2096 matches found
WordPress Flashnews Theme - Remote Code Execution
There are a bug in this theme, that allows any website visitor to run and see the output of any shortcode. This gives unauthenticated visitors the same power to execute code on the server as regular publishers have. Solution Update the theme...
WordPress Abstract Theme - Remote Code Execution
There are a bug in this theme, that allows any website visitor to run and see the output of any shortcode. This gives unauthenticated visitors the same power to execute code on the server as regular publishers have. Solution Update the theme...
WordPress Metamorphosis Theme - Remote Code Execution
There are a bug in this theme, that allows any website visitor to run and see the output of any shortcode. This gives unauthenticated visitors the same power to execute code on the server as regular publishers have. Solution Update the theme...
WordPress Continuum Theme - Remote Code Execution
There is a bug in this theme, that allows any website visitor to run and see the output of any shortcode. This gives unauthenticated visitors the same power to execute code on the server as regular publishers have. Solution Update the theme...
WordPress 3.5 - Shortcodes / Post Content Multiple Unspecified XSS
...
Wordpress Work-The-Flow Plugin 1.2.1 - Arbitrary File Upload
No description provided by source. !/usr/bin/env python -- coding: utf-8 -- from pocsuite.net import req from pocsuite.poc import Output, POCBase from pocsuite.utils import register from pocsuite.lib.utils.password import getWeakPassword from pocsuite.lib.utils.password import getLargeWeakPasswor...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in WordPress before 3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 gallery shortcodes or 2 the content of a post...
CVE-2013-0236
Multiple cross-site scripting XSS vulnerabilities in WordPress before 3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 gallery shortcodes or 2 the content of a post...
DEBIAN-CVE-2013-0236
Multiple cross-site scripting XSS vulnerabilities in WordPress before 3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 gallery shortcodes or 2 the content of a post...
CVE-2013-0236
Multiple cross-site scripting XSS vulnerabilities in WordPress before 3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 gallery shortcodes or 2 the content of a post...
CVE-2013-0236
Multiple cross-site scripting XSS vulnerabilities in WordPress before 3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 gallery shortcodes or 2 the content of a post...
CVE-2013-0236
CVE-2013-0236: WordPress before 3.5.1 has multiple XSS vulnerabilities via gallery shortcodes and post content. Affected component is WordPress core; root cause is improper sanitization of user input in these vectors. Impact per sources is partial integrity compromise (I:P) with no confidentialit...
CVE-2013-0236
Multiple cross-site scripting XSS vulnerabilities in WordPress before 3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 gallery shortcodes or 2 the content of a post...
[waraxe-2013-SA#105] - Multiple Vulnerabilities in Spider Catalog Wordpress Plugin
waraxe-2013-SA105 - Multiple Vulnerabilities in Spider Catalog Wordpress Plugin =================================================================================== Author: Janek Vind "waraxe" Date: 22. May 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-105.html Description of...
WordPress Plugin Spider Catalog 1.4.6 - Multiple Vulnerabilities
WordPress Plugin Spider Catalog 1.4.6 - Multiple Vulnerabilities waraxe-2013-SA105 - Multiple Vulnerabilities in Spider Catalog Wordpress Plugin =================================================================================== Author: Janek Vind "waraxe" Date: 22. May 2013 Location: Estonia,...
Twitter Downplays SMS-Spoofing Issue
Twitter officials say that a researcher’s claims that the service is open to an SMS-spoofing vulnerability are not completely accurate, and that Twitter users in the United States are not vulnerable to the attack. Moxie Marlinspike of Twitter’s security team said that the company in August had...