WordPress Plugin CataBlog 1.6 - admin.php Cross-Site Scripting

WordPress Plugin CataBlog 1.6 - admin.php Cross-Site Scripting source: https://www.securityfocus.com/bid/53520/info CataBlog plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to...

WordPress Plugin Track That Stat 1.0.8 - Cross-Site Scripting

WordPress Plugin Track That Stat 1.0.8 - Cross-Site Scripting source: https://www.securityfocus.com/bid/53551/info The Track That Stat plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this iss...

WordPress Plugin Sharebar 1.2.1 - SQL Injection Cross-Site Scripting

WordPress Plugin Sharebar 1.2.1 - SQL Injection Cross-Site Scripting source: https://www.securityfocus.com/bid/53532/info Sharebar plugin for WordPress is prone to multiple cross-site scripting and SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input. Successful...

WordPress Plugin Share and Follow 1.80.3 - 'admin.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/53533/info The Share and Follow plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

WordPress Plugin Dynamic Widgets 1.5.1 - 'themes.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/53513/info Dynamic Widgets plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

WordPress Plugin GRAND Flash Album Gallery 1.71 - 'admin.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/53511/info The GRAND Flash Album Gallery plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser o...

WordPress Plugin PDF & Print Button Joliprint 1.3.0 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/53519/info PDF & Print Button Joliprint plugin for WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the...

WordPress Plugin Leaflet Maps Marker 0.0.1 - 'leaflet_marker.php?id' Cross-Site Scripting

source: https://www.securityfocus.com/bid/53526/info The Leaflet plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting...

WordPress Plugin Track That Stat 1.0.8 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/53551/info The Track That Stat plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

WordPress Plugin WP-FaceThumb 0.1 - 'pagination_wp_facethum' Cross-Site Scripting

source: https://www.securityfocus.com/bid/53497/info WP-FaceThumb is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

Chevereto 1.91 - Uploadengine.php?v Cross-Site Scripting

Chevereto 1.91 - Uploadengine.php?v Cross-Site Scripting source: https://www.securityfocus.com/bid/53448/info Chevereto Image Upload Script is prone to a cross-site scripting vulnerability and an information-disclosure vulnerability because it fails to properly sanitize user-supplied input before...

OrangeHRM 2.7 RC - index.php?URI Cross-Site Scripting

OrangeHRM 2.7 RC - index.php?URI Cross-Site Scripting source: https://www.securityfocus.com/bid/53433/info OrangeHRM is prone to an SQL-injection and multiple cross-site scripting vulnerabilities. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication...

MyBB 1.6.7之前版本多个安全漏洞

BUGTRAQ ID: 53417 MyBB是一款流行的Web论坛程序。 MyBB 1.6.7之前版本在实现上存在多个安全漏洞，成功利用后可允许攻击者执行任意脚本代码、窃取Cookie身份验证凭证、控制应用、访问或修改数据或利用底层数据库中的其他漏洞并访问敏感数据。 0 MyBB 1.6.x MyBB 1.4.x 厂商补丁： MyBB ---- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.mybboard.com/...

OrangeHRM 2.7 RC - '/plugins/ajaxCalls/haltResumeHsp.php?newHspStatus' Cross-Site Scripting

source: https://www.securityfocus.com/bid/53433/info OrangeHRM is prone to an SQL-injection and multiple cross-site scripting vulnerabilities. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify...

Websense Triton - Multiple Vulnerabilities

Websense Triton - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/51086/info Websense Triton is prone to a remote command-execution vulnerability. An attacker can exploit this issue to execute arbitrary commands with SYSTEM-level privileges. Successfully exploiting this issue...

WordPress Zingiri Web Shop Plugin <= 2.4.2 - Persistent XSS

WordPress Zingiri Web Shop plugin is prone to persistent cross-site scripting vulnerabilities. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal...

MySQLDumper 1.24.4 - main.php Multiple Cross-Site Request Forgery Vulnerabilities

MySQLDumper 1.24.4 - main.php Multiple Cross-Site Request Forgery Vulnerabilities source: https://www.securityfocus.com/bid/53306/info MySQLDumper is prone to multiple security vulnerabilities, including: 1. Multiple cross-site scripting vulnerabilities. 2. A local file-include vulnerability. 3...

MySQLDumper 1.24.4 - &#039;install.php&#039; Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/53306/info MySQLDumper is prone to multiple security vulnerabilities, including: 1. Multiple cross-site scripting vulnerabilities. 2. A local file-include vulnerability. 3. Multiple cross-site request-forgery vulnerabilities. 4. Multiple...

MySQLDumper 1.24.4 - &#039;install.php?language&#039; Traversal Arbitrary File Access

source: https://www.securityfocus.com/bid/53306/info MySQLDumper is prone to multiple security vulnerabilities, including: 1. Multiple cross-site scripting vulnerabilities. 2. A local file-include vulnerability. 3. Multiple cross-site request-forgery vulnerabilities. 4. Multiple...

MySQLDumper 1.24.4 - &#039;filemanagement.php?f&#039; Traversal Arbitrary File Access

source: https://www.securityfocus.com/bid/53306/info MySQLDumper is prone to multiple security vulnerabilities, including: 1. Multiple cross-site scripting vulnerabilities. 2. A local file-include vulnerability. 3. Multiple cross-site request-forgery vulnerabilities. 4. Multiple...