EZPZ One Click Backup <= 12.03.10 - Cross-Site Scripting (XSS)

The ezpz-one-click-backup WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

EZPZ One Click Backup <= 12.03.10 - Unauthenticated Command Execution

The ezpz-one-click-backup WordPress plugin was affected by an Unauthenticated Command Execution security vulnerability...

WordPress Plugin 'ezpz-one-click-backup' 'cmd' Parameter OS Code Execution Vulnerability

The ezpz-one-click-backup plugin for WordPress is prone to a remote code execution RCE vulnerability because it fails to properly validate user supplied input. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

MGASA-2013-0383 Updated chromium-browser-stable fixes multiple vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: Pinkie Pie discovered multiple memory corruption issues CVE-2013-6632. Andrey Labunets discovered that the wrong URL was used during validation in the one-click sign on helper CVE-2013-6634. cloudfuzzer discovered use-after-fr...

Cisco WebEx One-Click Detection

The remote host has Cisco WebEx One-Click installed. WebEx One-Click is a desktop client for WebEx's meeting software. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid69274; scriptversion"1.8"; scriptsetattributeattribute:"pluginmodificationdate", value:"2023/02/06";...

Cisco WebEx One-Click Password Disclosure

The remote host has a version of Cisco WebEx One-Click installed that stores credentials in the registry using a key that can be easily derived. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid69275; scriptversion"1.4";...

Cisco WebEx One-Click Client Password Encryption - Information Disclosure

Cisco WebEx One-Click Client Password Encryption - Information Disclosure // source: https://www.securityfocus.com/bid/61304/info Cisco WebEx One-Click Client is prone to an information disclosure vulnerability. Successful exploits may allow an attacker to disclose sensitive information such as...

Malicious Infrared X-Ray Android app infecting users in Japan

Researchers are already warning that malware authors developing more sophisticated attack techniques for mobile devices, using encryption and randomization or hiding malicious code in image files. As analyzed by Symantec a malicious Infrared X-Ray Android application, attempting to lure Android...

Malicious Infrared X-Ray Android app infecting users in Japan

Researchers are already warning that malware authors developing more sophisticated attack techniques for mobile devices, using encryption and randomization or hiding malicious code in image files. As analyzed by Symantec a malicious Infrared X-Ray Android application, attempting to lure Android...

About mysql explosion serious compilation vulnerabilities in login authentication problem description-bug warning-the black bar safety net

A while back,mysql explosion of a more serious compilation vulnerabilities in login authentication problem The affected version has All MariaDB and MySQL versions up to 5.1.61, 5.2.11, 5.3.5, 5.5.22 arevulnerable. MariaDB versions from 5.1.62, 5.2.12, 5.3.6, 5.5.23 are not. MySQL versions from...

WordPress EZPZ One Click Backup 12.03.10 Cross Site Scripting

Hi We have used our tool, THAPS, to identify vulnerabilities in this WordPress plugin. We have confirmed at least one of the reported vulnerabilities and created a working exploit located below. Attached is one or more log files containing the output of our tool, identifying the location of the...

CVE-2011-4677

One Click Orgs before 1.2.3 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation...

CVE-2011-4554

One Click Orgs before 1.2.3 allows remote authenticated users to trigger crafted SMTP traffic via 1 " double quote and newline characters in an org name or 2 " double quote characters in an e-mail address, related to a "2nd Order SMTP Injection" issue...

CVE-2011-4678

The password reset feature in One Click Orgs before 1.2.3 generates different error messages for failed reset attempts depending on whether the e-mail address is registered, which allows remote attackers to enumerate user accounts via a series of requests...

CVE-2011-4555

One Click Orgs before 1.2.3 does not require unique e-mail addresses for user accounts, which allows remote authenticated users to cause a denial of service login disruption or spoof votes or comments by selecting a conflicting e-mail address...

CVE-2011-4553

Multiple open redirect vulnerabilities in One Click Orgs before 1.2.3 allow 1 remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the returnto parameter, and allow 2 remote authenticated users to redirect users to arbitrary web sites and conduct phishing...

CVE-2011-4552

Multiple cross-site scripting XSS vulnerabilities in One Click Orgs before 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the description field of 1 a new vote or 2 the eject member proposal feature...

Code injection

One Click Orgs before 1.2.3 does not require unique e-mail addresses for user accounts, which allows remote authenticated users to cause a denial of service login disruption or spoof votes or comments by selecting a conflicting e-mail address...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in One Click Orgs before 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the description field of 1 a new vote or 2 the eject member proposal feature...

Open redirect

Multiple open redirect vulnerabilities in One Click Orgs before 1.2.3 allow 1 remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the returnto parameter, and allow 2 remote authenticated users to redirect users to arbitrary web sites and conduct phishing...