WordPress Disqus Comment System Plugin <= 2.68 - Reflected XSS

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

4images Cross Site Scripting / Clickjacking

Affected software: 4images Type of vulnerability: clickjacking,xss URL: http://www.4homepages.de/ Discovered by: Provensec Website: http://www.provensec.com Description: 4images is a powerful web-based image gallery management system. Features include comment system, user registration and...

CVE-2014-5345

Cross-site scripting XSS vulnerability in upgrade.php in the Disqus Comment System plugin before 2.76 for WordPress allows remote attackers to inject arbitrary web script or HTML via the step parameter...

CVE-2014-5347

Multiple cross-site request forgery CSRF vulnerabilities in the Disqus Comment System plugin before 2.76 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 disqusreplace, 2 disquspublickey, or 3...

CVE-2014-5346

Multiple cross-site request forgery CSRF vulnerabilities in the Disqus Comment System plugin 2.77 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 activate or 2 deactivate the plugin via the active parameter to wp-admin/edit-comments.php, 3...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Disqus Comment System plugin 2.77 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 activate or 2 deactivate the plugin via the active parameter to wp-admin/edit-comments.php, 3...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Disqus Comment System plugin before 2.76 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 disqusreplace, 2 disquspublickey, or 3...

Cross site scripting

Cross-site scripting XSS vulnerability in upgrade.php in the Disqus Comment System plugin before 2.76 for WordPress allows remote attackers to inject arbitrary web script or HTML via the step parameter...

CVE-2014-5345

The CVE-2014-5345 entry concerns a Cross-Site Scripting (XSS) vulnerability in the Disqus Comment System WordPress plugin’s upgrade.php, exploitable via the step parameter in versions prior to 2.76. Affected software: Disqus Comment System plugin for WordPress (pre-2.76). Root cause: improper han...

CVE-2014-5345

Cross-site scripting XSS vulnerability in upgrade.php in the Disqus Comment System plugin before 2.76 for WordPress allows remote attackers to inject arbitrary web script or HTML via the step parameter...

CVE-2014-5346

Multiple cross-site request forgery CSRF vulnerabilities in the Disqus Comment System plugin 2.77 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 activate or 2 deactivate the plugin via the active parameter to wp-admin/edit-comments.php, 3...

CVE-2014-5347

Disqus Comment System plugin for WordPress (versions before 2.76) is affected by CSRF vulnerabilities that can allow an attacker to hijack an administrator’s authenticated session and trigger XSS via parameters to wp-admin/edit-comments.php (disqus_replace, disqus_public_key, disqus_secret_key) o...

CVE-2014-5346

The CVE-2014-5346 entry affects the WordPress Disqus Comment System plugin version 2.77. The vulnerability is Cross-Site Request Forgery (CSRF) that allows remote attackers to hijack the authentication of administrators for requests that (1) activate or (2) deactivate the plugin via the active pa...

MPCS <= 1.0 (path) Remote File Include Vulnerabilities

No description provided by source. ================================================================== Multi-Page Comment System RFI ================================================================== Info:- Scripts: Multi-Page Comment System MPCS Home: http://tpvgames.co.uk/web/mpcs/ Download:...

telepark wiki 2.4.23 - Multiple Vulnerabilities

No description provided by source. Abysssec Inc Public Advisory Title : Telepark Wiki Multiple Remote Vulnerabilities Affected Version : = v2.4.23 Vendor Site : www.teamtodo.com Discovery : www.Abysssec.com Vendor contact : 8 november Vendor response : 9 november patch is available in vendor...

Multi-Page Comment System CSRF/XSS Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

Disqus Comment System <= 2.68 - Reflected Cross-Site Scripting (XSS)

The Disqus Comment System WordPress plugin was affected by a Reflected Cross-Site Scripting XSS security vulnerability...

CVE-2010-4887

SQL injection vulnerability in the Commenting system Backend Module commentsbe extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

Anonymous Press Release for Journalists !

Anonymous Press Release for Journalists ! Today Anonymous Hackers Release a new Press Note for all those Journalists, who writing a story, and have come to their website to do research, or pull a quote. AnonNews uses an open-posting concept. Anyone can post to the site, and moderators will approv...

CVE-2009-4623

Multiple PHP remote file inclusion vulnerabilities in Advanced Comment System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the ACSpath parameter to 1 index.php and 2 admin.php in advancedcommentsystem/. NOTE: this might only be a vulnerability when the administrator has n...