WordPress Mobile Pack Plugin Information Disclosure Vulnerability

WordPress Mobile Pack Plugin is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2014-5337

The WordPress Mobile Pack plugin before 2.0.2 for WordPress does not properly restrict access to password protected posts, which allows remote attackers to obtain sensitive information via an exportarticles action to export/content.php...

Password Protected 1.4 - Login Process redirect_to Parameter Arbitrary Site Redirect

The Password Protected WordPress plugin was affected by a Login Process redirectto Parameter Arbitrary Site Redirect security vulnerability...

EServ 2.9x Password-Protected File Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3838/info EServ is a combination Mail, News, Web, FTP and Proxy Server for Microsoft Windows 9x/NT/2000 systems. It is possible to construct a web request which is capable of accessing the contents of password protected...

Blazix 1.2 Password Protected Directory Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5567/info Blazix is a freely available, open source web server written in Java. It is available for Linux and Microsoft Windows operating systems. Blazix does not properly handle some special characters when appended to...

CVE-2014-1613

Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code via a serialized object in the dcpasswd cookie to a password-protected page, which is not properly handled by 1 inc/public/lib.urlhandlers.php or 2 plugins/pages/public.php...

CVE-2014-1613

Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code via a serialized object in the dcpasswd cookie to a password-protected page, which is not properly handled by 1 inc/public/lib.urlhandlers.php or 2 plugins/pages/public.php...

Default credentials

Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code via a serialized object in the dcpasswd cookie to a password-protected page, which is not properly handled by 1 inc/public/lib.urlhandlers.php or 2 plugins/pages/public.php...

New Phishing attack targets Italian Postal and Financial service again

A phishing attack is a complex combination of technology and psychology. There are numerous ways in which people are being made fools and they can be conned by hitting on unsecured website links. Sophos experts detected this week an intriguing case of phishing against the Italian postal service...

Fedora 18 : wordpress-3.5.2-1.fc18 (2013-11630)

WordPress 3.5.2 is now available. This is the second maintenance release of 3.5, fixing 12 bugs. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. The WordPress security team resolved seven security issues, and this release also...

WordPress Denial of Service exploit

Hello 3APA3A! Here is my version of vnd's PoC https://vndh.net/note:wordpress-351-denial-service. This exploit is for Denial of Service vulnerability in WordPress 3.4 - 3.5.1. My version solves some issues in original PoC. Concerning this Denial of Service in WordPress. As I wrote last week in my...

CVE-2013-2173

wp-includes/class-phpass.php in WordPress 3.5.1, when a password-protected post exists, allows remote attackers to cause a denial of service CPU consumption via a crafted value of a certain wp-postpass cookie...

DEBIAN-CVE-2013-2173

wp-includes/class-phpass.php in WordPress 3.5.1, when a password-protected post exists, allows remote attackers to cause a denial of service CPU consumption via a crafted value of a certain wp-postpass cookie...

UBUNTU-CVE-2013-2173

wp-includes/class-phpass.php in WordPress 3.5.1, when a password-protected post exists, allows remote attackers to cause a denial of service CPU consumption via a crafted value of a certain wp-postpass cookie...

CVE-2013-2173

wp-includes/class-phpass.php in WordPress 3.5.1, when a password-protected post exists, allows remote attackers to cause a denial of service CPU consumption via a crafted value of a certain wp-postpass cookie...

CVE-2013-2173

wp-includes/class-phpass.php in WordPress 3.5.1, when a password-protected post exists, allows remote attackers to cause a denial of service CPU consumption via a crafted value of a certain wp-postpass cookie...

Wireless Disk PRO 2.3 iOS - Multiple Vulnerabilities

Title: ====== Wireless Disk PRO v2.3 iOS - Multiple Web Vulnerabilities Date: ===== 2013-02-26 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=883 VL-ID: ===== 883 Common Vulnerability Scoring System: ==================================== 6.2 Introduction: =============...

sudo -- Authentication bypass when clock is reset

Todd Miller reports: The flaw may allow someone with physical access to a machine that is not password-protected to run sudo commands without knowing the logged in user's password. On systems where sudo is the principal way of running commands as root, such as on Ubuntu and Mac OS X, there is a...

Wireless Disk PRO v2.3 iPad iPhone - Multiple Vulnerabilities

Document Title: =============== Wireless Disk PRO v2.3 iPad iPhone - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=883 Release Date: ============= 2013-02-25 Vulnerability Laboratory ID VL-ID: ==================================...

IBM Domino Password Protected DB Enumeration

It is possible to enumerate the password protected databases on the remote IBM Domino formerly IBM Lotus Domino Server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid59852; scriptversion"1.5";...