CVE-2017-18556

The bws-google-analytics plugin before 1.7.1 for WordPress has multiple XSS issues...

EUVD-2017-9643

Malware in sbrugna...

Cross site scripting

The WP Championship WordPress plugin before 9.3 is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary teams as well as update the plugin's settings. Due to the lack of sanitisation and escaping, it coul...

MGASA-2017-0142 Updated webmin packages fix security vulnerability

The webmin package has been updated to version 1.840, which fixes cross-site scripting XSS issues, and has other bug fixes and enhancements. See the upstream release announcements and change log for details...

MGASA-2015-0202 Updated wordpress packages fix security vulnerabilities

Updated wordpress packages fixes security vulnerabilities: The wordpress package has been updated to version 3.9.6, which fixes multiple cross-site scripting issues, including CVE-2015-3440, and other bugs. Note that upstream has advised us that WordPress 3.9.x is no longer supported. As this...

Adam Webb NukeJokes 1.7/2.0 Module modules.php jokeid Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/10306/info It has been reported that the NukeJokes module is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied user input...

Pligg CMS 9.9.0 - Cross-Site Scripting Local File Inclusion SQL Injection

Pligg CMS 9.9.0 - Cross-Site Scripting Local File Inclusion SQL Injection GulfTech Security Research July 30, 2008 Vendor : Pligg LLC URL : http://www.pligg.com/ Version : Pligg alertdocument.cookie; The above example link would display the end users cookie to them. Of course this can also be use...

vSpin Classified System 2004 - cat.asp?cat SQL Injection

vSpin Classified System 2004 - cat.asp?cat SQL Injection source: https://www.securityfocus.com/bid/21190/info vSpin Classified System is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because the application fails to sufficiently...

php < 4.3.8

The remote host is running a version of PHP 4.3 which is older or equal to 4.3.7. There is a bug in the remote version of this software which may allow an attacker to execute arbitrary code on the remote host if the option memorylimit is set. Another bug in the function striptags may allow an...

paFaq10beta4.txt

GulfTech Security Research June 20th, 2005 Vendor : php Arena URL : http://www.phparena.net/pafaq.php Version : paFAQ 1.0 Beta 4 Risk : Multiple Vulnerabilities Description: paFAQ is a FAQ/Knowledge base system that allows webmasters to keep an organized database of Frequently Asked Questions; a...

paFileDB <= 3.1 Multiple Vulnerabilities (2)

The remote host is running a version of paFileDB that is prone to a wide variety of vulnerabilities, including arbitrary file uploads, local file inclusion, SQL injection, and cross-site scripting issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...