23 matches found
CVE-2016-10762
The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used...
CVE-2016-10763
The CampTix Event Ticketing plugin before 1.5 for WordPress allows XSS in the admin section via a ticket title or body...
EUVD-2016-1757
Malware in sbrugna...
EUVD-2016-1756
Malware in sbrugna...
WordPress CampTix Event Ticketing Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.CampTix Event Ticketing is a ticketing system plugin used in it. WordPress CampTix Event Ticketing has a cross-site scripting...
WordPress CampTix Event Ticketing Plugin Command Injection Vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.CampTix Event Ticketing is a ticketing system plugin used in it. A command injection vulnerability exists in the WordPress CampTix Even...
CVE-2016-10763
The CampTix Event Ticketing plugin before 1.5 for WordPress allows XSS in the admin section via a ticket title or body...
CVE-2016-10763
The CampTix Event Ticketing plugin before 1.5 for WordPress allows XSS in the admin section via a ticket title or body...
CVE-2016-10762
The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used...
CVE-2016-10762
The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used...
Design/Logic Flaw
The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used...
Design/Logic Flaw
The CampTix Event Ticketing plugin before 1.5 for WordPress allows XSS in the admin section via a ticket title or body...
CVE-2016-10762
CVE-2016-10762 concerns the CampTix Event Ticketing WordPress plugin. The connected documents confirm that versions before 1.5 are vulnerable to CSV injection when using the export tool, arising from a CSV injection flaw in the plugin’s export functionality. The impact is described as CSV injecti...
CVE-2016-10762
The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used...
CVE-2016-10763
The CampTix Event Ticketing plugin before 1.5 for WordPress allows XSS in the admin section via a ticket title or body...
CVE-2016-10763
CVE-2016-10763 affects the CampTix Event Ticketing WordPress plugin prior to version 1.5, enabling stored XSS in the admin area via a ticket title or body. Root cause: improper handling of input in ticket fields leads to script execution. Affected product: CampTix plugin for WordPress (pre-1.5). ...
CampTix Event Ticketing <= 1.5.0 - CSV Injection Bypasses and XSS
The CampTix Event Ticketing WordPress plugin was affected by a CSV Injection Bypasses and XSS security vulnerability...
Ian Dunn: CSV Injection in Camptix
Hello, Ian! I see you tried to escape "=, -, +, @" in your code 151516, but let me show simple workaround. I've made CSV injection by using this string ";=cmd|' /C calc'!A5" without doublequotes. ";" will bypass your trying to set the quote in the beginning of the string. ";" acts as a new cell...
Ian Dunn: Send emails to all users using Camptix
Ian, This is my first stab at submitting a bug, and I'm not even sure it is one. Here's what I found. If an admin of a site using Camptix who is logged into the admin screen visits a malicious site which has access to a valid wpnonce value could send a large volume of spam to all ticket holders...
CampTix Event Ticketing <= 1.4.2 - CSV Injection and XSS
The CampTix Event Ticketing WordPress plugin was affected by a CSV Injection and XSS security vulnerability...