3856 matches found
WordPress Plugin My Category Order 2.8 - SQL Injection
WordPress Plugin My Category Order 2.8 - SQL Injection Source: WordPress Plugin: My Category Order = 2.8 mycategoryorder.php / SQL Injection Vulnerability Download: http://wordpress.org/extend/plugins/my-category-order/ No Dork Author: ManhLuat93 at hcegroupdotnet Errors appears only when you hav...
CVE-2009-2432
WordPress and WordPress MU before 2.8.1 allow remote attackers to obtain sensitive information via a direct request to wp-settings.php, which reveals the installation path in an error message...
Information disclosure
WordPress and WordPress MU before 2.8.1 allow remote attackers to obtain sensitive information via a direct request to wp-settings.php, which reveals the installation path in an error message...
CVE-2009-2432
WordPress and WordPress MU before 2.8.1 allow remote attackers to obtain sensitive information via a direct request to wp-settings.php, which reveals the installation path in an error message...
CVE-2009-2432
WordPress and WordPress MU before 2.8.1 allow remote attackers to obtain sensitive information via a direct request to wp-settings.php, which reveals the installation path in an error message...
Z-BLOG XSS Vulnerabilities-vulnerability warning-the black bar safety net
Vulnerability description: Z-BLOG backend login error message display file cerror. asp, although the jump of the URL-parameter sourceurl encoded, but does not determine the link header, the implementation of the javascript pseudo-Protocol, resulting in cross-site scripting vulnerability...
Fedora 9 : phpMyAdmin-3.2.0.1-1.fc9 (2009-7337)
The first security release for phpMyAdmin 3.2.0: - security XSS: Insufficient output sanitizing in bookmarks This version contains a number of small new features and some bug fixes: - core better support for vendor customisation based on what Debian needs - rfe warn when session.gcmaxlifetime is...
CVE-2009-2332
CMS Chainuk 1.2 and earlier allows remote attackers to obtain sensitive information via 1 a crafted id parameter to index.php or 2 a nonexistent folder name in the id parameter to admin/admindelete.php, which reveals the installation path in an error message...
Design/Logic Flaw
CMS Chainuk 1.2 and earlier allows remote attackers to obtain sensitive information via 1 a crafted id parameter to index.php or 2 a nonexistent folder name in the id parameter to admin/admindelete.php, which reveals the installation path in an error message...
Information disclosure
KerviNet Forum 1.1 and earlier allows remote attackers to obtain sensitive information via a direct request to 1 admin/head.php, or 2 votingdiagram.php, 3 voting.php, 4 topicssearch.php, 5 topicslist.php, 6 toppart.php, 7 quicksearch.php, 8 quickreply.php, 9 modermenu.php, 10 messageslist.php, 11...
CVE-2009-2332
CMS Chainuk 1.2 and earlier allows remote attackers to obtain sensitive information via 1 a crafted id parameter to index.php or 2 a nonexistent folder name in the id parameter to admin/admindelete.php, which reveals the installation path in an error message...
Design/Logic Flaw
index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote attackers to obtain sensitive information via a nonexistent account name in the u parameter in a rate action, which reveals the installation path in an error message...
Design/Logic Flaw
admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to obtain sensitive information via an invalid id parameter, which reveals the installation path in an error message...
CVE-2009-2115
admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to obtain sensitive information via an invalid id parameter, which reveals the installation path in an error message...
CVE-2009-2115
admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to obtain sensitive information via an invalid id parameter, which reveals the installation path in an error message...
Information disclosure
importwbb1.php in Unclassified NewsBoard UNB 1.6.4 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message...
PYSEC-2009-6
Multiple cross-site scripting XSS vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 an AttachFile sub-action in the errormsg function or 2 multiple vectors related to package file errors in the uploadform...
CVE-2009-1482
Removed by vendor...
CVE-2008-6759
ViArt Shop aka Shopping Cart 3.5 allows remote attackers to obtain sensitive information via a URL in the POSTDATA parameter to manualssearch.php, which reveals the installation path in an error message...
Design/Logic Flaw
ViArt Shop aka Shopping Cart 3.5 allows remote attackers to obtain sensitive information via a URL in the POSTDATA parameter to manualssearch.php, which reveals the installation path in an error message...