Lucene search
+L

63 matches found

Cvelist
Cvelist
added 2015/06/17 6:0 p.m.37 views

CVE-2015-4336

cloner.functions.php in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to execute arbitrary commands via a file containing filenames with shell metacharacters, as demonstrated by using the backup comments feature to create the file...

7.2AI score0.02669EPSS
Exploits2References3
CVE
CVE
added 2015/06/17 6:0 p.m.58 views

CVE-2015-4337

XCloner WordPress Plugin 3.1.2 contains an XSS vulnerability via the excl_manual parameter in the xcloner_show page (wpadmin/plugins.php) that can be exploited by authenticated remote users. Exploitation details from Patch/PacketStorm disclosures show the vulnerability path leading to executing c...

3.5CVSS5.4AI score0.01578EPSS
Exploits2References3Affected Software1
NVD
NVD
added 2015/06/10 6:59 p.m.26 views

CVE-2014-8605

The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! stores database backup files with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to a backup file in administrators/backups/...

5CVSS6.2AI score0.06926EPSS
Exploits2References2
NVD
NVD
added 2015/06/10 6:59 p.m.24 views

CVE-2014-8603

cloner.functions.php in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to execute arbitrary code via shell metacharacters in the 1 file name when creating a backup or vectors related to the 2 $CONFIGtarpath, 3 $exclude, 4 $CONFIG'tarcompress', 5...

6.5CVSS7.6AI score0.06197EPSS
Exploits2References2
Prion
Prion
added 2015/06/10 6:59 p.m.22 views

Improper access control

The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! stores database backup files with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to a backup file in administrators/backups/...

5CVSS6.7AI score0.06926EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2015/06/10 6:59 p.m.20 views

Directory traversal

Directory traversal vulnerability in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to read arbitrary files via a .. dot dot in the file parameter in a jsonreturn action in the xclonershow page to wp-admin/admin-ajax.php...

4CVSS7.2AI score0.0604EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2015/06/10 6:59 p.m.20 views

Information disclosure

cloner.functions.php in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to execute arbitrary code via shell metacharacters in the 1 file name when creating a backup or vectors related to the 2 $CONFIGtarpath, 3 $exclude, 4 $CONFIG'tarcompress', 5...

6.5CVSS8.3AI score0.06197EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2015/06/10 6:0 p.m.41 views

CVE-2014-8605

The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! stores database backup files with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to a backup file in administrators/backups/...

6.2AI score0.06926EPSS
Exploits2References2
Cvelist
Cvelist
added 2015/06/10 6:0 p.m.46 views

CVE-2014-8603

cloner.functions.php in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to execute arbitrary code via shell metacharacters in the 1 file name when creating a backup or vectors related to the 2 $CONFIGtarpath, 3 $exclude, 4 $CONFIG'tarcompress', 5...

7.6AI score0.06197EPSS
Exploits2References2
CVE
CVE
added 2015/06/10 6:0 p.m.53 views

CVE-2014-8603

The CVE-2014-8603 issue affects the XCloner Backup and Restore plugin for WordPress (3.1.1) and Joomla! (3.5.1). The vulnerability arises from cloner.functions.php, allowing remote code execution via shell metacharacters in the backup file name or in multiple configuration variables (e.g., tarpat...

6.5CVSS7.8AI score0.06197EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2015/06/10 6:0 p.m.54 views

CVE-2014-8604

The CVE-2014-8604 entry concerns the XCloner Backup and Restore plugin for WordPress (3.1.1) and Joomla (3.5.1). The vulnerability is that the plugin returns the MySQL password in cleartext to a configuration panel text box, allowing remote attackers to obtain sensitive information via unspecifie...

5CVSS6.4AI score0.06926EPSS
Exploits2References2Affected Software1
CNVD
CNVD
added 2015/06/09 12:0 a.m.7 views

WordPress Plugin XCloner Remote Command Execution Vulnerability

WordPress is the WordPress Software Foundation a set of blogging platform developed using the PHP language, the platform supports in PHP and MySQL server set up a personal blog site. XCloner is one of the plug-ins for backing up and restoring data and databases. A remote command execution...

6.5CVSS7.7AI score0.02669EPSS
Exploits2References1
Patchstack
Patchstack
added 2015/06/05 12:0 a.m.30 views

WordPress XCloner Plugin <= 3.1.2 - XSS

Because of this vulnerability, remote authenticated users can inject arbitrary web script or HTML in the xclonershow page via the "exclmanual" parameter to wpadmin/plugins.php. Solution Update the plugin...

3.5CVSS2.7AI score0.01578EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2015/06/05 12:0 a.m.32 views

WordPress XCloner Plugin <= 3.1.2 - Static Code Injection

Because of this vulnerability remote authenticated users can inject arbitrary PHP code into the language files via a Translation LMFRONT field for a language. Solution Update the plugin...

6.5CVSS4.8AI score0.02316EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
added 2014/12/01 12:0 a.m.54 views

XCloner Wordpress/Joomla! backup Plugin v3.1.1 &#40;Wordpress&#41; v3.5.1 &#40;Joomla!&#41; Vulnerabilities

Title: XCloner Wordpress/Joomla! backup Plugin v3.1.1 Wordpress v3.5.1 Joomla! Vulnerabilities Author: Larry W. Cashdollar, @larry0 Date: 10/17/2014 Download: https://wordpress.org/plugins/xcloner-backup-and-restore/ Download:...

7.7AI score
Exploits0
Patchstack
Patchstack
added 2014/11/10 12:0 a.m.23 views

WordPress XCloner Plugin - Multiple Vulnerabilities

XCloner plugin is prone to multiple vulnerabilities, such as: unauthenticated remote access to backup files via easily guessable file names, arbitrary command execution and authenticated remote file access. Also, clear text MySQL password exposure through HTML text box. Solution Upgrade the plugi...

6.5CVSS1.9AI score0.06197EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2014/11/04 12:0 a.m.22 views

WordPress XCloner Plugin <= 3.1.1 - Clear Text MySQL Database Password

Because of this vulnerability, the attackers can obtain sensitive information via unspecified vectors. Solution Update the plugin...

5CVSS5AI score0.06926EPSS
Exploits2References1Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.21 views

Wordpress XCloner Plugin 3.1.0 - CSRF Vulnerability

No description provided by source...

7.1AI score
Exploits0
NVD
NVD
added 2014/04/03 4:15 p.m.41 views

CVE-2014-2340

Cross-site request forgery CSRF vulnerability in the XCloner plugin before 3.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that create website backups via a request to wp-admin/plugins.php...

6.8CVSS6.9AI score0.02851EPSS
Exploits5References6
Prion
Prion
added 2014/04/03 4:15 p.m.26 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the XCloner plugin before 3.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that create website backups via a request to wp-admin/plugins.php...

6.8CVSS7.2AI score0.02851EPSS
Exploits5References6Affected Software1
Rows per page
Query Builder