36 matches found
EUVD-2008-0627
Malware in sbrugna...
EUVD-2008-0626
Malware in sbrugna...
EUVD-2008-0628
Malware in sbrugna...
EUVD-2008-0625
Malware in sbrugna...
CVE-2008-0618
Multiple cross-site scripting XSS vulnerabilities in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 gbname, 2 gbemail, 3 gburl, and 4 gbmsg parameters to unspecified programs. NOTE: the provenance of this information i...
WordPress Dmsguestbook Unauthenticated Data Injection
http://packetstormsecurity.com/user/evex/ Author:Evex Title: WordPress dmsguestbook Plugin File Manipulation Description: wordpress dmsguestbook plugin is vulnerable to a file manipulation security issue it allows an unauthenicated attacker to put text into existing text files only " . "saved",...
dmsguestbook 1.7.0 - Multiple Remote Vulnerabilities
The dmsguestbook WordPress plugin was affected by a Multiple Remote Vulnerabilities security vulnerability...
wordpress plugin dmsguestbook 1.7.0 - Multiple Vulnerabilities
No description provided by source. Wordpress Plugin dmsguestbook 1.7.0 Multiple Remote Vulnerabilities by NBBN 2nd, February 2008 1 File Disclosure Open the following url you can see the config data of wordpress, with the mysql-server username and password. In this file you usually have write...
CVE-2008-0617
Multiple cross-site scripting XSS vulnerabilities in the DMSGuestbook 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 file parameter to wp-admin/admin.php, or the 2 messagefield parameter in the guestbook page, and the 3 title parameter in the...
Sql injection
SQL injection vulnerability in the administration panel in the DMSGuestbook 1.7.0 plugin for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors. NOTE: it is not clear whether this issue crosses privilege boundaries...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the DMSGuestbook 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 file parameter to wp-admin/admin.php, or the 2 messagefield parameter in the guestbook page, and the 3 title parameter in the...
CVE-2008-0615
Directory traversal vulnerability in wp-admin/admin.php in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allows remote authenticated users to read arbitrary files via a .. dot dot in the 1 folder and 2 file parameters...
Directory traversal
Directory traversal vulnerability in wp-admin/admin.php in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allows remote authenticated users to read arbitrary files via a .. dot dot in the 1 folder and 2 file parameters...
CVE-2008-0616
SQL injection vulnerability in the administration panel in the DMSGuestbook 1.7.0 plugin for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors. NOTE: it is not clear whether this issue crosses privilege boundaries...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 gbname, 2 gbemail, 3 gburl, and 4 gbmsg parameters to unspecified programs. NOTE: the provenance of this information i...
CVE-2008-0616
SQL injection vulnerability in the administration panel in the DMSGuestbook 1.7.0 plugin for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors. NOTE: it is not clear whether this issue crosses privilege boundaries...
CVE-2008-0615
Directory traversal vulnerability in wp-admin/admin.php in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allows remote authenticated users to read arbitrary files via a .. dot dot in the 1 folder and 2 file parameters...
CVE-2008-0618
Multiple cross-site scripting XSS vulnerabilities in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 gbname, 2 gbemail, 3 gburl, and 4 gbmsg parameters to unspecified programs. NOTE: the provenance of this information i...
CVE-2008-0618
CVE-2008-0618 affects the WordPress DMSGuestbook plugin in versions 1.7.0 and 1.8.0. The issue is cross-site scripting (XSS) via the parameters gbname, gbemail, gburl, and gbmsg, allowing remote attackers to inject arbitrary scripts/HTML. Root cause is insecure handling of user-supplied input in ...
CVE-2008-0617
Multiple cross-site scripting XSS vulnerabilities in the DMSGuestbook 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 file parameter to wp-admin/admin.php, or the 2 messagefield parameter in the guestbook page, and the 3 title parameter in the...