32 matches found
EUVD-2017-1619
Malware in sbrugna...
EUVD-2017-1621
Malware in sbrugna...
EUVD-2017-1622
Malware in sbrugna...
EUVD-2017-1620
Malware in sbrugna...
WordPress DTracker plugin content injection vulnerability (CNVD-2017-31142)
WordPress is the WordPress Software Foundation's set of blogging platforms developed using the PHP language, which supports the setting up of personal blog sites on servers with PHP and MySQL.DTracker is one of the plugins used to track site downloads. A content injection vulnerability exists in...
WordPress DTracker plugin content injection vulnerability (CNVD-2017-31143)
WordPress is the WordPress Software Foundation's set of blogging platforms developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.DTracker is one of the plug-ins used to track site downloads. A content injection vulnerability exists in version 1.5 of...
CVE-2017-1002006
Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/savecontact.php doesn't check that the user is authorized before injecting new contacts into the wpcontact table...
Design/Logic Flaw
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contactid variable before adding it to the end of an SQL query...
CVE-2017-1002004
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/download.php user input isn't sanitized via the id variable before adding it to the end of an SQL query...
Security feature bypass
Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/savecontact.php doesn't check that the user is authorized before injecting new contacts into the wpcontact table...
Security feature bypass
Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/savemail.php doesn't check that the user is authorized before injecting new contacts into the wpcontact table...
Design/Logic Flaw
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/download.php user input isn't sanitized via the id variable before adding it to the end of an SQL query...
CVE-2017-1002005
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contactid variable before adding it to the end of an SQL query...
CVE-2017-1002007
Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/savemail.php doesn't check that the user is authorized before injecting new contacts into the wpcontact table...
CVE-2017-1002006
Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/savecontact.php doesn't check that the user is authorized before injecting new contacts into the wpcontact table...
CVE-2017-1002004
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/download.php user input isn't sanitized via the id variable before adding it to the end of an SQL query...
CVE-2017-1002007
Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/savemail.php doesn't check that the user is authorized before injecting new contacts into the wpcontact table...
CVE-2017-1002005
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contactid variable before adding it to the end of an SQL query...
CVE-2017-1002005
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contactid variable before adding it to the end of an SQL query...
CVE-2017-1002004
The CVE-2017-1002004 entry concerns the WordPress DTracker plugin (v1.5) with an SQL injection in dtracker/download.php where user input is not sanitized for the id parameter before appending to SQL queries. Public sources in the Connected documents describe multiple unauthenticated blind SQL inj...