1125 matches found
WordPress Admin Pack By Site Caseiro 1.1 Cross Site Scripting
Title: WordPress 'Admin Pack by SITE CASEIRO' Plugin Version: 1.1 Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej Date: 2015-06-14 Download: - https://wordpress.org/plugins/admin-pack-by-site-caseiro/ - https://plugins.svn.wordpress.org/admin-pack-by-site-caseiro/ Notified WordPress: 2015-06-...
Zeuscart 4.0 - Multiple Vulnerabilities
Zeuscart 4.0 - Multiple Vulnerabilities Advisory: Multiple reflecting XSS-, SQLi and InformationDisclosure-vulnerabilities in Zeuscart v.4 Advisory ID: SROEADV-2015-12 Author: Steffen Rösemann Affected Software: Zeuscart v.4 Vendor URL: http://zeuscart.com/ Vendor Status: pending CVE-ID: will ask...
WordPress WP-FB-AutoConnect 4.0.5 CSRF / XSS
Title: WordPress 'WP-FB-AutoConnect' plugin - XSS/CSRF Version: 4.0.5 Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej Date: 2014/12/12 Download: https://wordpress.org/plugins/wp-fb-autoconnect/ Contacted WordPress: 2014/11/27 ----------------------------------------------------------------...
WordPress Timed Popup 1.3 CSRF / XSS
Title: WordPress 'Timed Popup' plugin - CSRF/XSS Version: 1.3 Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej Date: 2014/12/12 Download: https://wordpress.org/plugins/wp-timed-popup/ Notified WordPress: 2014/11/27 ---------------------------------------------------------------- Description:...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the CreativeMinds CM Downloads Manager plugin before 2.0.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the addonstitle parameter in the...
PT-2014-8839 · Creative Mind · Cm Download Manager
Name of the Vulnerable Software and Affected Versions: CreativeMinds CM Downloads Manager plugin versions prior to 2.0.7 Description: A cross-site request forgery CSRF issue allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS...
Portable router storage 0 DAY vulnerability that hackers can steal the privacy-vulnerability warning-the black bar safety net
Tenda router 4G301 model the presence of memory-typeXSScross-site scripting vulnerability vulnerability number: RSV-2 0 1 4-0 0 1 River. Rising security experts, the vulnerability is currently no official patch, belonging to the 0 DAY vulnerability, an attacker can carefully construct a malicious...
Subscribe To Comments Reloaded 140204 - options/index.php Admin Settings Manipulation CSRF
The Subscribe To Comments Reloaded WordPress plugin was affected by an options/index.php Admin Settings Manipulation CSRF security vulnerability...
Kandidat CMS 1.4.2 Stored Cross Site Scripting Vulnerability
No description provided by source. Vulnerability ID: HTB22648 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinkandidatcms.html Product: Kandidat CMS Vendor: Kan-Studio http://www.kan-studio.ru/ Vulnerable Version: 1.4.2 and probably prior versions Vendor Notification: 19 October 2010...
mini Hosting Panel - CSRF Change Admin Settings
No description provided by source. ----------------------------------------------------------------------------------------------- Title: mini Hosting Panel XSRF Change Admin Settings Author: Milos Zivanovic Email: milosz.securityatgmail.com Date: 14. December 2009...
Chipmunk Board Script 1.x - Multiple CSRF Vulnerabilities
No description provided by source. ------------------------------------------------------------------------------------------------- Title: Chipmunk Board Script 1.x Multiple XSRF Vulnerabilities Author: Milos Zivanovic Email: milosz.securityatgmail.comhttp://gmail.com Date: 11. December 2009...
e107 <= 0.7.8 - (photograph) Arbitrary File Upload Vulnerability
No description provided by source. / \ / \ | | | | | | | | | | | / | | | | | | | ' / | | ' \ / \ | | | | || | || | | | \ | | | | / | , |/ /|| ||| |||| / | |/ INFO: Program Title e107 = 0.7.8 - Arbitrary File Upload Description e107 is a content management system written in PHP and using the...
AccStatistics 1.1 - CSRF Vulnerability (Change Admin Settings)
No description provided by source. ------------------------------------------------------------------------------------------------- Title: AccStatistics v1.1 XSRF Vulnerability Change Admin Settings Author: Milos Zivanovic Date: 13. December 2009...
CVE-2012-6621
Multiple cross-site scripting XSS vulnerabilities in GetSimple CMS 3.1, 3.1.2, 3.2.3, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 Email Address or 2 Custom Permalink Structure fields in admin/settings.php; 3 path parameter to admin/upload.php; 4 err paramet...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in GetSimple CMS 3.1, 3.1.2, 3.2.3, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 Email Address or 2 Custom Permalink Structure fields in admin/settings.php; 3 path parameter to admin/upload.php; 4 err paramet...
CVE-2013-3535
Multiple cross-site scripting XSS vulnerabilities in CMSLogik 1.2.0 and 1.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 adminemail, 2 headertitle, 3 sitetitle parameter to admin/settings; 4 recaptchaprivate or 5 recaptchapublic parameter to admin/captchasettings; 6...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in CMSLogik 1.2.0 and 1.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 adminemail, 2 headertitle, 3 sitetitle parameter to admin/settings; 4 recaptchaprivate or 5 recaptchapublic parameter to admin/captchasettings; 6...
Free Monthly Websites 2.0 Administrator Remote Password Change
========================================================================================== Title : Free Monthly Websites 2.0 Administrator Remote Password Change Date : 10/04/2013 Name : Free Monthly Websites Affected Version : 2.0 Vendor : http://www.freemonthlywebsites2.com/ Category : Web...
Free Monthly Websites 2.0 - Admin Password Change
Free Monthly Websites 2.0 - Admin Password Change ========================================================================================== Title : Free Monthly Websites 2.0 Administrator Remote Password Change Date : 10/04/2013 Name : Free Monthly Websites Affected Version : 2.0 Vendor :...
Free Monthly Websites 2.0 - Admin Password Change
========================================================================================== Title : Free Monthly Websites 2.0 Administrator Remote Password Change Date : 10/04/2013 Name : Free Monthly Websites Affected Version : 2.0 Vendor : http://www.freemonthlywebsites2.com/ Category : Web...