186 matches found
CVE-2018-5287
CVE-2018-5287 affects the WordPress GD Rating System plugin, version 2.3. A directory traversal flaw exists in the wp-admin/admin.php parameter for the gd-rating-system-about page, enabling an attacker to read arbitrary files on the server. Public CVSS metrics show base scores of 5.0 (NVD CVSS2) ...
CVE-2018-5292
The CVE-2018-5292 entry applies to WordPress GD Rating System plugin version 2.3, where an XSS vulnerability exists in the gd-rating-system-information page. The flaw is triggered by XSS via the wp-admin/admin.php panel parameter, enabling arbitrary script injection. Affected product: GD Rating S...
GD Rating System 2.3 - Multiple Vulnerabilities
The GD Rating System WordPress plugin was affected by a Multiple Vulnerabilities security vulnerability...
WordPress GD Rating System Plugin Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.GD Rating System plugin is used in one of the rating plugin. A cross-site scripting vulnerability exists in version...
GD Rating System < 2.1 - XSS
The GD Rating System WordPress plugin was affected by a XSS security vulnerability...
Cross-site scripting vulnerability in Wordpress plugin gd-rating-system
WordPress is a blogging platform developed using the PHP language that allows users to set up their own websites on servers that support PHP and MySQL databases. WordPress can also be used as a content management system CMS. Wordpress plugin gd-rating-system has an xss vulnerability due to improp...
Firefox 37 arrives with Opportunistic Encryption support
Mozilla has rolled out the latest Version 37 of its Firefox browser for Windows desktop, Mac, Linux and Android operating systems. The new release also adds patches for 13 different security advisories along with some new security improvements as well as user-experience features. The biggest...
PostNuke Phoenix 0.72x Rating System Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7702/info some submissions to the rating system. Because of this, a remote attacker may be able to submit a string that causes a denial of service to legitmate users...
Ten Years Later, Rethinking Microsoft's Vuln Ratings
Microsoft’s vulnerability Severity Rating System is closing in on its tenth birthday. While the security landscape has been transformed during that time, the Ratings have endured. But do they still work? Threatpost asked prominent vulnerability researchers to give us their opinion. You may be...
After A Decade, Time To Rethink Microsoft's Vulnerability Ratings?
Security Experts will tell you that one year is a lifetime in the world of online threats and attacks. But eight years after Microsoft introduced its innovative severity rating system for software vulnerability, the company says its original definitions of what makes a software hole important sti...
Unfixed Redirect vulnerability at www.kanuni-42.k12.tr
Security researcher Narcoticxs, has submitted on 27/09/2007 a Redirect vulnerability affecting www.kanuni-42.k12.tr, which at the time of submission ranked 8508197 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 02/10/2007. It is currently...
CVE-2006-6155
Multiple SQL injection vulnerabilities in addrating.php in HIOX Star Rating System Script HSRS 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 ipadd or 2 url parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from thi...
CVE-2006-6154
PHP remote file inclusion vulnerability in addcode.php in HIOX Star Rating System Script HSRS 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter...
CVE-2006-6156
Cross-site scripting XSS vulnerability in auth/message.php in HIOX Star Rating System Script HSRS 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string PHPSELF. NOTE: The provenance of this information is unknown; the details are obtained solely from...
CVE-2006-6156
Cross-site scripting XSS vulnerability in auth/message.php in HIOX Star Rating System Script HSRS 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string PHPSELF. NOTE: The provenance of this information is unknown; the details are obtained solely from...
CVE-2006-6154
PHP remote file inclusion vulnerability in addcode.php in HIOX Star Rating System Script HSRS 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter...
CVE-2006-6155
CVE-2006-6155 involves multiple SQL injection vulnerabilities in addrating.php of the HIOX Star Rating System Script (HSRS) 1.0 and earlier. The flaws allow remote attackers to inject and execute arbitrary SQL commands via the (1) ipadd or (2) url parameters. The description notes this informatio...
CVE-2006-6154
The CVE-2006-6154 entry affects HIOX Star Rating System Script (HSRS) version 1.0 and earlier, with a PHP remote file inclusion flaw in addcode.php that allows an attacker to execute arbitrary PHP code via a URL parameter hm. This is described across NVD records; the base CVSSv2 score is 7.5 (HIG...
CVE-2006-6156
The CVE-2006-6156 entry describes a Cross-site scripting (XSS) vulnerability in the HIOX Star Rating System Script (HSRS) up to version 1.0, with the flaw located in auth/message.php and exploitable via the PHP_SELF query string. The underlying cause is unencoded user input that allows arbitrary ...
HSRS 1.0 (addcode.php) Remote File Include Vulnerability
No description provided by source. --------------------------------------|| Viva Palestine ||----------------------------------------- --------------------------------------|| Free Saddam Hussien ||----------------------------------------- HSRS = 1.0 HIOX Star Rating System Script addcode.php...