34 matches found
A week in security (June 25 – July 1)
Last week on Labs, we looked at comment moderation duties, Viagra spam on a news-making restaurant's website, and how to manage your child's online presence for Internet safety month. We also looked at a set of big breaches and leaks, as well as malware threats with a World Cup vibe. Other news...
Serendipity SQL Injection Vulnerability (CNVD-2015-06035)
Serendipity is a PHP-based blogging system developed by Serendipity team. The system supports the creation of online journals, blogs, web pages and more. An SQL injection vulnerability exists in the 'serendipitycheckCommentToken' function in the include/functionscomments.inc.php script in...
CVE-2015-6943
SQL injection vulnerability in the serendipitycheckCommentToken function in include/functionscomments.inc.php in Serendipity before 2.0.2, when "Use Tokens for Comment Moderation" is enabled, allows remote administrators to execute arbitrary SQL commands via the serendipityid parameter to...
CVE-2015-6943
SQL injection vulnerability in the serendipitycheckCommentToken function in include/functionscomments.inc.php in Serendipity before 2.0.2, when "Use Tokens for Comment Moderation" is enabled, allows remote administrators to execute arbitrary SQL commands via the serendipityid parameter to...
CVE-2015-6943
SQL injection vulnerability in the serendipitycheckCommentToken function in include/functionscomments.inc.php in Serendipity before 2.0.2, when "Use Tokens for Comment Moderation" is enabled, allows remote administrators to execute arbitrary SQL commands via the serendipityid parameter to...
WordPress 4.2 stored XSS
OVERVIEW ========== Current versions of WordPress are vulnerable to a stored XSS. An unauthenticated attacker can inject JavaScript in WordPress comments. The script is triggered when the comment is viewed. If triggered by a logged-in administrator, under default settings the attacker can leverag...
WordPress Core 4.2 - Persistent Cross-Site Scripting
Source: http://klikki.fi/adv/wordpress2.html Overview Current versions of WordPress are vulnerable to a stored XSS. An unauthenticated attacker can inject JavaScript in WordPress comments. The script is triggered when the comment is viewed. If triggered by a logged-in administrator, under default...
WordPress W3 Total Cache PHP Code Execution
This module exploits a PHP Code Injection vulnerability against WordPress plugin W3 Total Cache for versions up to and including 0.9.2.8. WP Super Cache 1.2 or older is also reported as vulnerable. The vulnerability is due to the handling of certain macros such as mfunc, which allows arbitrary PH...
Wordpress W3 Total Cache PHP Code Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
Wordpress W3 Total Cache PHP Code Execution Vulnerability
This Metasploit module exploits a PHP Code Injection vulnerability against Wordpress plugin W3 Total Cache for versions up to and including 0.9.2.8. WP Super Cache 1.2 or older is also reported as vulnerable. The vulnerability is due to the handling of certain macros such as mfunc, which allows...
CVE-2012-2716
Cross-site request forgery CSRF vulnerability in the Comment Moderation module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to hijack the authentication of administrators for requests that publish comments...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the Comment Moderation module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to hijack the authentication of administrators for requests that publish comments...
CVE-2012-2716
CVE-2012-2716 is a CSRF vulnerability in the Drupal Comment Moderation module (6.x-1.x) prior to 6.x-1.1. The issue stems from insufficient protection of the publish link URL, allowing remote attackers to perform actions as an administrative user to publish comments. Vulnerable component: Comment...
SA-CONTRIB-2012-087 - Comment Moderation - Cross Site Request Forgery
This module enables you to moderate comments in an accelerated way, by providing a complete interface and all useful actions in a unique page. The module doesn't sufficiently protect the publish link URL, thus a Cross Site Request Forgery CSRF attack against an administrator could result in...