63 matches found
CVE-2015-4336
cloner.functions.php in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to execute arbitrary commands via a file containing filenames with shell metacharacters, as demonstrated by using the backup comments feature to create the file...
CVE-2015-4337
XCloner WordPress Plugin 3.1.2 contains an XSS vulnerability via the excl_manual parameter in the xcloner_show page (wpadmin/plugins.php) that can be exploited by authenticated remote users. Exploitation details from Patch/PacketStorm disclosures show the vulnerability path leading to executing c...
CVE-2014-8605
The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! stores database backup files with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to a backup file in administrators/backups/...
CVE-2014-8603
cloner.functions.php in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to execute arbitrary code via shell metacharacters in the 1 file name when creating a backup or vectors related to the 2 $CONFIGtarpath, 3 $exclude, 4 $CONFIG'tarcompress', 5...
Improper access control
The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! stores database backup files with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to a backup file in administrators/backups/...
Directory traversal
Directory traversal vulnerability in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to read arbitrary files via a .. dot dot in the file parameter in a jsonreturn action in the xclonershow page to wp-admin/admin-ajax.php...
Information disclosure
cloner.functions.php in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to execute arbitrary code via shell metacharacters in the 1 file name when creating a backup or vectors related to the 2 $CONFIGtarpath, 3 $exclude, 4 $CONFIG'tarcompress', 5...
CVE-2014-8605
The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! stores database backup files with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to a backup file in administrators/backups/...
CVE-2014-8603
cloner.functions.php in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to execute arbitrary code via shell metacharacters in the 1 file name when creating a backup or vectors related to the 2 $CONFIGtarpath, 3 $exclude, 4 $CONFIG'tarcompress', 5...
CVE-2014-8603
The CVE-2014-8603 issue affects the XCloner Backup and Restore plugin for WordPress (3.1.1) and Joomla! (3.5.1). The vulnerability arises from cloner.functions.php, allowing remote code execution via shell metacharacters in the backup file name or in multiple configuration variables (e.g., tarpat...
CVE-2014-8604
The CVE-2014-8604 entry concerns the XCloner Backup and Restore plugin for WordPress (3.1.1) and Joomla (3.5.1). The vulnerability is that the plugin returns the MySQL password in cleartext to a configuration panel text box, allowing remote attackers to obtain sensitive information via unspecifie...
WordPress Plugin XCloner Remote Command Execution Vulnerability
WordPress is the WordPress Software Foundation a set of blogging platform developed using the PHP language, the platform supports in PHP and MySQL server set up a personal blog site. XCloner is one of the plug-ins for backing up and restoring data and databases. A remote command execution...
WordPress XCloner Plugin <= 3.1.2 - XSS
Because of this vulnerability, remote authenticated users can inject arbitrary web script or HTML in the xclonershow page via the "exclmanual" parameter to wpadmin/plugins.php. Solution Update the plugin...
WordPress XCloner Plugin <= 3.1.2 - Static Code Injection
Because of this vulnerability remote authenticated users can inject arbitrary PHP code into the language files via a Translation LMFRONT field for a language. Solution Update the plugin...
XCloner Wordpress/Joomla! backup Plugin v3.1.1 (Wordpress) v3.5.1 (Joomla!) Vulnerabilities
Title: XCloner Wordpress/Joomla! backup Plugin v3.1.1 Wordpress v3.5.1 Joomla! Vulnerabilities Author: Larry W. Cashdollar, @larry0 Date: 10/17/2014 Download: https://wordpress.org/plugins/xcloner-backup-and-restore/ Download:...
WordPress XCloner Plugin - Multiple Vulnerabilities
XCloner plugin is prone to multiple vulnerabilities, such as: unauthenticated remote access to backup files via easily guessable file names, arbitrary command execution and authenticated remote file access. Also, clear text MySQL password exposure through HTML text box. Solution Upgrade the plugi...
WordPress XCloner Plugin <= 3.1.1 - Clear Text MySQL Database Password
Because of this vulnerability, the attackers can obtain sensitive information via unspecified vectors. Solution Update the plugin...
Wordpress XCloner Plugin 3.1.0 - CSRF Vulnerability
No description provided by source...
CVE-2014-2340
Cross-site request forgery CSRF vulnerability in the XCloner plugin before 3.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that create website backups via a request to wp-admin/plugins.php...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the XCloner plugin before 3.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that create website backups via a request to wp-admin/plugins.php...