WP Forum Server 1.6.5 - feed.php topic Parameter SQL Injection

The WP Forum Server WordPress plugin was affected by a feed.php topic Parameter SQL Injection security vulnerability...

WordPress 2.1.1 wp-includes/feed.php ix Variable Arbitrary Command Execution

No description provided by source. source: http://www.securityfocus.com/bid/22797/info An attacker compromised the source code for Wordpress 2.1.1 and altered it to include a malicious backdoor. This backdoor introduces a code-execution vulnerability that will let remote users inject PHP code or...

ArticleSetup 1.1 SQL Injection

HTTPCS Advisory : HTTPCS86 Product : ArticleSetup Version : 1.1 Date : 2012-09-03 Criticality level : Highly Critical Description : A vulnerability has been discovered in ArticleSetup, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the 'cat' paramete...

WordPress Forum Server Plugin 1.6.5 - SQL Injection

WordPress Forum Server plugin is prone to an SQL injection. This vulnerability exists because of failure in the "index.php" script to properly clean up user-supplied input in "searchmax" variable and in the "/wp-content/plugins/forum-server/feed.php" script to properly sanitize user-supplied inpu...

Phorum 'feed.php' Security Bypass Vulnerability

This host is running phpBB and is prone to security bypass vulnerability. OpenVAS Vulnerability Test $Id: secpodphpbbsecbypassvuln.nasl 5401 2017-02-23 09:46:07Z teissa $ phpBB 'feed.php' Security Bypass Vulnerability Authors: Antu Sanadi Copyright: Copyright c 2010 SecPod, http://www.secpod.com...

phpBB 3.0.7 feed.php脚本错误权限检查漏洞

CVECAN ID: CVE-2010-1627 phpBB是非常流行的WEB论坛程序。 phpBB的feed.php脚本没有正确地检查订阅源的权限，在以下环境中远程攻击者可以绕过权限检查执行非授权操作： 启用了订阅源 启用了张贴或主题源 非授权用户对私人论坛设置了论坛权限 phpBB 3.0.7 厂商补丁： phpBB Group ----------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.phpbb.com/community/viewtopic.php?f=14&t=2014195...

CVE-2010-1627

feed.php in phpBB 3.0.7 before 3.0.7-PL1 does not properly check permissions for feeds, which allows remote attackers to bypass intended access restrictions via unspecified attack vectors related to permission settings on a private forum...

CVE-2010-1627

feed.php in phpBB 3.0.7 before 3.0.7-PL1 does not properly check permissions for feeds, which allows remote attackers to bypass intended access restrictions via unspecified attack vectors related to permission settings on a private forum...

CVE-2010-1627

feed.php in phpBB 3.0.7 before 3.0.7-PL1 does not properly check permissions for feeds, which allows remote attackers to bypass intended access restrictions via unspecified attack vectors related to permission settings on a private forum...

phpBB <= 3.0.7 Security Bypass Vulnerability

phpBB is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpbb:phpbb"; ifdescription...

WordPress wp-includes/feed.php模块跨站脚本漏洞

BUGTRAQ ID: 32476 WordPress是一款免费的论坛Blog系统。 WordPress的wp-includes/feed.php文件中的selflink函数用于为ATOM和RSS 2.0源中的atom:link标签生成绝对URL： function selflink echo 'http' . $SERVER'https' == 'on' ? 's' : '' . '://' . $SERVER'HTTPHOST' . wpspecialcharsstripslashes$SERVER'REQUESTURI', 1;...

CVE-2007-6310

Multiple cross-site scripting XSS vulnerabilities in Falt4Extreme RC4 10.9.2007 allow remote attackers to inject arbitrary web script or HTML via the handler parameter to 1 index.php and possibly 2 admin/index.php, and 3 the topic parameter to modules/feed/feed.php aka modules/feed.php...

CVE-2007-6310

Multiple cross-site scripting XSS vulnerabilities in Falt4Extreme RC4 10.9.2007 allow remote attackers to inject arbitrary web script or HTML via the handler parameter to 1 index.php and possibly 2 admin/index.php, and 3 the topic parameter to modules/feed/feed.php aka modules/feed.php...

CVE-2007-4329

Multiple PHP remote file inclusion vulnerabilities in Web News 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the configrootordner parameter to 1 index.php, 2 news.php, or 3 feed.php...

CVE-2007-2636

Unspecified vulnerability in phpTodo before 0.8.1 allows remote attackers to have an unknown impact via newlines in regular expressions to 1 index.php, 2 feed.php, 3 prefs.php, and 4 todolist.php; and 5 classTodoItem.php and 6 phpTodoUser.php in libs/. NOTE: some of these details are obtained fro...

wp-compromise.txt

While assessing the security of WordPress, a popular blog creation software, I have discovered that it's source code has recently been compromised by a third party in order to enable remote command execution on the machines running affected versions. The compromised files are wp-includes/feed.php...

CVE-2007-1277

WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via 1 an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and 2 an...

CVE-2007-1277

WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via 1 an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and 2 an...

WordPress <= 2.1.1 - Multiple Vulnerabilities

The attackers can execute arbitrary commands via an eval injection vulnerability in the "ix" parameter to wp-includes/feed.php. Also, there is command execution backdoor vulnerability. Solution Update the WordPress to the latest available version at least 2.1.2...

ZebraFeeds 1.0 (zf_path) Remote File Include Vulnerabilities

Exploit for unknown platform in category web applications ============================================================ ZebraFeeds 1.0 zfpath Remote File Include Vulnerabilities ============================================================ Discovered By:- ThE email protected aggregator.php:-...