130 matches found
EUVD-2017-6220
Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb-prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks...
CVE-2017-14726
Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
wordpress -- multiple issues
wordpress developers report: Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL. Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name. Before versi...
WordPress Releases Security Update
WordPress versions prior to 4.8.2 are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website. US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.8.2. Th...
WordPress <=4.8.1 - Path traversal vulnerability (file unzipping code)
Path traversal vulnerability found by Alex Chapman noxrnet in WordPress file unzipping code version 4.8.1 and earlier versions. Solution Update the WordPress to the latest available version at least 4.8.2...
Metasploit Web UI - Diagnostic Console Command Execution Exploit
Exploit for multiple platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Metasploit Web UI Diagnostic Console Command Execution', 'Description...
WordPress Email Users 4.8.2 Cross Site Scripting
------------------------------------------------------------------------ Cross-Site Scripting vulnerability in Email Users WordPress Plugin ------------------------------------------------------------------------ Yorick Koster, July 2016...
DEBIAN-CVE-2013-1874
Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Trojan horse .csirc in the current working directory...
Fedora 20 : ghdl-0.31-1.fc20 (2014-1835)
Update to 0.31, which is baed on gcc 4.8.2 and thus fixes CVE-2012-3509 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...
Fedora 16 : qt-4.8.2-7.fc16 (2012-15203)
Build patched to disable SSL/TLS compression by default avoiding CRIME attacks, see also http://qt.digia.com/Release-Notes/security-issue-september-2012/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has...