Lucene search
+L

8085 matches found

OSV
OSV
added 2012/01/30 5:55 p.m.5 views

UBUNTU-CVE-2011-4898

DISPUTED wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier generates different error messages for requests lacking a dbname parameter depending on whether the MySQL credentials are valid, which makes it easier for remote attackers to conduct brute-force attack...

5CVSS5.8AI score0.09551EPSS
Exploits7References2
OSV
OSV
added 2012/01/30 5:55 p.m.12 views

CVE-2012-0782

Multiple cross-site scripting XSS vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 dbhost, 2 dbname, or 3 uname parameter. NOTE: the vendor disputes the significance of...

5.1AI score
Exploits0References3
OSV
OSV
added 2012/01/30 5:55 p.m.8 views

DEBIAN-CVE-2012-0782

Multiple cross-site scripting XSS vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 dbhost, 2 dbname, or 3 uname parameter. NOTE: the vendor disputes the significance of...

4.3CVSS5.5AI score0.03751EPSS
Exploits7References1
OSV
OSV
added 2012/01/30 5:55 p.m.6 views

DEBIAN-CVE-2011-4898

wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier generates different error messages for requests lacking a dbname parameter depending on whether the MySQL credentials are valid, which makes it easier for remote attackers to conduct brute-force attacks via a...

5CVSS6.6AI score0.09551EPSS
Exploits7References1
OSV
OSV
added 2012/01/30 5:55 p.m.5 views

UBUNTU-CVE-2011-4899

DISPUTED wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not ensure that the specified MySQL database service is appropriate, which allows remote attackers to configure an arbitrary database via the dbhost and dbname parameters, and subsequently conduct...

7.5CVSS6.4AI score0.08982EPSS
Exploits8References2
OSV
OSV
added 2012/01/30 5:55 p.m.5 views

UBUNTU-CVE-2012-0782

DISPUTED Multiple cross-site scripting XSS vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 dbhost, 2 dbname, or 3 uname parameter. NOTE: the vendor disputes the...

4.3CVSS5.8AI score0.03751EPSS
Exploits7References2
OSV
OSV
added 2012/01/30 5:55 p.m.12 views

DEBIAN-CVE-2011-4899

wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not ensure that the specified MySQL database service is appropriate, which allows remote attackers to configure an arbitrary database via the dbhost and dbname parameters, and subsequently conduct static...

7.5CVSS7.5AI score0.08982EPSS
Exploits8References1
Vulnrichment
Vulnrichment
added 2012/01/30 5:0 p.m.20 views

CVE-2011-4899

wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not ensure that the specified MySQL database service is appropriate, which allows remote attackers to configure an arbitrary database via the dbhost and dbname parameters, and subsequently conduct static...

7AI score0.08982EPSS
Exploits8References3
Cvelist
Cvelist
added 2012/01/30 5:0 p.m.30 views

CVE-2012-0937

wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote attackers to use WordPress as a proxy for brute-force attacks or denial of service attacks via the dbhost...

6.4AI score0.08068EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2012/01/30 12:0 a.m.6 views

PT-2012-1988 · WordPress +1 · Wordpress +1

Name of the Vulnerable Software and Affected Versions: WordPress versions 3.3.1 and earlier Description: The installation component in WordPress generates different error messages for requests lacking a dbname parameter depending on whether the MySQL credentials are valid. This makes it easier fo...

5CVSS6.5AI score0.09551EPSS
Exploits7References16
Positive Technologies
Positive Technologies
added 2012/01/30 12:0 a.m.9 views

PT-2012-2868 · WordPress +1 · Wordpress +1

Name of the Vulnerable Software and Affected Versions: WordPress versions 3.3.1 and earlier Description: The issue allows remote attackers to inject arbitrary web script or HTML via the dbhost, dbname, or uname parameters in the wp-admin/setup-config.php file. The vendor disputes the significance...

4.3CVSS6.8AI score0.03751EPSS
Exploits7References15
Positive Technologies
Positive Technologies
added 2012/01/30 12:0 a.m.7 views

PT-2012-1989 · WordPress +1 · Wordpress +1

Name of the Vulnerable Software and Affected Versions: WordPress versions 3.3.1 and earlier Description: The installation component in WordPress does not ensure that the specified MySQL database service is appropriate, allowing remote attackers to configure an arbitrary database via the dbhost an...

7.5CVSS7AI score0.08982EPSS
Exploits8References15
Positive Technologies
Positive Technologies
added 2012/01/30 12:0 a.m.6 views

PT-2012-2964 · WordPress +1 · Wordpress +1

Name of the Vulnerable Software and Affected Versions: WordPress versions 3.3.1 and earlier Description: The issue allows remote attackers to use WordPress as a proxy for brute-force attacks or denial of service attacks via the dbhost parameter. This is possible because the installation component...

5CVSS6.9AI score0.08068EPSS
Exploits1References15
Packet Storm
Packet Storm
added 2012/01/25 12:0 a.m.162 views

WordPress 3.3.1 Code Execution / Cross Site Scripting

Trustwave's SpiderLabs Security Advisory TWSL2012-002: Multiple Vulnerabilities in WordPress https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt Published: 1/24/12 Version: 1.0 Vendor: WordPress http://wordpress.org/ Product: WordPress Version affected: 3.3.1 and prior Product...

7.5CVSS0.09551EPSS
Exploits10
seebug.org
seebug.org
added 2012/01/25 12:0 a.m.72 views

WordPress 3.3.1 Code Execution / Cross Site Scripting

No description provided by source. Trustwave's SpiderLabs Security Advisory TWSL2012-002: Multiple Vulnerabilities in WordPress https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt Published: 1/24/12 Version: 1.0 Vendor: WordPress http://wordpress.org/ Product: WordPress Version...

7.5CVSS6.4AI score0.09551EPSS
Exploits10
0day.today
0day.today
added 2012/01/25 12:0 a.m.76 views

WordPress <= 3.3.1 Multiple Vulnerabilities

Exploit for php platform in category web applications Trustwave's SpiderLabs Security Advisory TWSL2012-002: Multiple Vulnerabilities in WordPress Published: 1/24/12 Version: 1.0 Vendor: WordPress http://wordpress.org/ Product: WordPress Version affected: 3.3.1 and prior Product description:...

7.1AI score0.09551EPSS
Exploits10
Patchstack
Patchstack
added 2012/01/25 12:0 a.m.41 views

WordPress <= 3.3.1 - Multiple Vulnerabilities

WordPress version 3.3.1 is prone to PHP code execution and persistent cross-site scripting vulnerabilities via "setup-config.php" page. The attackers can host their own MySQL database server and then successfully complete the WordPress installation without having any valid credentials on the targ...

5CVSS2.1AI score0.09551EPSS
Exploits7References1Affected Software1
Patchstack
Patchstack
added 2012/01/18 12:0 a.m.28 views

WordPress <= 3.3.1 - Multiple XSS

Because of these vulnerabilities in wp-admin/setup-config.php, the attackers can inject arbitrary web script or HTML. Solution Update WordPress...

4.3CVSS1.6AI score0.03751EPSS
Exploits7References1Affected Software1
Packet Storm
Packet Storm
added 2012/01/16 12:0 a.m.51 views

WebTitan Appliance 3.50.x Script Insertion

Title: ====== WebTitan Appliance v3.50.x - Multiple Web Vulnerabilities Date: ===== 2012-01-13 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=89 VL-ID: ===== 89 Introduction: ============= WebTitan is a complete internet monitoring software web filter which provides...

7.4AI score
Exploits0
Vulnerability Lab
Vulnerability Lab
added 2012/01/12 12:0 a.m.32 views

WebTitan Appliance v3.50.x - Multiple Web Vulnerabilities

Document Title: =============== WebTitan Appliance v3.50.x - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=89 Release Date: ============= 2012-01-12 Vulnerability Laboratory ID VL-ID: ==================================== 89...

7.1AI score
Exploits0
Rows per page
Query Builder