970 matches found
CVE-2007-1244
Cross-site request forgery CSRF vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this issue can be leveraged to perform cross-site scripting X...
DEBIAN-CVE-2007-1244
Cross-site request forgery CSRF vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this issue can be leveraged to perform cross-site scripting X...
CVE-2007-1244
Cross-site request forgery CSRF vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this issue can be leveraged to perform cross-site scripting X...
[Full-disclosure] Remote Sql Injection in EasyMoblog 0.5.1 # 2
·= Security Advisory =· Issue: Sql injection Vulnerability in EasyMoblog by Umberto Caldera. Discovered Date: 30/01/07 Author: Tal Argoni, LegendaryZion. talargoni at gmail.com Product Vendor: http://sourceforge.net/project/showfiles.php?groupid=88633 Ver: easymoblog-0.5.1 Details: EasyMoblog is...
CVE-2006-6773
pages/register/register.php in Fishyshoop 0.930 beta allows remote attackers to create arbitrary administrative users by setting the isadmin HTTP POST parameter to 1...
NoahsClassifieds.txt
Noah's Classifieds is prone to a Cross Site Scripting Vulnerability, due to a failure in the application to properly sanitize the "frommethod" POST parameter in "index.php" : alert'XSS Vulnerable';" Advisory: http://zone14.free.fr/advisories/5/ --Raphael HUCK...
Noah's Classifieds Cross Site Scripting Vulnerability
Noah's Classifieds is prone to a Cross Site Scripting Vulnerability, due to a failure in the application to properly sanitize the "frommethod" POST parameter in "index.php" : html body form method="POST" enctype="multipart/form-data" action="http://www.example.com/classifieds/index.php" input...
CVE-2006-3267
SQL injection vulnerability in index.php in Infinite Core Technologies ICT 1.0 Gold and earlier allows remote attackers to execute arbitrary SQL commands via the post parameter...
Sql injection
SQL injection vulnerability in editpost.php in CoolForum 0.8.3 beta and earlier allows remote attackers to execute arbitrary SQL commands via the post parameter...
PT-2006-1442 · Rcblog · Rcblog
Name of the Vulnerable Software and Affected Versions: RCBlog version 1.03 Description: A directory traversal issue exists, allowing remote attackers to read arbitrary .txt files by using a .. dot dot in the post parameter of the index.php file. This could potentially include accessing a file tha...