Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-9094 BugTraq ID: 108579 http://www.securityfocus.com/bid/108579 BugTraq ID: 68525 http://www.securityfocus.com/bid/68525 http://seclists.org/fulldisclosure/2014/Jul/65 http://websecurity.com.ua/7152/
Copyright	Copyright (C) 2014 Greenbone AG