36 matches found
EUVD-2008-0625
Malware in sbrugna...
EUVD-2008-0628
Malware in sbrugna...
EUVD-2008-0626
Malware in sbrugna...
EUVD-2008-0627
Malware in sbrugna...
CVE-2008-0618
Multiple cross-site scripting XSS vulnerabilities in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 gbname, 2 gbemail, 3 gburl, and 4 gbmsg parameters to unspecified programs. NOTE: the provenance of this information i...
WordPress Dmsguestbook Unauthenticated Data Injection
http://packetstormsecurity.com/user/evex/ Author:Evex Title: WordPress dmsguestbook Plugin File Manipulation Description: wordpress dmsguestbook plugin is vulnerable to a file manipulation security issue it allows an unauthenicated attacker to put text into existing text files only " . "saved",...
dmsguestbook 1.7.0 - Multiple Remote Vulnerabilities
The dmsguestbook WordPress plugin was affected by a Multiple Remote Vulnerabilities security vulnerability...
wordpress plugin dmsguestbook 1.7.0 - Multiple Vulnerabilities
No description provided by source. Wordpress Plugin dmsguestbook 1.7.0 Multiple Remote Vulnerabilities by NBBN 2nd, February 2008 1 File Disclosure Open the following url you can see the config data of wordpress, with the mysql-server username and password. In this file you usually have write...
Directory traversal
Directory traversal vulnerability in wp-admin/admin.php in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allows remote authenticated users to read arbitrary files via a .. dot dot in the 1 folder and 2 file parameters...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the DMSGuestbook 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 file parameter to wp-admin/admin.php, or the 2 messagefield parameter in the guestbook page, and the 3 title parameter in the...
Sql injection
SQL injection vulnerability in the administration panel in the DMSGuestbook 1.7.0 plugin for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors. NOTE: it is not clear whether this issue crosses privilege boundaries...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 gbname, 2 gbemail, 3 gburl, and 4 gbmsg parameters to unspecified programs. NOTE: the provenance of this information i...
CVE-2008-0616
SQL injection vulnerability in the administration panel in the DMSGuestbook 1.7.0 plugin for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors. NOTE: it is not clear whether this issue crosses privilege boundaries...
CVE-2008-0617
Multiple cross-site scripting XSS vulnerabilities in the DMSGuestbook 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 file parameter to wp-admin/admin.php, or the 2 messagefield parameter in the guestbook page, and the 3 title parameter in the...
CVE-2008-0615
Directory traversal vulnerability in wp-admin/admin.php in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allows remote authenticated users to read arbitrary files via a .. dot dot in the 1 folder and 2 file parameters...
CVE-2008-0615
Directory traversal vulnerability in wp-admin/admin.php in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allows remote authenticated users to read arbitrary files via a .. dot dot in the 1 folder and 2 file parameters...
CVE-2008-0616
SQL injection vulnerability in the administration panel in the DMSGuestbook 1.7.0 plugin for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors. NOTE: it is not clear whether this issue crosses privilege boundaries...
CVE-2008-0617
CVE-2008-0617 corresponds to multiple XSS flaws in the WordPress DMSGuestbook plugin (version 1.7.0). The weaknesses allow remote attackers to inject arbitrary script/HTML via parameters: file (wp-admin/admin.php), messagefield (guestbook page), and title (messagearea). Affected product: DMSGuest...
CVE-2008-0615
CVE-2008-0615 concerns the DMSGuestbook WordPress plugin, specifically versions 1.7.0 and 1.8.0. A directory traversal flaw in wp-admin/admin.php lets remote authenticated users read arbitrary files by supplying path traversal sequences in the folder and file parameters. The security impact is co...
CVE-2008-0618
Multiple cross-site scripting XSS vulnerabilities in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 gbname, 2 gbemail, 3 gburl, and 4 gbmsg parameters to unspecified programs. NOTE: the provenance of this information i...