104 matches found
CVE-2014-4847
CVE-2014-4847 concerns a cross-site scripting (XSS) flaw in the WordPress plugin “Random Banner” version 1.1.2.1. The vulnerability allows a remote attacker to inject arbitrary web script or HTML via the buffercode_RBanner_url_banner1 parameter in an update action to wp-admin/options.php. Affecte...
CVE-2014-4724
Cross-site scripting XSS vulnerability in the Custom Banners plugin 1.2.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the custombannersregisteredname parameter to wp-admin/options.php...
CVE-2014-4724
Cross-site scripting XSS vulnerability in the Custom Banners plugin 1.2.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the custombannersregisteredname parameter to wp-admin/options.php...
Search Everything 8.1.0 - options.php Unspecified CSRF
The Search Everything WordPress plugin was affected by an options.php Unspecified CSRF security vulnerability...
CVE-2014-2315
The CVE-2014-2315 entry concerns the WordPress plugin “Thank You Counter Button” (version 1.8.7) and is impacted by multiple stored XSS flaws. The vulnerability affects the parameters (thanks_caption, thanks_caption_style, thanks_style) passed to wp-admin/options.php, enabling remote attackers to...
WordPress Post to PDF 'options.php'跨站脚本漏洞
Bugtraq ID:65823 WordPress是一种使用PHP语言开发的博客平台,用户可以在支持PHP和MySQL数据库的服务器上架设自己的网志。 WordPress Post to PDF插件'options.php'不正确过滤用户提交的参数,远程攻击者可以利用漏洞构建恶意URI,诱使用户解析,可获得敏感Cookie,劫持会话或在客户端上进行恶意操作。 0 WordPress Post to PDF 2.3.1 目前没有详细解决方案提供: http://wordpress.org/plugins/...
WordPress PrintFriendly插件'options.php'多个跨站脚本漏洞
Bugtraq ID:65827 WordPress是一种使用PHP语言开发的博客平台,用户可以在支持PHP和MySQL数据库的服务器上架设自己的网志。 WordPress PrintFriendly 'options.php'不正确过滤用户提交的参数,远程攻击者可以利用漏洞构建恶意URI,诱使用户解析,可获得敏感Cookie,劫持会话或在客户端上进行恶意操作。 0 WordPress PrintFriendly 3.3.7 目前没有详细解决方案提供: http://wordpress.org/plugins/...
WordPress MU 1.3.2 - active_plugins option Code Execution
WordPress MU 1.3.2 - activeplugins option Code Execution Website : http://www.buayacorp.com/ Advisory: http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.html This exploit uses activeplugins option to execute arbitrary PHP / includeonce './class-snoopy.php'; // Fix Snoopy cla...
Sql injection
SQL injection vulnerability in options.php in WordPress 2.2.1 allows remote authenticated administrators to execute arbitrary SQL commands via the pageoptions parameter to 1 options-general.php, 2 options-writing.php, 3 options-reading.php, 4 options-discussion.php, 5 options-privacy.php, 6...
CVE-2007-4154
SQL injection vulnerability in options.php in WordPress 2.2.1 allows remote authenticated administrators to execute arbitrary SQL commands via the pageoptions parameter to 1 options-general.php, 2 options-writing.php, 3 options-reading.php, 4 options-discussion.php, 5 options-privacy.php, 6...
CVE-2007-4154
SQL injection vulnerability in options.php in WordPress 2.2.1 allows remote authenticated administrators to execute arbitrary SQL commands via the pageoptions parameter to 1 options-general.php, 2 options-writing.php, 3 options-reading.php, 4 options-discussion.php, 5 options-privacy.php, 6...
CVE-2007-4154
CVE-2007-4154: WordPress 2.2.1 contains an SQL injection vulnerability in options.php. Remote authenticated administrators can execute arbitrary SQL commands via the page_options parameter across (1) options-general.php, (2) options-writing.php, (3) options-reading.php, (4) options-discussion.php...
CVE-2007-4154
SQL injection vulnerability in options.php in WordPress 2.2.1 allows remote authenticated administrators to execute arbitrary SQL commands via the pageoptions parameter to 1 options-general.php, 2 options-writing.php, 3 options-reading.php, 4 options-discussion.php, 5 options-privacy.php, 6...
CVE-2007-4153
Multiple cross-site scripting XSS vulnerabilities in WordPress 2.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via 1 the Options Database Table in the Admin Panel, accessed through options.php; or 2 the opmlurl parameter to link-import.php. NOTE: this might...
WordPress <= 2.2.1 - SQL Injection
Because of this vulnerability in options.php, the authenticated administrators can execute arbitrary SQL commands via the "pageoptions" parameter. Solution Update WordPress...
Chatness 2.5.3 (options.php/save.php) Remote Code Execution Exploit
No description provided by source. ?/ Files: options.php, save.php Affects: Chatness = 2.5.3 Date: 12th April 2007 Issue Description: =========================================================================== Chatness suffers with two main vulnerabilities, the first of these in /admin/options.ph...
Chatness <= 2.5.3 (options.php/save.php) Remote Code Execution Exploit
Exploit for unknown platform in category web applications ====================================================================== Chatness = 2.5.3 options.php/save.php Remote Code Execution Exploit ====================================================================== ?/ Files: options.php, save.p...
Chatness 2.5.3 - '/options.php/save.php' Remote Code Execution
?/ Files: options.php, save.php Affects: Chatness = 2.5.3 Date: 12th April 2007 Issue Description: =========================================================================== Chatness suffers with two main vulnerabilities, the first of these in /admin/options.php the problems occur because the...
chatness253-multi.txt
?/ Files: options.php, save.php Affects: Chatness = 2.5.3 Date: 12th April 2007 Issue Description: =========================================================================== Chatness suffers with two main vulnerabilities, the first of these in /admin/options.php the problems occur because the...
Chatness 2.5.3 - options.phpsave.php Remote Code Execution
Chatness 2.5.3 - options.phpsave.php Remote Code Execution ?/ Files: options.php, save.php Affects: Chatness = 2.5.3 Date: 12th April 2007 Issue Description: =========================================================================== Chatness suffers with two main vulnerabilities, the first of...