Ninja Blog 4.8 - Cross-Site Request Forgery/HTML Injection

Vendor: http://ninjadesigns.co.uk Versions: Ninja Blog 4.8 May also affect earlier versions Credit: Danny Moules Critical: Yes See PUSH 55 Advisory at https://www.push55.co.uk/index.php?s=ad&id=7 ---- Due to insufficient validation of client-side data, we can inject script directly into the...

CVE-2008-4616

The SpamBam plugin for WordPress allows remote attackers to bypass restrictions and add blog comments by using server-supplied values to calculate a shared key...

Design/Logic Flaw

The SpamBam plugin for WordPress allows remote attackers to bypass restrictions and add blog comments by using server-supplied values to calculate a shared key...

CVE-2008-4616

The SpamBam plugin for WordPress allows remote attackers to bypass restrictions and add blog comments by using server-supplied values to calculate a shared key...

DEBIAN-CVE-2007-0541

WordPress allows remote attackers to determine the existence of arbitrary files, and possibly read portions of certain files, via pingback service calls with a source URI that corresponds to a local pathname, which triggers different fault codes for existing and non-existing files, and in certain...

Buddy Zone Version 1.0.1 - XSS

Buddy Zone Version 1.0.1 Homepage: http://www.vastal.com/buddy-zone-social-networking-script.html Affected files: Sending invitations Profiles Blogs Journals Posting comments Posting in the forum Sending mail Creating a group viewsubforum.php viewpost.php viewclassifieds.php viewad.php...