28 matches found
Bludit File Upload Vulnerability
Bludit is an open source, lightweight blog content management system CMS. A file upload vulnerability exists in Bludit version 3.12.0, which originates from a file upload found in the file path bl-plugins backup plugin.php, and can be exploited by an attacker to gain administrator privileges and ...
404 SEO Redirection <= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)
Description The plugin is lacking CSRF checks in all its settings, allowing attackers to make a logged in user change the plugin's settings. Due to the lack of sanitisation and escaping in some fields, it could also lead to Stored Cross-Site Scripting issues PoC The PoC will be displayed once the...
CVE-2012-0063
Insecure plugin update mechanism in tucan through 0.3.10 could allow remote attackers to perform man-in-the-middle attacks and execute arbitrary code ith the permissions of the user running tucan...
CVE-2012-0063
Insecure plugin update mechanism in tucan through 0.3.10 could allow remote attackers to perform man-in-the-middle attacks and execute arbitrary code ith the permissions of the user running tucan...
Code injection
Insecure plugin update mechanism in tucan through 0.3.10 could allow remote attackers to perform man-in-the-middle attacks and execute arbitrary code ith the permissions of the user running tucan...
CVE-2012-0063
The CVE-2012-0063 entry concerns tucan up to version 0.3.10, where an insecure plugin update mechanism can enable remote attackers to perform man-in-the-middle attacks and execute arbitrary code with the user’s privileges. The affected component is the plugin update process; root cause is lack of...
Design/Logic Flaw
The wp-support-plus-responsive-ticket-system plugin before 7.1.0 for WordPress has insecure direct object reference via a ticket number...
[SECURITY] [DSA 3724-1] gst-plugins-good0.10 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3724-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 24, 2016 https://www.debian.org/security/faq -...