Authentication flaw

The MailPoet Newsletters wysija-newsletters plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/...

MyPHP Forum <= 3.0 Edit Topics/Blind SQL Injection Vulnerabilities

No description provided by source. / ----------------------------------------------------------------------------------- MyPHP Forum Final = 3.0 Edit Topics/Blind SQL Injection Remote Vulnerabilities ----------------------------------------------------------------------------------- Discovered By...

SquareCMS 0.3.1 (post.php) SQL Injection Vulnerability

No description provided by source...

BMForum 3.0 post.php forumid Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/14396/info BMForum is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to...

jobappr <= 1.4 - Multiple Vulnerabilities

No description provided by source. ======================================= JobAppr = 1.4 Multiple Vulnerabilities ======================================= Author: giudinvx Email: giudinvxatgmaildotcom Date: 21/12/2010 Site: http://www.giudinvx.altervista.org/...

XMB Forum 1.9.3 Post.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15267/info XMB Nexus Forum is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation...

Kusaba <= 1.0.4 - Remote Code Execution Exploit (2)

No description provided by source. !-- 9 Oct 2008 Kusaba = 1.0.4 Remote Code Execution Exploit 2 Sausage [email protected] Will work if they have left the loadreceiver.php script un-edited. After execution: Yes these are the exact URLs http://www.kusaba.image.board/url/change this to the same...

qibocms 新闻系统 Getshell (需结合解析漏洞)

简要描述： IIS || Apache。 详细说明： http://bbs.qibosoft.com/down2.php?v=news1.0down 下载地址。 在news/member/post.php中 requireonceMpath."inc/check.postarticle.php"; if$job=='postnew' if$step=='post' postnew; //生成静态 makearticlehtml"$Murl/member/post.php?job=endHTML&aid=$aid"; $mid && $mid继续发表新主题 续发本主题 返回主题列表 查看主...

CVE-2013-5917

SQL injection vulnerability in wp-comments-post.php in the NOSpam PTI plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the commentpostID parameter...

CVE-2013-5917

The CVE-2013-5917 entry concerns the WordPress NOSpamPTI plugin (version 2.1). The vulnerability is a SQL injection in wp-comments-post.php via the comment_post_ID parameter, enabling remote attackers to manipulate the database and potentially exfiltrate data. Multiple connected sources confirm t...

WordPress NOSpamPTI 2.1 Blind SQL Injection

NOSpamPTI Wordpress plugin Blind SQL Injection Vendor product description NOSpamPTI eliminates the spam in your comment box so strong and free, developed from the idea of Nando Vieira http://bit.ly/d38gB8, but some themes do not support changes to the functions.php to this we alter this function...

WordPress /wp-admin/includes/post.php user_ID 参数操作权限提升漏洞

Bugtraq ID:62346 CVE ID:CVE-2013-4340 WordPress是一种使用PHP语言开发的博客平台，用户可以在支持PHP和MySQL数据库的服务器上架设自己的网志 WordPress wp-admin/includes/post.php脚本在处理'userID'参数时存在一个安全漏洞，允许远程攻击者利用漏洞提供修改过的userID参数伪造任意帖子的作者 0 WordPress 3.6 厂商解决方案 WordPress 3.6.1已经修改该漏洞，建议用户下载更新： http://codex.wordpress.org/Version3.6.1...

CVE-2013-4340

wp-admin/includes/post.php in WordPress before 3.6.1 allows remote authenticated users to spoof the authorship of a post by leveraging the Author role and providing a modified userID parameter...

Code injection

wp-admin/includes/post.php in WordPress before 3.6.1 allows remote authenticated users to spoof the authorship of a post by leveraging the Author role and providing a modified userID parameter...

CVE-2013-4340

wp-admin/includes/post.php in WordPress before 3.6.1 allows remote authenticated users to spoof the authorship of a post by leveraging the Author role and providing a modified userID parameter...

CVE-2013-4340

wp-admin/includes/post.php in WordPress before 3.6.1 allows remote authenticated users to spoof the authorship of a post by leveraging the Author role and providing a modified userID parameter...

Basic Forum by JM LLC - Multiple Vulnerabilities

Basic Forum by JM LLC - Multiple Vulnerabilities Dear Offensive Security, I have discovered some vulnerabilities in Basic Forum, developed by JM LLC. Best regards, Sp3ctrecore ADVISORY ================================================ Basic Forum by JM LLC - Multiple Vulnerabilities...

DEBIAN-CVE-2012-2404

wp-comments-post.php in WordPress before 3.3.2 supports offsite redirects, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via unspecified vectors...

WordPress <= 3.3.1 - XSS #1

This vulnerability is in the wp-comments-post.php. It allows the attackers to conduct XSS attacks via unspecified vectors. Solution Update WordPress...

WordPress <= 3.3.0 - XSS

Because of this vulnerability in wp-comments-post.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...