32 matches found
EUVD-2017-1619
Malware in sbrugna...
EUVD-2017-1620
Malware in sbrugna...
EUVD-2017-1621
Malware in sbrugna...
EUVD-2017-1622
Malware in sbrugna...
WordPress DTracker plugin content injection vulnerability (CNVD-2017-31143)
WordPress is the WordPress Software Foundation's set of blogging platforms developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.DTracker is one of the plug-ins used to track site downloads. A content injection vulnerability exists in version 1.5 of...
WordPress DTracker plugin content injection vulnerability (CNVD-2017-31142)
WordPress is the WordPress Software Foundation's set of blogging platforms developed using the PHP language, which supports the setting up of personal blog sites on servers with PHP and MySQL.DTracker is one of the plugins used to track site downloads. A content injection vulnerability exists in...
CVE-2017-1002005
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contactid variable before adding it to the end of an SQL query...
CVE-2017-1002007
Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/savemail.php doesn't check that the user is authorized before injecting new contacts into the wpcontact table...
CVE-2017-1002004
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/download.php user input isn't sanitized via the id variable before adding it to the end of an SQL query...
Security feature bypass
Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/savemail.php doesn't check that the user is authorized before injecting new contacts into the wpcontact table...
Design/Logic Flaw
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/download.php user input isn't sanitized via the id variable before adding it to the end of an SQL query...
CVE-2017-1002006
Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/savecontact.php doesn't check that the user is authorized before injecting new contacts into the wpcontact table...
CVE-2017-1002005
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contactid variable before adding it to the end of an SQL query...
CVE-2017-1002007
Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/savemail.php doesn't check that the user is authorized before injecting new contacts into the wpcontact table...
CVE-2017-1002006
Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/savecontact.php doesn't check that the user is authorized before injecting new contacts into the wpcontact table...
Security feature bypass
Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/savecontact.php doesn't check that the user is authorized before injecting new contacts into the wpcontact table...
Design/Logic Flaw
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contactid variable before adding it to the end of an SQL query...
CVE-2017-1002004
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/download.php user input isn't sanitized via the id variable before adding it to the end of an SQL query...
CVE-2017-1002004
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/download.php user input isn't sanitized via the id variable before adding it to the end of an SQL query...
CVE-2017-1002007
CVE-2017-1002007 affects the WordPress DTracker plugin v1.5. The issue is in dtracker/save_mail.php, which does not verify that the user is authorized before inserting new contacts into wp_contact. The root cause is missing authorization checks, allowing an unauthenticated attempt to inject data ...