EUVD-2012-4215

Malware in sbrugna...

EUVD-2014-8567

Malware in sbrugna...

WordPress Bad Behavior Plugin <= 2.2.18 - Cross-Site Request Forgery (CSRF)/Cross-Site Scripting (XSS) Vulnerabilities

Cross-Site Request Forgery CSRF/Cross-Site Scripting XSS vulnerabilities were found in WordPress Bad Behavior Plugin in 2.2.18 version. In the file /bad-behavior-wordpress-admin.php, settings are saved without any sanitization. When they are outputted on front-end, there's no escaping done...

CVE-2014-8735

The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x before 7.x-2.2216 for Drupal logs usernames and passwords, which allows remote authenticated users with the "administer bad behavior" permission to obtain sensitive information by reading a log file...

Information disclosure

The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x before 7.x-2.2216 for Drupal logs usernames and passwords, which allows remote authenticated users with the "administer bad behavior" permission to obtain sensitive information by reading a log file...

CVE-2014-8735

The Drupal Bad Behavior module (versions 6.x-2.x prior to 6.x-2.2216 and 7.x-2.x prior to 7.x-2.2216) allows information disclosure by logging usernames and passwords. This occurs because remote authenticated users with the "administer bad behavior" permission can read the module’s logs to obtain...

CVE-2014-8735

The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x before 7.x-2.2216 for Drupal logs usernames and passwords, which allows remote authenticated users with the "administer bad behavior" permission to obtain sensitive information by reading a log file...

SA-CONTRIB-2014-100 - Bad Behavior - Information Disclosure

This module enables you to to target any malicious software directed at a Web site, whether it be a spambot, ill-designed search engine bot, or system crackers. It blocks such access and then logs their attempts. Information Disclosure The module doesn't sufficiently sanitize log data, allowing...

CVE-2012-4271

Multiple cross-site scripting XSS vulnerabilities in bad-behavior-wordpress-admin.php in the Bad Behavior plugin before 2.0.47 and 2.2.x before 2.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO, 2 httpblkey, 3 httpblmaxage, 4 httpblthreat, 5...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in bad-behavior-wordpress-admin.php in the Bad Behavior plugin before 2.0.47 and 2.2.x before 2.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO, 2 httpblkey, 3 httpblmaxage, 4 httpblthreat, 5...

CVE-2012-4271

The CVE-2012-4271 entry describes multiple XSS vulnerabilities in the Bad Behavior WordPress plugin. Affected component: bad-behavior-wordpress-admin.php in the Bad Behavior plugin for WordPress. Vulnerable versions: before 2.0.47 and 2.2.x before 2.2.5. Attack mechanism: remote attackers could i...

CVE-2012-4271

Multiple cross-site scripting XSS vulnerabilities in bad-behavior-wordpress-admin.php in the Bad Behavior plugin before 2.0.47 and 2.2.x before 2.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO, 2 httpblkey, 3 httpblmaxage, 4 httpblthreat, 5...

WordPress Bad Behavior Plugin <= 2.2.4 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

WordPress Bad Behavior Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Wordpress Security audit bad-behavior plugin 1. Cross-site scripting reflected 1.1. http://127.0.0.1/wp-admin/options-general.php %3Cscript%3Ealert1%3C/script%3E parameter 1.2. http://127.0.0.1/wp-admin/options-general.php httpblkey parameter 1.3...