20 matches found
EUVD-2007-3656
Malware in sbrugna...
EUVD-2025-29009
Malicious code in bioql PyPI...
CVE-2025-9881
The Ultimate Blogroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...
CVE-2025-9881
The Ultimate Blogroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...
CVE-2025-9881 Ultimate Blogroll <= 2.5.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Ultimate Blogroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...
WordPress plugin Ultimate Blogroll 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
WordPress Ultimate Blogroll plugin <= 2.5.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability
Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin Ultimate Blogroll versions = 2.5.2...
CVE-2024-25090
Apache Roller is affected by a cross-site scripting (XSS) vulnerability due to insufficient input validation and sanitation in Profile name & screenname, Bookmark name & description, and blogroll name fields across versions 5.0.0 to 6.1.2. The issue can be exploited by an authenticated user to pe...
PT-2024-5531 · Apache · Apache Roller
Name of the Vulnerable Software and Affected Versions: Apache Roller versions 5.0.0 through 6.1.2 Description: The issue is caused by insufficient input validation and sanitation in features such as Profile name & screenname, Bookmark name & description, and blogroll name. This allows an...
Wordpress Spicy Blogroll Plugin - File Inclusion Vulnerability
No description provided by source. ?php // Title: Wordpress Plugin Spicy Blogroll File Inclusion Vulnerability // Date: 12-07-2013 GMT+8 Kuala Lumpur // Author: Ahlspiess // Greetz: All TBDIAN - http://w3.tbd.my : // Screenshot: http://i.imgur.com/jIrUznC.png / Details: File:...
DEBIAN-CVE-2010-5293
wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match...
WordPress Spicy Blogroll Plugin File Inclusion Vulnerability
WordPress Spicy Blogroll Plugin is prone to a file inclusion vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
WordPress Spicy Blogroll Local File Inclusion
\n", $argv0; list,$host, $path, $file = $argv; $vfile = 'http://%s%s/wp-content/plugins/spicy-blogroll/spicy-blogroll-ajax.php?var2=%s&var4=%s'; $request = sprintf$vfile, $host, $path, scrambledirname$file . "/", scramblebasename$file; $opts = array 'http'=array 'header' = "User-Agent: Mozilla/5....
Wordpress Spicy Blogroll Plugin - File Inclusion Vulnerability
Exploit for php platform in category web applications \n", $argv0; list,$host, $path, $file = $argv; $vfile = 'http://%s%s/wp-content/plugins/spicy-blogroll/spicy-blogroll-ajax.php?var2=%s&var4=%s'; $request = sprintf$vfile, $host, $path, scrambledirname$file . "/", scramblebasename$file; $opts =...
WordPress Plugin Spicy Blogroll - Local File Inclusion
\n", $argv0; list,$host, $path, $file = $argv; $vfile = 'http://%s%s/wp-content/plugins/spicy-blogroll/spicy-blogroll-ajax.php?var2=%s&var4=%s'; $request = sprintf$vfile, $host, $path, scrambledirname$file . "/", scramblebasename$file; $opts = array 'http'=array 'header' = "User-Agent: Mozilla/5....
WordPress Plugin Spicy Blogroll - Local File Inclusion
WordPress Plugin Spicy Blogroll - Local File Inclusion \n", $argv0; list,$host, $path, $file = $argv; $vfile = 'http://%s%s/wp-content/plugins/spicy-blogroll/spicy-blogroll-ajax.php?var2=%s&var4=%s'; $request = sprintf$vfile, $host, $path, scrambledirname$file . "/", scramblebasename$file; $opts ...
WordPress Spicy Blogroll Plugin - File Inclusion
WordPress Spicy Blogroll plugin is prone to a file inclusion vulnerability. Solution Update the plugin...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in DotClear 1.2.6 allow remote attackers to perform actions as arbitrary users via the 1 toolurl parameter to ecrire/tools.php and multiple fields on the 2 blogconf, 3 blogroll, 4 ecrire/redacteur.php, and 5 ecrire/userprefs.php pages...
CVE-2007-3688
Multiple cross-site request forgery CSRF vulnerabilities in DotClear 1.2.6 allow remote attackers to perform actions as arbitrary users via the 1 toolurl parameter to ecrire/tools.php and multiple fields on the 2 blogconf, 3 blogroll, 4 ecrire/redacteur.php, and 5 ecrire/userprefs.php pages...
Cross site scripting
Cross-site scripting XSS vulnerability in ecrire/tools.php in DotClear 1.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified form fields on the blogroll page...