6232 matches found
CVE-2014-4717
Multiple cross-site request forgery CSRF vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 ssbasharetext parameter in a save...
CVE-2014-4717
Multiple cross-site request forgery CSRF vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 ssbasharetext parameter in a save...
CVE-2014-4568
Cross-site scripting XSS vulnerability in posts/videowhisper/rlogout.php in the Video Posts Webcam Recorder plugin 1.55.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the message parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in posts/videowhisper/rlogout.php in the Video Posts Webcam Recorder plugin 1.55.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the message parameter...
CVE-2014-4568
Cross-site scripting XSS vulnerability in posts/videowhisper/rlogout.php in the Video Posts Webcam Recorder plugin 1.55.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the message parameter...
CVE-2014-4568
The CVE-2014-4568 entry refers to a Cross-Site Scripting (XSS) vulnerability in the Video Posts Webcam Recorder WordPress plugin. Affected is version 1.55.4 and earlier, with the issue located in posts/videowhisper/r_logout.php where the message parameter can be exploited to inject arbitrary web ...
Web Wiz Forums 9.68 SQLi Vulnerability
No description provided by source. ========================================= Web Wiz Forums 9.68 SQLi Vulnerability ========================================= Name : Web Wiz Forums 9.68 SQLi Vulnerability Date : june, 9 2010 Vendor url :http://www.webwiz.co.uk/webwizforums/ Platform: Windows...
GENU CMS 2012.3 - Multiple SQL Injection Vulnerabilities
No description provided by source. Title: ====== GENU CMS 2012.3 - Multiple SQL Injection Vulnerabilities Date: ===== 2012-04-30 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=538 VL-ID: ===== 538 Introduction: ============= GENU is a Content Management System written...
NPDS 4.8 News Message HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5797/info Problems with NPDS could make it possible to execute arbitrary script code in a vulnerable client. NPDS does not sufficiently filter potentially malicious HTML code from news posts. As a result, when a user view...
glfusion cms 1.2.1 - Stored XSS via img tag
No description provided by source. Exploit Title: glfusion CMS 1.2.1 stored XSS via img tag Date: 14-1-2010 Author: Saif El-Sherei Software Link: www.glfusion.org/filemgmt/viewcat.php?cid=1http://php.opensourcecms.com/scripts/redirect/download.php?id=33 Version: 1.2.1 Tested on: Firefox 3.0.15...
phpBB User Viewed Posts Tracker <= 1.0 File Include Vulnerability
No description provided by source. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= phpBB User Viewed Posts Tracker Version = 1.0 phpbbrootpath File Include Vulnerability...
WordPress Allow PHP in Posts and Pages plugin <= 2.0.0.RC1 - SQL Injection Vulnerability
No description provided by source. Exploit Title: WordPress Allow PHP in Posts and Pages plugin = 2.0.0.RC1 SQL Injection Vulnerability Date: 2011-08-18 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link:...
XGB Guestbook 1.2 User-Embedded Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4513/info xGB is guestbook software. It is written in PHP and will run on most Unix and Linux variants as well as Microsoft Windows operating systems. xGB allows users to post images in guestbook entries by using special...
WordPress 2.3.1 Unauthorized Post Access Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/26885/info WordPress is prone to a vulnerability that lets unauthorized users read draft posts before they have been published. This issue affects WordPress 2.3.1; other versions may also be affected. NOTE: This BID is...
Wordpress TimThumb 2.8.13 WebShot - Remote Code Execution Exploit
Exploit for php platform in category web applications | | / | \ | |/ |/ | / | | | | | | | | | | | | | / \ | | | || || | |\ | || | | / | | |/|| ||// \| Wordpress TimThumb 2.8.13 WebShot Remote Code Execution 0-day Affected website : a lot Wordpress Themes, Plugins, 3rd party components...
Wordpress Simple Share Buttons Adder Plugin 4.4 - Multiple Vulnerabilities
Exploit for php platform in category web applications Details ================ Software: Simple Share Buttons Adder Version: 4.4 Homepage: https://wordpress.org/plugins/simple-share-buttons-adder/ Advisory report:...
Multiple WordPress Plugins (TimThumb 2.8.13 / WordThumb 1.07) - 'WebShot' Remote Code Execution
| | / | \ | |/ |/ | / | | | | | | | | | | | | | / \ | | | || || | |\ | || | | / | | |/|| ||// \| Wordpress TimThumb 2.8.13 WebShot Remote Code Execution 0-day Affected website : a lot Wordpress Themes, Plugins, 3rd party components Exploit Author : @u0x Pichaya Morimoto Release dates :...
WordPress Video Posts Webcam Recorder Plugin <= 1.55.4 - XSS
Because of this vulnerability in posts/videowhisper/rlogout.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
CVE-2014-3937
SQL injection vulnerability in the Contextual Related Posts plugin before 1.8.10.2 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2013-3476
Cross-site request forgery CSRF vulnerability in the WordPress Related Posts plugin before 2.6.2 for WordPress allows remote attackers to hijack the authentication of users for requests that change settings via unspecified vectors...