14 matches found
EUVD-2014-3779
Malware in sbrugna...
EUVD-2014-8775
Malware in sbrugna...
CVE-2014-3848
The iMember360 plugin before 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to obtain database credentials via the i4wdbinfo parameter...
CVE-2014-3842
Multiple cross-site scripting XSS vulnerabilities in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 decrypt or 2 encrypt parameter...
CVE-2014-3849
The iMember360 plugin 3.8.012 through 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to delete arbitrary users via a request containing a user name in the Email parameter and the API key in the i4wclearuser parameter...
CVE-2014-8949
The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4wtrace parameter. NOTE: this can be leveraged with CVE-2014-8948 to allow remote attackers to execute code. NOTE: it is not clear...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote attackers to hijack the authentication of administrators for requests that with an unspecified impact via the i4wtrace parameter. NOTE: this can be leveraged with CVE-2014-89...
Code injection
The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4wtrace parameter. NOTE: this can be leveraged with CVE-2014-8948 to allow remote attackers to execute code. NOTE: it is not clear...
CVE-2014-8949
The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4wtrace parameter. NOTE: this can be leveraged with CVE-2014-8948 to allow remote attackers to execute code. NOTE: it is not clear...
Design/Logic Flaw
The iMember360 plugin 3.8.012 through 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to delete arbitrary users via a request containing a user name in the Email parameter and the API key in the i4wclearuser parameter...
CVE-2014-3849
The iMember360 plugin 3.8.012 through 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to delete arbitrary users via a request containing a user name in the Email parameter and the API key in the i4wclearuser parameter...
CVE-2014-3849
The CVE-2014-3849 issue affects WordPress with the iMember360 plugin versions 3.8.012–3.9.001. The vulnerability stems from improper access restriction that allows remote attackers to delete arbitrary users by sending a request that places a user name in the Email parameter and the API key in the...
CVE-2014-3842
Multiple cross-site scripting XSS vulnerabilities in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 decrypt or 2 encrypt parameter...
CVE-2014-3842
Multiple cross-site scripting XSS vulnerabilities in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 decrypt or 2 encrypt parameter...