Anant Shrivastava

6 exploits Active since Jul 2014
CVE-2014-4940 EXPLOITDB text WORKING POC
Tera Charts 0.1 - Path Traversal via fn Parameter
Multiple directory traversal vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the fn parameter to (1) charts/treemap.php or (2) charts/zoomabletreemap.php.
CVE-2014-4940 EXPLOITDB text WORKING POC
Tera Charts 0.1 - Path Traversal via fn Parameter
Multiple directory traversal vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the fn parameter to (1) charts/treemap.php or (2) charts/zoomabletreemap.php.
CVE-2014-4938 EXPLOITDB text WORKING POC
WP Rss Poster <1.0.0 - SQL Injection
SQL injection vulnerability in the WP Rss Poster (wp-rss-poster) plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to wp-admin/admin.php.
CVE-2014-4937 EXPLOITDB text WRITEUP
BookX 1.7 - Path Traversal via File Parameter
Directory traversal vulnerability in includes/bookx_export.php BookX plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2014-4939 EXPLOITDB text WORKING POC
ENL Newsletter <1.0.1 - SQL Injection
SQL injection vulnerability in the ENL Newsletter (enl-newsletter) plugin 1.0.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the enl-add-new page to wp-admin/admin.php.
CVE-2014-5180 EXPLOITDB text WORKING POC
HDW Player Plugin 2.4.2 - Authenticated SQL Injection via id Parameter
SQL injection vulnerability in the videos page in the HDW Player Plugin (hdw-player-video-player-video-gallery) 2.4.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the edit action to wp-admin/admin.php.