101 matches found
Debian Security Advisory DSA 3779-1 (wordpress - security update)
Several vulnerabilities were discovered in wordpress, a web blogging tool. They would allow remote attackers to hijack victims OpenVAS Vulnerability Test $Id: deb3779.nasl 6607 2017-07-07 12:04:25Z cfischer $ Auto-generated from advisory DSA 3779-1 using nvtgen 1.0 Script version: 1.0 Author:...
[SECURITY] [DLA 813-1] wordpress security update
Package : wordpress Version : 3.6.1+dfsg-1deb7u13 CVE ID : CVE-2017-5488 CVE-2017-5489 CVE-2017-5490 CVE-2017-5491 CVE-2017-5492 CVE-2017-5493 CVE-2017-5610 CVE-2017-5611 CVE-2017-5612 Debian Bug : 851310 852767 Several vulnerabilities were discovered in wordpress, a web blogging tool. The Common...
WordPress < 4.7.1 Multiple Vulnerabilities
Binary data 9894.prm...
CVE-2017-5489
Cross-site request forgery CSRF vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload...
CVE-2017-5489
Cross-site request forgery CSRF vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload...
CVE-2017-5489
CVE-2017-5489 affects WordPress before 4.7.1. It is a CSRF vulnerability that allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload. The impact is the hijack of user authentication with potential for unauthorized actions. WordPress p...
CVE-2017-5489
Cross-site request forgery CSRF vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload...
[ASA-201701-22] wordpress: multiple issues
Arch Linux Security Advisory ASA-201701-22 ========================================== Severity: High Date : 2017-01-15 CVE-ID : CVE-2016-10033 CVE-2016-10045 CVE-2017-5487 CVE-2017-5488 CVE-2017-5489 CVE-2017-5490 CVE-2017-5491 CVE-2017-5492 CVE-2017-5493 Package : wordpress Type : multiple issue...
CVE-2016-5489
CVE-2016-5489 is an unspecified vulnerability in the Oracle iStore component of Oracle E-Business Suite (versions 12.1.1–12.1.3, 12.2.3, 12.2.4) affecting the Runtime Catalog subcomponent. The issue allows remote attackers to impact confidentiality and integrity via Runtime Catalog related vector...
CVE-2015-5489
Cross-site scripting XSS vulnerability in the Smart Trim module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors involving the field settings form...
CVE-2015-5489
The Drupal Smart Trim module (7.x-1.x) is affected by an XSS vulnerability in versions prior to 7.x-1.5 due to insufficient input filtering in the field settings form. This allows remote authenticated users with certain permissions to inject arbitrary script/HTML. Impact is partial integrity loss...
CVE-2015-5489
Cross-site scripting XSS vulnerability in the Smart Trim module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors involving the field settings form...
CVE-2012-5489
CVE-2012-5489 affects Zope’s App.Undo.UndoSupport.get_request_var_or_attr in Zope versions before 2.12.21 and 3.13.x before 2.13.11, used by Plone before 4.2.3 and 4.3 before beta 1. The root cause is insufficient access control on restricted attributes, allowing remote authenticated users to acc...
CVE-2013-5489
The CVE-2013-5489 entry concerns Cisco SocialMiner gadgets that do not properly restrict the content of GET requests, allowing an unauthenticated, remote attacker to obtain sensitive information by reading web-server access logs, web-server Referer logs, or the browser history. The issue arises f...
SuSE 11.1 Security Update : libxml2 (SAT Patch Number 5489)
Specially crafted XPath expressions could have allowed attackers to cause a denial of service or possibly have unspecified other impact CVE-2011-2821 / CVE-2011-2834. This has been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...
CVE-2008-5489
SQL injection vulnerability in channeldetail.php in ClipShare Pro 4, and 2006 through 2007, allows remote attackers to execute arbitrary SQL commands via the chid parameter...
CVE-2008-5489
CVE-2008-5489 describes an SQL injection in ClipShare Pro 4 (and 2006–2007) via the chid parameter in channel_detail.php, allowing remote arbitrary SQL execution. Affected software: ClipShare Pro 4 (2006–2007). Root cause: unsanitized/chid parameter leading to injection. Impact: enables arbitrary...
CVE-2008-5489
creationtimestamp| type| source ---|---|--- 2008-11-15 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/7128 2013-03-27 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/24894...
CVE-2006-5489
The CVE-2006-5489 entry affects Research in Motion BlackBerry Enterprise Server 4.1 SP2 before Hotfix 1 for IBM Lotus Domino . The issue allows attackers with meeting organizer privileges to trigger a denial of service (application hang) by manipulating a deleted recurrent meeting instance when c...
CVE-2025-5489
...