Lucene search
+L

186 matches found

CVE
CVE
added 2018/01/08 7:0 a.m.43 views

CVE-2018-5287

CVE-2018-5287 affects the WordPress GD Rating System plugin, version 2.3. A directory traversal flaw exists in the wp-admin/admin.php parameter for the gd-rating-system-about page, enabling an attacker to read arbitrary files on the server. Public CVSS metrics show base scores of 5.0 (NVD CVSS2) ...

7.5CVSS7.5AI score0.03699EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2018/01/08 7:0 a.m.49 views

CVE-2018-5292

The CVE-2018-5292 entry applies to WordPress GD Rating System plugin version 2.3, where an XSS vulnerability exists in the gd-rating-system-information page. The flaw is triggered by XSS via the wp-admin/admin.php panel parameter, enabling arbitrary script injection. Affected product: GD Rating S...

6.1CVSS6.1AI score0.01265EPSS
Exploits1References3Affected Software1
WPVulnDB
WPVulnDB
added 2018/01/08 12:0 a.m.23 views

GD Rating System 2.3 - Multiple Vulnerabilities

The GD Rating System WordPress plugin was affected by a Multiple Vulnerabilities security vulnerability...

5CVSS2.2AI score0.03699EPSS
Exploits8References1Affected Software1
CNVD
CNVD
added 2018/01/08 12:0 a.m.5 views

WordPress GD Rating System Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.GD Rating System plugin is used in one of the rating plugin. A cross-site scripting vulnerability exists in version...

6.1CVSS6AI score0.01265EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2017/02/24 12:0 a.m.20 views

GD Rating System < 2.1 - XSS

The GD Rating System WordPress plugin was affected by a XSS security vulnerability...

4.3CVSS2.2AI score0.00905EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2016/10/26 12:0 a.m.3 views

Cross-site scripting vulnerability in Wordpress plugin gd-rating-system

WordPress is a blogging platform developed using the PHP language that allows users to set up their own websites on servers that support PHP and MySQL databases. WordPress can also be used as a content management system CMS. Wordpress plugin gd-rating-system has an xss vulnerability due to improp...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2015/04/04 7:56 p.m.17 views

Firefox 37 arrives with Opportunistic Encryption support

Mozilla has rolled out the latest Version 37 of its Firefox browser for Windows desktop, Mac, Linux and Android operating systems. The new release also adds patches for 13 different security advisories along with some new security improvements as well as user-experience features. The biggest...

6.5AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.34 views

PostNuke Phoenix 0.72x Rating System Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7702/info some submissions to the rating system. Because of this, a remote attacker may be able to submit a string that causes a denial of service to legitmate users...

7.1AI score
Exploits0
ThreatPost
ThreatPost
added 2010/12/15 4:47 p.m.13 views

Ten Years Later, Rethinking Microsoft's Vuln Ratings

Microsoft’s vulnerability Severity Rating System is closing in on its tenth birthday. While the security landscape has been transformed during that time, the Ratings have endured. But do they still work? Threatpost asked prominent vulnerability researchers to give us their opinion. You may be...

8.2AI score
Exploits0References19
ThreatPost
ThreatPost
added 2010/12/14 7:45 p.m.15 views

After A Decade, Time To Rethink Microsoft's Vulnerability Ratings?

Security Experts will tell you that one year is a lifetime in the world of online threats and attacks. But eight years after Microsoft introduced its innovative severity rating system for software vulnerability, the company says its original definitions of what makes a software hole important sti...

8AI score
Exploits0References35
xssed
xssed
added 2007/09/27 12:0 a.m.12 views

Unfixed Redirect vulnerability at www.kanuni-42.k12.tr

Security researcher Narcoticxs, has submitted on 27/09/2007 a Redirect vulnerability affecting www.kanuni-42.k12.tr, which at the time of submission ranked 8508197 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 02/10/2007. It is currently...

Exploits0References1
NVD
NVD
added 2006/11/28 11:28 p.m.18 views

CVE-2006-6155

Multiple SQL injection vulnerabilities in addrating.php in HIOX Star Rating System Script HSRS 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 ipadd or 2 url parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from thi...

7.5CVSS8.2AI score0.01052EPSS
Exploits0References2
NVD
NVD
added 2006/11/28 11:28 p.m.17 views

CVE-2006-6154

PHP remote file inclusion vulnerability in addcode.php in HIOX Star Rating System Script HSRS 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter...

7.5CVSS7.6AI score0.03462EPSS
Exploits1References6
NVD
NVD
added 2006/11/28 11:28 p.m.16 views

CVE-2006-6156

Cross-site scripting XSS vulnerability in auth/message.php in HIOX Star Rating System Script HSRS 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string PHPSELF. NOTE: The provenance of this information is unknown; the details are obtained solely from...

4.3CVSS5.6AI score0.00888EPSS
Exploits0References2
Cvelist
Cvelist
added 2006/11/28 11:0 p.m.20 views

CVE-2006-6156

Cross-site scripting XSS vulnerability in auth/message.php in HIOX Star Rating System Script HSRS 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string PHPSELF. NOTE: The provenance of this information is unknown; the details are obtained solely from...

5.6AI score0.00888EPSS
Exploits0References2
Cvelist
Cvelist
added 2006/11/28 11:0 p.m.27 views

CVE-2006-6154

PHP remote file inclusion vulnerability in addcode.php in HIOX Star Rating System Script HSRS 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter...

7.6AI score0.03462EPSS
Exploits1References6
CVE
CVE
added 2006/11/28 11:0 p.m.43 views

CVE-2006-6155

CVE-2006-6155 involves multiple SQL injection vulnerabilities in addrating.php of the HIOX Star Rating System Script (HSRS) 1.0 and earlier. The flaws allow remote attackers to inject and execute arbitrary SQL commands via the (1) ipadd or (2) url parameters. The description notes this informatio...

7.5CVSS8.6AI score0.01052EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2006/11/28 11:0 p.m.44 views

CVE-2006-6154

The CVE-2006-6154 entry affects HIOX Star Rating System Script (HSRS) version 1.0 and earlier, with a PHP remote file inclusion flaw in addcode.php that allows an attacker to execute arbitrary PHP code via a URL parameter hm. This is described across NVD records; the base CVSSv2 score is 7.5 (HIG...

7.5CVSS7.9AI score0.03462EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2006/11/28 11:0 p.m.40 views

CVE-2006-6156

The CVE-2006-6156 entry describes a Cross-site scripting (XSS) vulnerability in the HIOX Star Rating System Script (HSRS) up to version 1.0, with the flaw located in auth/message.php and exploitable via the PHP_SELF query string. The underlying cause is unencoded user input that allows arbitrary ...

4.3CVSS5.8AI score0.00888EPSS
Exploits0References2Affected Software1
seebug.org
seebug.org
added 2006/11/26 12:0 a.m.35 views

HSRS 1.0 (addcode.php) Remote File Include Vulnerability

No description provided by source. --------------------------------------|| Viva Palestine ||----------------------------------------- --------------------------------------|| Free Saddam Hussien ||----------------------------------------- HSRS = 1.0 HIOX Star Rating System Script addcode.php...

7.1AI score
Exploits0
Rows per page
Query Builder