3470 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL...
UBUNTU-CVE-2014-5240
Cross-site scripting XSS vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL...
CVE-2014-5240
Cross-site scripting XSS vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL...
CVE-2014-5240
Cross-site scripting XSS vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL...
CVE-2014-5240
CVE-2014-5240 is an XSS in WordPress prior to 3.9.2 (Multisite enabled) affecting wp-includes/pluggable.php via a crafted avatar URL. The vulnerability allows remote authenticated administrators to inject arbitrary script/HTML and can enable a Super Admin privilege escalation. The issue is docume...
CVE-2014-5019
The multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 allows remote attackers to cause a denial of service via a crafted HTTP Host header, related to determining which configuration file to use...
Design/Logic Flaw
The multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 allows remote attackers to cause a denial of service via a crafted HTTP Host header, related to determining which configuration file to use...
UBUNTU-CVE-2014-5019
The multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 allows remote attackers to cause a denial of service via a crafted HTTP Host header, related to determining which configuration file to use...
CVE-2014-5019
The multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 allows remote attackers to cause a denial of service via a crafted HTTP Host header, related to determining which configuration file to use...
DuoSecurity Finds Two-Factor Authentication Vulnerability
Hosted two-factor authentication firm Duo Security acknowledged late last week that it discovered a vulnerability in its WordPress plugin duowordpress plugin that could allow a user to bypass two-factor authentication 2FA on a multisite network. Jon Oberheide, one of Duo’s founders, stressed last...
DUO-PSA-2014-004: Duo Product Security Advisory
Duo Product Security Advisory Advisory ID: DUO-PSA-2014-004 Original Publication Date: 2014-02-12 Revision Date: 2014-03-27 Status: Confirmed, Fixed Document Revision: 3 Overview Duo Security has identified an issue in which it is possible to bypass second factor authentication of multisite...
DUO-PSA-2014-004: Duo Product Security Advisory
Duo Product Security Advisory Advisory ID: DUO-PSA-2014-004 Original Publication Date: 2014-02-12 Revision Date: 2014-03-27 Status: Confirmed, Fixed Document Revision: 3 Overview Duo Security has identified an issue in which it is possible to bypass second factor authentication of multisite...
CVE-2010-5296
wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisite configuration is used, does not require the Super Admin role for the deleteusers capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action...
DEBIAN-CVE-2010-5296
wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisite configuration is used, does not require the Super Admin role for the deleteusers capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action...
CVE-2010-5297
WordPress before 3.0.1, when a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a...
CVE-2010-5296
wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisite configuration is used, does not require the Super Admin role for the deleteusers capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action...
DEBIAN-CVE-2010-5297
WordPress before 3.0.1, when a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a...
CVE-2010-5297
WordPress before 3.0.1, when a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a...
CVE-2010-5297
WordPress before 3.0.1, when a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a...
CVE-2010-5296
wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisite configuration is used, does not require the Super Admin role for the deleteusers capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action...