CVE-2008-0193

Cross-site scripting XSS vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp-admin/edit.php...

CVE-2008-0193

Cross-site scripting XSS vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp-admin/edit.php...

New Local file include, Directory traversal and Full path disclosure in WordPress

Здравствуйте 3APA3A! Сообщаю вам о найденной мною новых Local file include, Directory traversal и Full path disclosure уязвимостях в WordPress. Дыры в файлах edit.php и admin.php в параметре page Full path disclosure: http://site/wp-admin/edit.php?page= http://site/wp-admin/admin.php?page= Данные...

CVE-2007-5918

Cross-site request forgery CSRF vulnerability in edit.php in the MS TopSites add-on for PHP-Nuke does not verify that the uname parameter matches the current account, which allows remote authenticated users to change arbitrary accounts or change the SiteTitleName field as an arbitrary user via a...

CVE-2007-5918

Cross-site request forgery CSRF vulnerability in edit.php in the MS TopSites add-on for PHP-Nuke does not verify that the uname parameter matches the current account, which allows remote authenticated users to change arbitrary accounts or change the SiteTitleName field as an arbitrary user via a...

CVE-2007-5918

CVE-2007-5918 is a CSRF vulnerability in the MS TopSites add-on for PHP-Nuke. The flaw occurs in edit.php where the uname parameter is not verified against the current account, allowing a remote authenticated user to change arbitrary accounts or modify the SiteTitleName by supplying a modified un...

CVE-2007-4290

Multiple PHP remote file inclusion vulnerabilities in Guestbook Script 1.9 allow remote attackers to execute arbitrary PHP code via a URL in the scriptroot parameter to 1 delete.php, 2 edit.php, or 3 inc/common.inc.php; or 4 database.php, 5 entries.php, 6 index.php, 7 logout.php, or 8 settings.ph...

Sql injection

SQL injection vulnerability in bb-includes/formatting-functions.php in bbPress before 0.8.1 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors to forums/bb-edit.php, as demonstrated by a PRE element, aka the "quircky slashes bug."...

CVE-2007-3244

CVE-2007-3244 describes a SQL injection in bbPress prior to version 0.8.1. The vulnerability is in bb-includes/formatting-functions.php and can allow remote attackers to execute arbitrary SQL commands via unspecified vectors to forums/bb-edit.php, demonstrated by a PRE element (the “quirky slashe...

Authentication flaw

Pheap 2.0 allows remote attackers to bypass authentication by setting a pheaplogin cookie value to the administrator's username, which can be used to 1 obtain sensitive information, including the administrator password, via settings.php or 2 upload and execute arbitrary PHP code via an updatedoc...

CVE-2007-2985

Pheap 2.0 allows remote attackers to bypass authentication by setting a pheaplogin cookie value to the administrator's username, which can be used to 1 obtain sensitive information, including the administrator password, via settings.php or 2 upload and execute arbitrary PHP code via an updatedoc...

CVE-2007-1140

Directory traversal vulnerability in edit.php in pheap allows remote attackers to read and modify arbitrary files via a .. dot dot in the filename parameter...

CVE-2007-1140

Directory traversal vulnerability in edit.php in pheap allows remote attackers to read and modify arbitrary files via a .. dot dot in the filename parameter...

CVE-2007-1140

Directory traversal vulnerability in edit.php in pheap allows remote attackers to read and modify arbitrary files via a .. dot dot in the filename parameter...

CVE-2007-1140

The CVE-2007-1140 entry describes a directory traversal vulnerability in edit.php of the pheap application, where an attacker can supply a filename containing .. to read and modify arbitrary files. Affected component: pheap (edit.php). Root cause: improper validation of the filename parameter all...

CVE-2006-6016

wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified userid parameter...

CVE-2006-6016

CVE-2006-6016 affects WordPress components prior to 2.0.5. A remote authenticated user can access the metadata of arbitrary users by modifying the user_id parameter on wp-admin/user-edit.php. The underlying issue exposes partial confidentiality and is triggered by insufficient access control for ...

[ECHO_ADV_55$2006]Phpmybibli <=2.1 Multiple Remote File Inclusion Vulnerability

ECHOADV55$2006 ------------------------------------------------------------------------ ----------------------- ECHOADV55$2006Phpmybibli =2.1 Multiple Remote File Inclusion Vulnerability ------------------------------------------------------------------------ ----------------------- Author : Dedi...

CVE-2006-4208

Directory traversal vulnerability in wp-db-backup.php in Skippy WP-DB-Backup plugin for WordPress 1.7 and earlier allows remote authenticated users with administrative privileges to read arbitrary files via a .. dot dot in the backup parameter to edit.php...

CVE-2006-3063

The CVE-2006-3063 entry describes multiple cross-site scripting (XSS) vulnerabilities in myPHP Guestbook 1.x through 2.0.0-r1 and prior to 2.0.1 RC5. The flaw allows remote attackers to inject arbitrary script or HTML via user-supplied content in specific parameters across multiple pages: (a) ind...