This host is installed with WordPress Digital Zoom Studio (DZS) Video Gallery Plugin and is prone to multiple vulnerabilities.

Successful exploitation will allow remote attackers to execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server, result in loss of confidentiality and execute arbitrary commands. Impact Level: Application

No solution or patch is available as of 30th January, 2015. Information regarding this issue will updated once the solution details are available. For updates refer to http://digitalzoomstudio.net/

Multiple flaws exist as, - Input passed via 'designrand'and 'swfloc' parameters to dzs-videogallery/deploy/designer/preview.php script is not properly validated before returning it to users. - Direct request for the /videogallery.php and /admin/sliderexport.php scripts discloses the software's installation path. - Input passed via the 'src' parameter is not properly sanitized upon submission to the img.php script.

WordPress Digital Zoom Studio (DZS) Video Gallery Plugin

Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.

• http://packetstormsecurity.com/files/126846/
• http://seclists.org/fulldisclosure/2014/Jul/65
• http://www.osvdb.org/109046
• http://www.osvdb.org/109047
• http://www.osvdb.org/109048

---

Updated on 2015-03-25