CVE-2015-5066

Multiple cross-site scripting XSS vulnerabilities in the MetalGenix GeniXCMS 0.0.3 allow remote attackers to inject arbitrary web script or HTML via the 1 content or 2 title field in an add action in the posts page to index.php or the 3 q parameter in the posts page to index.php...

Space permissions ignored in list of blog posts by date

h3. Summary Users have the ability to view a list of all blog posts, even from spaces in which they don't have permission to access. h3. Steps to Reproduce Install Confluence 5.7.x Create two spaces Space A Space B remove all permissions for confluence-users Create a blog post in Space A Create a...

Space permissions ignored in list of blog posts by date

h3. Summary Users have the ability to view a list of all blog posts, even from spaces in which they don't have permission to access. h3. Steps to Reproduce Install Confluence 5.7.x Create two spaces Space A Space B remove all permissions for confluence-users Create a blog post in Space A Create a...

Space permissions ignored in list of blog posts by date

h3. Summary Users have the ability to view a list of all blog posts, even from spaces in which they don't have permission to access. h3. Steps to Reproduce Install Confluence 5.7.x Create two spaces Space A Space B remove all permissions for confluence-users Create a blog post in Space A Create a...

WordPress Media File Manager Plugin <= 1.1.5 - Multiple Vulnerabilities

Because of multiple vulnerabilities in this plugin, attackers can delete or update posts, creating, removing, listing directories, moving, renaming or deleting files, blind SQL injection and cross site scripting. Solution There is no fix at this moment...

WordPress plugin Yet Another Related Posts '/wp-admin/options-general.php' cross-site request forgery vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up a personal blog site.Yet Another Related Posts Plugin for WordPress is a wordpress plugin. The WordPress plugin Yet Another Related Posts...

WordPress Yet Another Related Posts Plugin <= 4.2.4 - CSRF Vulnerability

Exploit for php platform in category web applications Homepage https://wordpress.org/plugins/yet-another-related-posts-plugin/ Affected Versions input type='hidden' name='autodisplayposttypespag...

Yet Another Related Posts Plugin (YARPP) 4.2.4 - CSRF / XSS / RCE

'Yet Another Related Posts Plugin' options can be updated with no token/nonce protection which an attacker may exploit via tricking website's administrator to enter a malformed page which will change YARPP options, and since some options allow html the attacker is able to inject malformed...

WordPress Plugin Yet Another Related Posts 4.2.4 - Cross-Site Request Forgery

WordPress Plugin Yet Another Related Posts 4.2.4 - Cross-Site Request Forgery Homepage https://wordpress.org/plugins/yet-another-related-posts-plugin/ Affected Versions input type='hidden' name='autodisplayposttypespage...

WordPress Yet Another Related Posts 4.2.4 CSRF / XSS / Code Execution

Homepage https://wordpress.org/plugins/yet-another-related-posts-plugin/ Affected Versions input type='hidden' name='autodisplaypostt...

WordPress Yet Another Related Posts Plugin <= 4.2.4 - CSRF

WordPress Yet Another Related Posts plugin is prone to a cross-site request forgery vulnerability. It allows an attacker to gain unauthorized access to the affected application by performing certain actions in the context of an authorized user's session. Solution Upgrade the plugin...

WordPress Related Posts Plugin <= 1.8.1 - Cross Site Scripting (XSS)

Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Upgrade the plugin...

WordPress Related Posts for WordPress plugin <= 1.8.1 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability discovered by Barry Kooij in WordPress Related Posts for WordPress plugin versions = 1.8.1. Solution Update the WordPress Related Posts for WordPress plugin to the latest available version at least 1.8.2...

Related Posts < 1.8.2 - XSS

The related-posts WordPress plugin was affected by a XSS security vulnerability...

WordPress Ajax Search Pro Remote Code Execution Vulnerability

This vulnerability allows any registered user to execute arbitrary functions Usage Info http://localhost/x/wordpress/wp-admin/admin-ajax.php?page=ajax-search-pro/backend/settings.php&action=wpdreams-ajaxinput post data:...

phpSFP - Schedule Facebook Posts 1.5.6 SQL Injection Vulnerability

phpSFP Schedule Facebook Posts version 1.5.6 suffers from a remote SQL injection vulnerability. | | / | \ | |/ |/ | / | | | | | | | | | | | | | / \ | | | || || | |\ | || | | / | | |/|| ||// \| phpSFP - Schedule Facebook Posts 1.5.6 SQL Injection 0-day Website :...

Design/Logic Flaw

The "menu sync" function in the WPML plugin before 3.1.9 for WordPress allows remote attackers to delete arbitrary posts, pages, and menus via a crafted request to sitepress-multilingual-cms/menu/menus-sync.php...

Telescope 0.9.2 - Markdown Persistent XSS Vulnerability

Exploit for php platform in category web applications Exploit Title: Persistent XSS via Markdown on Telescope = 0.9.2 Date: Aug 22 2014 Exploit Author: shubs Vendor Homepage: http://www.telescopeapp.org/ Software Link: https://github.com/TelescopeJS/Telescope Version: = 0.9.2 CVE : CVE-2014-5144...

WordPress Ajax Search Pro Remote Code Execution

------------------------------------------------------------------------------ WordPress ajax-search-pro Plugin Remote Code Execution ------------------------------------------------------------------------------ - Plugin Link:...

Telescope 0.9.2 - Markdown Persistent Cross-Site Scripting

Telescope 0.9.2 - Markdown Persistent Cross-Site Scripting Exploit Title: Persistent XSS via Markdown on Telescope = 0.9.2 Date: Aug 22 2014 Exploit Author: shubs Vendor Homepage: http://www.telescopeapp.org/ Software Link: https://github.com/TelescopeJS/Telescope Version: = 0.9.2 CVE :...