38 matches found
WordPress defa-online-image-protector <=3.3 - Cross-Site Scripting
WordPress defa-online-image-protector 3.3 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...
WordPress Infusionsoft Gravity Forms <=1.5.11 - Cross-Site Scripting
WordPress plugin Infusionsoft 1.5.11 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...
WordPress AJAX Random Post <=2.00 - Cross-Site Scripting
WordPress AJAX Random Post 2.00 is vulnerable to reflected cross-site scripting. id: CVE-2016-1000127 info: name: WordPress AJAX Random Post =2.00 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress AJAX Random Post 2.00 is vulnerable to reflected cross-site scripting...
WordPress HDW Video Gallery <=1.2 - Cross-Site Scripting
WordPress HDW Video Gallery 1.2 and before contains a cross-site scripting vulnerability via mychannel.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...
Adobe AEM Dispatcher <4.15 - Rules Bypass
Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors. id: CVE-2016-0957 info: name: Adobe AEM Dispatcher 4.15 - Rules Bypass author: geeknik severity:...
WordPress WPSOLR <=8.6 - Cross-Site Scripting
WordPress WPSOLR 8.6 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credential...
Opsview Monitor Pro - Open Redirect
Opsview Monitor Pro before 5.1.0.162300841, before 5.0.2.27475, before 4.6.4.162391051, and 4.5.x without a certain 2016 security patch contains an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via the back parameter to the login...
SAP xMII 15.0 for SAP NetWeaver 7.4 - Local File Inclusion
SAP xMII 15.0 for SAP NetWeaver 7.4 is susceptible to a local file inclusion vulnerability in the GetFileList function. This can allow remote attackers to read arbitrary files via a .. dot dot in the path parameter to /Catalog, aka SAP Security Note 2230978. id: CVE-2016-2389 info: name: SAP xMII...
Fortinet FortiOS - Open Redirect/Cross-Site Scripting
FortiOS Web User Interface in 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting attacks via the "redirect" parameter to "login." id: CVE-2016-3978 info: name: Fortin...
WordPress Hero Maps Pro 2.1.0 - Cross-Site Scripting
WordPress Hero Maps Pro 2.1.0 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials...
WordPress Pondol Form to Mail <=1.1 - Cross-Site Scripting
WordPress Pondol Form to Mail 1.1 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authenticati...
Sony IPELA Engine IP Camera - Hardcoded Account
Multiple SONY network cameras are vulnerable to sensitive information disclosure via hardcoded credentials. id: CVE-2016-7834 info: name: Sony IPELA Engine IP Camera - Hardcoded Account author: af001 severity: high description: | Multiple SONY network cameras are vulnerable to sensitive informati...
WordPress anti-plagiarism <=3.60 - Cross-Site Scripting
WordPress anti-plagiarism 3.6.0 and prior are vulnerable to reflected cross-site scripting. id: CVE-2016-1000128 info: name: WordPress anti-plagiarism 3.60 or apply the latest security patches provided by the vendor. reference: - http://www.vapidlabs.com/wp/wpadvisory.php?v=161 -...
WordPress forget-about-shortcode-buttons 1.1.1 - Cross-Site Scripting
Wordpress plugin forget-about-shortcode-buttons 1.1.1 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...
WordPress New Year Firework <=1.1.9 - Cross-Site Scripting
WordPress New Year Firework 1.1.9 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authenticati...
WordPress Tidio-form <=1.0 - Cross-Site Scripting
WordPress tidio-form1.0 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and...
NETGEAR DGN2200 / DGND3700 - Admin Password Disclosure
NETGEAR DGN2200 / DGND3700 is susceptible to a vulnerability within the page 'BSWcxttongr.htm' which can allow a remote attacker to access this page without any authentication. The attacker can then use this password to gain administrator access of the targeted router's web interface. id:...
WordPress heat-trackr 1.0 - Cross-Site Scripting
WordPress heat-trackr 1.0 contains a cross-site scripting vulnerability via heat-trackrabtestadd.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authenticati...
Apache mod_userdir CRLF injection
Apache CRLF injection allowing HTTP response splitting attacks on sites using moduserdir. id: CVE-2016-4975 info: name: Apache moduserdir CRLF injection author: melbadry9,nadino,xElkomy severity: medium description: Apache CRLF injection allowing HTTP response splitting attacks on sites using...
Wordpress Zedna eBook download <1.2 - Local File Inclusion
Wordpress Zedna eBook download prior to version 1.2 was affected by a filedownload.php local file inclusion vulnerability. id: CVE-2016-10924 info: name: Wordpress Zedna eBook download 1.2 - Local File Inclusion author: idealphase severity: high description: | Wordpress Zedna eBook download prior...