Lucene search
K

34 matches found

Malwarebytes
Malwarebytes
added 2018/07/02 5:56 p.m.67 views

A week in security (June 25 – July 1)

Last week on Labs, we looked at comment moderation duties, Viagra spam on a news-making restaurant's website, and how to manage your child's online presence for Internet safety month. We also looked at a set of big breaches and leaks, as well as malware threats with a World Cup vibe. Other news...

1.7AI score
Exploits0
CNVD
CNVD
added 2015/09/16 12:0 a.m.5 views

Serendipity SQL Injection Vulnerability (CNVD-2015-06035)

Serendipity is a PHP-based blogging system developed by Serendipity team. The system supports the creation of online journals, blogs, web pages and more. An SQL injection vulnerability exists in the 'serendipitycheckCommentToken' function in the include/functionscomments.inc.php script in...

6CVSS8.4AI score0.01246EPSS
Exploits1References1
NVD
NVD
added 2015/09/15 6:59 p.m.14 views

CVE-2015-6943

SQL injection vulnerability in the serendipitycheckCommentToken function in include/functionscomments.inc.php in Serendipity before 2.0.2, when "Use Tokens for Comment Moderation" is enabled, allows remote administrators to execute arbitrary SQL commands via the serendipityid parameter to...

6CVSS8.3AI score0.01246EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2015/09/15 6:59 p.m.22 views

CVE-2015-6943

SQL injection vulnerability in the serendipitycheckCommentToken function in include/functionscomments.inc.php in Serendipity before 2.0.2, when "Use Tokens for Comment Moderation" is enabled, allows remote administrators to execute arbitrary SQL commands via the serendipityid parameter to...

6CVSS6.2AI score0.01246EPSS
Exploits1References5
Cvelist
Cvelist
added 2015/09/15 6:0 p.m.21 views

CVE-2015-6943

SQL injection vulnerability in the serendipitycheckCommentToken function in include/functionscomments.inc.php in Serendipity before 2.0.2, when "Use Tokens for Comment Moderation" is enabled, allows remote administrators to execute arbitrary SQL commands via the serendipityid parameter to...

8.3AI score0.01246EPSS
Exploits1References5
securityvulns
securityvulns
added 2015/05/11 12:0 a.m.50 views

WordPress 4.2 stored XSS

OVERVIEW ========== Current versions of WordPress are vulnerable to a stored XSS. An unauthenticated attacker can inject JavaScript in WordPress comments. The script is triggered when the comment is viewed. If triggered by a logged-in administrator, under default settings the attacker can leverag...

7.3AI score
Exploits0
Exploit DB
Exploit DB
added 2015/04/27 12:0 a.m.53 views

WordPress Core 4.2 - Persistent Cross-Site Scripting

Source: http://klikki.fi/adv/wordpress2.html Overview Current versions of WordPress are vulnerable to a stored XSS. An unauthenticated attacker can inject JavaScript in WordPress comments. The script is triggered when the comment is viewed. If triggered by a logged-in administrator, under default...

7.4AI score
Exploits0
Metasploit
Metasploit
added 2015/03/23 7:15 a.m.65 views

WordPress W3 Total Cache PHP Code Execution

This module exploits a PHP Code Injection vulnerability against WordPress plugin W3 Total Cache for versions up to and including 0.9.2.8. WP Super Cache 1.2 or older is also reported as vulnerable. The vulnerability is due to the handling of certain macros such as mfunc, which allows arbitrary PH...

9.8CVSS8.1AI score0.73862EPSS
Exploits4
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.19 views

Wordpress W3 Total Cache PHP Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

7.1AI score
Exploits0
0day.today
0day.today
added 2013/04/30 12:0 a.m.21 views

Wordpress W3 Total Cache PHP Code Execution Vulnerability

This Metasploit module exploits a PHP Code Injection vulnerability against Wordpress plugin W3 Total Cache for versions up to and including 0.9.2.8. WP Super Cache 1.2 or older is also reported as vulnerable. The vulnerability is due to the handling of certain macros such as mfunc, which allows...

8.1AI score
Exploits0
NVD
NVD
added 2012/06/21 3:55 p.m.16 views

CVE-2012-2716

Cross-site request forgery CSRF vulnerability in the Comment Moderation module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to hijack the authentication of administrators for requests that publish comments...

6.8CVSS7.1AI score0.00779EPSS
Exploits1References7
Prion
Prion
added 2012/06/21 3:55 p.m.13 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Comment Moderation module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to hijack the authentication of administrators for requests that publish comments...

6.8CVSS7.6AI score0.00779EPSS
Exploits1References7Affected Software1
CVE
CVE
added 2012/06/21 3:0 p.m.48 views

CVE-2012-2716

CVE-2012-2716 is a CSRF vulnerability in the Drupal Comment Moderation module (6.x-1.x) prior to 6.x-1.1. The issue stems from insufficient protection of the publish link URL, allowing remote attackers to perform actions as an administrative user to publish comments. Vulnerable component: Comment...

6.8CVSS7.3AI score0.00779EPSS
Exploits1References7Affected Software1
Drupal
Drupal
added 2012/05/30 12:0 a.m.23 views

SA-CONTRIB-2012-087 - Comment Moderation - Cross Site Request Forgery

This module enables you to moderate comments in an accelerated way, by providing a complete interface and all useful actions in a unique page. The module doesn't sufficiently protect the publish link URL, thus a Cross Site Request Forgery CSRF attack against an administrator could result in...

6.8CVSS6.5AI score0.00779EPSS
Exploits1References11
Rows per page
Query Builder