265 matches found
CVE-2007-3494
Papoo CMS 3.6, and possibly earlier, does not verify user privileges when accessing the backend administration plugins, which allows remote authenticated users to 1 read the entire database by accessing the database backup plugin via a devtools/templates/newdumpbackend.html argument in the templa...
GLSA-200611-10 : WordPress: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200611-10 WordPress: Multiple vulnerabilities 'random' discovered that users can enter serialized objects as strings in their profiles that will be harmful when unserialized. 'adapter' found out that user-edit.php fails to...
DEBIAN-CVE-2006-5705
Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequences in the 1 backup and 2 fragment parameters in a GET request...
CVE-2006-4208
Directory traversal vulnerability in wp-db-backup.php in Skippy WP-DB-Backup plugin for WordPress 1.7 and earlier allows remote authenticated users with administrative privileges to read arbitrary files via a .. dot dot in the backup parameter to edit.php...
CVE-2006-4208
CVE-2006-4208 describes a directory traversal in the Skippy WP-DB-Backup WordPress plugin (versions 1.7 and earlier). The flaw exists in wp-db-backup.php where an authenticated user with administrative privileges can read arbitrary files by supplying a ".." in the backup parameter to edit.php. Th...