18 matches found
EUVD-2012-5250
Malware in sbrugna...
EUVD-2013-0746
Malware in sbrugna...
EUVD-2013-0747
Malware in sbrugna...
CVE-2012-5328
Multiple SQL injection vulnerabilities in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress might allow remote authenticated users to execute arbitrary SQL commands via the 1 memberid or 2 groupid parameters in a removemember action or 3 id parameter to...
CVE-2013-0736
Multiple cross-site request forgery CSRF vulnerabilities in the Mingle Forum plugin 1.0.34 and possibly earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 modify user privileges or 2 conduct cross-site scripting XSS attacks via...
WordPress Mingle Forum Plugin <= 1.0.33 - Cross Site Scripting
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...
Mingle Forum 1.0.28 - XSS & FPD
The mingle-forum WordPress plugin was affected by a XSS & FPD security vulnerability...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 searchwords parameter in a search action to wpf.class.php or 2 togroupusers parameter in an addusertogroup action to...
CVE-2013-0736
Multiple cross-site request forgery CSRF vulnerabilities in the Mingle Forum plugin 1.0.34 and possibly earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 modify user privileges or 2 conduct cross-site scripting XSS attacks via...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the Mingle Forum plugin 1.0.34 and possibly earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 modify user privileges or 2 conduct cross-site scripting XSS attacks via...
CVE-2013-0736
Multiple cross-site request forgery CSRF vulnerabilities in the Mingle Forum plugin 1.0.34 and possibly earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 modify user privileges or 2 conduct cross-site scripting XSS attacks via...
CVE-2012-5327
Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the 1 deleteusrgrp parameter in a deleteusergroups action, 2 usergroup paramete...
Sql injection
Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the 1 deleteusrgrp parameter in a deleteusergroups action, 2 usergroup paramete...
CVE-2012-5327
Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the 1 deleteusrgrp parameter in a deleteusergroups action, 2 usergroup paramete...
CVE-2012-5327
The Mingle Forum WordPress plugin (versions before 1.0.33; affected 1.0.32.1) is impacted by multiple SQL injection flaws in fs-admin/fs-admin.php. An authenticated user can trigger SQL commands via: (1) delete_usrgrp[] in delete_usergroups, (2) usergroup in add_user_togroup, or (3) add_forum_gro...
CVE-2012-5328
Mingle Forum plugin for WordPress (v1.0.32.1 and earlier than 1.0.33) contains multiple SQL injection vulnerabilities that allow remote authenticated users to execute arbitrary SQL commands via specific parameters: memberid or groupid in removemember, id in fs-admin/fs-admin.php, or edit_forum_id...
WordPress Mingle Forum Plugin 'search' Parameter XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescription...
HTB22849: Path disclosure in Mingle Forum wordpress plugin
Vulnerability ID: HTB22849 Reference: http://www.htbridge.ch/advisory/pathdisclosureinmingleforumwordpressplugin.html Product: Mingle Forum wordpress plugin Vendor: Cartpauj http://cartpauj.com/ Vulnerable Version: 1.0.28 Vendor Notification: 15 February 2011 Vulnerability Type: Path disclosure...