5280 matches found
Path traversal
Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in map/map.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map parameter...
CVE-2012-0896
CVE-2012-0896 affects the WordPress Count Per Day plugin, via download.php the f parameter allows absolute path traversal to read arbitrary files. The issue is in Count Per Day
CVE-2012-0895
The CVE-2012-0895 issue affects the WordPress Count Per Day plugin; XSS vulnerability in map/map.php can be triggered via the map parameter and is present in versions before 3.1.1. Remediation: upgrade to version 3.1.1 or later. If upgrading is not possible, apply vendor advisories/workarounds fr...
tomcat: Multiple weaknesses in HTTP DIGEST authentication
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the...
WordPress Count-Per-Day File Download / Cross Site Scripting
Exploit Title: Count-per-day Wordpress plugin Arbitrary file download and XSS Version: '...
WordPress Count per Day Plugin Arbitrary File Download and XSS Vulnerabilities
The WordPress plugin SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; if description...
WordPress Plugin Count Per Day - Multiple Vulnerabilities
WordPress Plugin Count Per Day - Multiple Vulnerabilities Exploit Title: Count-per-day Wordpress plugin Arbitrary file download and XSS Version: '...
Wordpress Count-per-day plugin Multiple Vulnerabilities
Exploit for php platform in category web applications Exploit Title: Count-per-day Wordpress plugin Arbitrary file download and XSS Version: ' 0day.today 2018-03-03...
WordPress Count per Day Plugin - Multiple Vulnerabilities
WordPress Count per Day plugin is prone to multiple vulnerabilities such as XSS and user could call a remote script to download arbitrary file from the target system. Solution Update the plugin...
WordPress Plugin Count Per Day - Multiple Vulnerabilities
Exploit Title: Count-per-day Wordpress plugin Arbitrary file download and XSS Version: '...
tomcat: Multiple weaknesses in HTTP DIGEST authentication
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the...
http-open-redirect NSE Script
Spiders a website and attempts to identify open redirects. Open redirects are handlers which commonly take a URL as a parameter and responds with a HTTP redirect 3XX to the target. Risks of open redirects are described at . Only open redirects that are directly linked on the target website can be...
http-backup-finder NSE Script
Spiders a website and attempts to identify backup copies of discovered files. It does so by requesting a number of different combinations of the filename eg. index.bak, index.html, copy of index.html. Script Arguments http-backup-finder.maxpagecount the maximum amount of pages to visit. A negativ...
RealNetworks RealPlayer mp4arender esds channel count Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Realplayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
tomcat: Multiple weaknesses in HTTP DIGEST authentication
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the...
CVE-2011-1184
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the...
WordPress Count per Day plugin <= 2.17 SQL Injection Vulnerability
No description provided by source. Exploit Title: WordPress Count per Day plugin = 2.17 SQL Injection Vulnerability Date: 2011-09-05 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/count-per-day.2.17.zip Version: 2.17 tested Note...
WordPress Count Per Day 2.17 SQL Injection
Exploit Title: WordPress Count per Day plugin getresults'SELECT FROM '.$tableprefix.'cpdnotes WHERE 1 '.$where.' ORDER BY date DESC', ARRAYA;...
WordPress Count per Day Plugin 'month' Parameter SQL Injection Vulnerability
The SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; if description scriptoid"1.3.6.1.4.1.25623.1.0.103259";...