1083 matches found
wordpress -- remote sql injection vulnerability
Alexander Concha reports: While testing WordPress, it has been discovered a SQL Injection vulnerability that allows an attacker to retrieve remotely any user credentials from a vulnerable site, this bug is caused because of early database escaping and the lack of validation in query string like...
CVE-2007-4104
Multiple cross-site scripting XSS vulnerabilities in the WP-FeedStats before 2.4 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, one of which involves an rss2 feed with an invalid or missing blog with an XSS sequence in the query string...
Dora Emlak Script v1.0 (tr) Admin Login ByPass
Dora Emlak Script v1.0 tr Admin Login ByPass ilker kandemir ilkerkandemiratmynet.com Download: http://aspindir.com/goster/5027 TnX.: Ajann, Dumenci, H0tTurk, Str0ke Bug in ../dora/administartor/yonetim/patron/default.asp cookFirstLevel = Session"FirstLevelSecurity" 'Ilk Gьvenlik Session...
PHP parse_str() arbitrary variable overwrite
Title: PHP parsestr arbitrary variable overwrite Vendor: http://www.php.net/ Advisory: http://www.acid-root.new.fr/advisories/14070612.txt Author: DarkFig gmdarkfig at gmail dot com Written on: 2007/06/12 Released on: 2007/06/12 Risk level: Medium / High I.BACKGROUND Quote from php.net PHP is a...
CVE-2007-3087
Peercast places a cleartext password in a query string, which might allow attackers to obtain sensitive information by sniffing the network, or obtaining Referer or browser history information...
CVE-2007-2627
Cross-site scripting XSS vulnerability in sidebar.php in WordPress, when custom 404 pages that call getsidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string PHPSELF, a different vulnerability than CVE-2007-1622...
CVE-2006-7149
Multiple cross-site scripting XSS vulnerabilities in Mambo 4.6.x allow remote attackers to inject arbitrary web script or HTML via 1 the query string to a index.php, which reflects the string in an error message from modlogin.php; and the 2 mcname parameter to b moscomment.php and c comcomment.ph...
CVE-2006-7149
Multiple cross-site scripting XSS vulnerabilities in Mambo 4.6.x allow remote attackers to inject arbitrary web script or HTML via 1 the query string to a index.php, which reflects the string in an error message from modlogin.php; and the 2 mcname parameter to b moscomment.php and c comcomment.ph...
Cross site scripting
WebAPP before 0.9.9.5 does not properly filter certain characters in contexts related to 1 the query string, 2 Profiles, 3 the Forum Post icon field, 4 the Edit Profile, and 5 the Gallery, which has unknown impact and remote attack vectors, possibly related to cross-site scripting XSS...
CVE-2007-1177
WebAPP before 0.9.9.5 does not properly filter certain characters in contexts related to 1 the query string, 2 Profiles, 3 the Forum Post icon field, 4 the Edit Profile, and 5 the Gallery, which has unknown impact and remote attack vectors, possibly related to cross-site scripting XSS...
CVE-2007-1177
WebAPP before 0.9.9.5 does not properly filter certain characters in contexts related to 1 the query string, 2 Profiles, 3 the Forum Post icon field, 4 the Edit Profile, and 5 the Gallery, which has unknown impact and remote attack vectors, possibly related to cross-site scripting XSS...
CVE-2006-7087
CRLF injection vulnerability in the mail function in Dotdeb PHP before 5.2.0 Rev 3 allows remote attackers to bypass the protection scheme and inject arbitrary email headers via CRLF sequences in the query string, which is processed via the PHPSELF variable...
Cross site scripting
Cross-site scripting XSS vulnerability in buscador/buscador.htm in Portal Search allows remote attackers to inject arbitrary web script or HTML via the query string...
CVE-2007-0921
Portal Search allows remote attackers to redirect a URL to an arbitrary web site by placing the URL in the query string to the top-level URI...
Design/Logic Flaw
Portal Search allows remote attackers to redirect a URL to an arbitrary web site by placing the URL in the query string to the top-level URI...
Design/Logic Flaw
buscador/buscador.htm in Portal Search allows remote attackers to obtain sensitive information business logic via a query string composed of a search for certain characters...
CVE-2007-0922
Cross-site scripting XSS vulnerability in buscador/buscador.htm in Portal Search allows remote attackers to inject arbitrary web script or HTML via the query string...
CVE-2007-0891
Cross-site scripting XSS vulnerability in the GetCurrentCompletePath function in phpmyvisites.php in phpMyVisites before 2.2 allows remote attackers to inject arbitrary web script or HTML via the query string...
Cross site scripting
Cross-site scripting XSS vulnerability in the GetCurrentCompletePath function in phpmyvisites.php in phpMyVisites before 2.2 allows remote attackers to inject arbitrary web script or HTML via the query string...
CVE-2007-0891
Cross-site scripting XSS vulnerability in the GetCurrentCompletePath function in phpmyvisites.php in phpMyVisites before 2.2 allows remote attackers to inject arbitrary web script or HTML via the query string...