CVE-2008-4732

SQL injection vulnerability in ajaxcomments.php in the WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the p parameter...

CVE-2008-4733

Cross-site scripting XSS vulnerability in wpcommentremix.php in WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the 1 replytotext, 2 quotetext, 3 originallypostedby, 4 sep, 5 maxtags, 6 tagsep, 7 tagheadersep, 8 taglabel, and 9...

WordPress WP Comment Remix Plugin <= 1.4.3 - SQL Injection

Because of this vulnerability in ajaxcomments.php, the attackers can execute arbitrary SQL commands via the "p" parameter. Solution Update the plugin...

WordPress WP Comment Remix Plugin <= 1.4.3 - CSRF

Because of this vulnerability, the attackers can perform unauthorized actions as administrators via a request that sets the "wpcrhiddenforminput" parameter. Solution Update the plugin...

WordPress WP Comment Remix Plugin <= 1.4.3 - XSS

Because of this vulnerability in wpcommentremix.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

Authentication flaw

PHP Jabbers Post Comment 3.0 allows remote attackers to bypass authentication and gain administrative access by setting the PostCommentsAdmin cookie to "logged."...

CVE-2008-4721

CVE-2008-4721 affects PHP Jabbers Post Comment 3.0. The vulnerability allows remote attackers to bypass authentication and gain administrative access by setting the PostCommentsAdmin cookie to "logged." The connected documents confirm the attack vector is via a manipulated cookie, leading to unau...

CVE-2008-4721

PHP Jabbers Post Comment 3.0 allows remote attackers to bypass authentication and gain administrative access by setting the PostCommentsAdmin cookie to "logged."...

CVE-2008-4616

The SpamBam plugin for WordPress allows remote attackers to bypass restrictions and add blog comments by using server-supplied values to calculate a shared key...

WordPress SpamBam Plugin - BYPASS

Because of this vulnerability, the attackers can bypass restrictions and add blog comments by using server-supplied values to calculate a shared key. Solution Update the plugin...

WP Comment Remix 1.4.3 Remote SQL Injection Exploit

No description provided by source. ?php / WP Comment Remix 1.4.3 SQL Injection Proof of Concept By g30rg3x g30rg3xatchxsecuritydotorg Advisory: http://chxsecurity.org/advisories/adv-3-full.txt PoC Mirror: http://chxsecurity.org/proof-of-concepts/wp-comment-remix-143.zip Attention: This is a...

WP Comment Remix < 1.4.4 - SQL Injection

The wp-comment-remix WordPress plugin was affected by a SQL Injection security vulnerability...

WP Comment Remix 1.4.3 Multiple Vulnerabilities

ChX Security | Advisory 3 | ========== - "WP Comment Remix 1.4.3 Multiple Vulnerabilities" - Advisory Information | =============== Title: WP Comment Remix 1.4.3 Multiple Vulnerabilities Author: g30rg3x g30rg3xatchxsecuritydotorg Advisory URL: http://chxsecurity.org/advisories/adv-3-full.txt Date...

wpcomment-multi.txt

ChX Security | Advisory 3 | ========== - "WP Comment Remix 1.4.3 Multiple Vulnerabilities" Advisory URL: http://chxsecurity.org/advisories/adv-3-full.txt Date of last update: 2008-10-13 CVE Name: -- Vulnerability Information | ================== Software: WP Comment Remix Version: 1.4.3 From:...

WordPress Plugin WP Comment Remix 1.4.3 - SQL Injection

WordPress Plugin WP Comment Remix 1.4.3 - SQL Injection Advisory: http://chxsecurity.org/advisories/adv-3-full.txt PoC Mirror: http://chxsecurity.org/proof-of-concepts/wp-comment-remix-143.zip Attention: This is a Proof-of-Concept it was never intended to be fully functional Notes: Uses cURL / //...

WordPress Plugin WP Comment Remix 1.4.3 - SQL Injection

Advisory: http://chxsecurity.org/advisories/adv-3-full.txt PoC Mirror: http://chxsecurity.org/proof-of-concepts/wp-comment-remix-143.zip Attention: This is a Proof-of-Concept it was never intended to be fully functional Notes: Uses cURL / // Script Header function head print "\n WP Comment Remix...

DEBIAN-CVE-2008-3747

The 1 geteditpostlink and 2 geteditcommentlink functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access by sniffing the network for a cookie...

Sql injection

SQL injection vulnerability in index.php in KbLance allows remote attackers to execute arbitrary SQL commands via the catid parameter in a comment action...

CVE-2008-2972

SQL injection vulnerability in index.php in KbLance allows remote attackers to execute arbitrary SQL commands via the catid parameter in a comment action...

CVE-2008-2972

SQL injection vulnerability in index.php in KbLance allows remote attackers to execute arbitrary SQL commands via the catid parameter in a comment action...