Debian DSA-3183-1 : movabletype-opensource - security update

Multiple vulnerabilities have been discovered in Movable Type, a blogging system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-2184 Unsafe use of Storable::thaw in the handling of comments to blog posts could allow remote attackers to include and...

WordPress Plugin Huge IT Slider SQL Injection Vulnerability

WordPress is a use of PHP language development blog platform, users can support PHP and MySQL database server set up their own weblog. A SQL injection vulnerability exists in the WordPress plugin Huge IT Slider. The vulnerability is caused due to the failure to filter input passed to the...

CVE-2014-9401

CVE-2014-9401 affects the WordPress plugin “WP Limit Posts Automatically” (versions

WordPress WP Limit Posts Automatically 0.7 CSRF / XSS

Title: CSRF / Stored XSS Vulnerability in WP Limit Posts Automatically Wordpress Plugin Author: Manideep K cve-id: CVE-2014-9401 Plugin Homepage: https://wordpress.org/plugins/wp-limit-posts-automatically/ Version Affected: 0.7 probably lower versions Severity: High Description: Vulnerable...

WordPress Sliding Recent Posts 1.0 CSRF / XSS

Title: WordPress 'Sliding Recent Posts' plugin - CSRF/XSS Version: 1.0 Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej Date: 2014/12/12 Download: https://wordpress.org/plugins/sliding-recent-posts/ Notified WordPress: 2014/11/27 ----------------------------------------------------------------...

CVE-2014-6299

Cross-site request forgery CSRF vulnerability in the mmforum extension before 1.9.3 for TYPO3 allows remote attackers to hijack the authentication of users for requests that create posts via unspecified vectors...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the mmforum extension before 1.9.3 for TYPO3 allows remote attackers to hijack the authentication of users for requests that create posts via unspecified vectors...

RBS Change Complet Open Source 3.6.8 - Cross-Site Request Forgery

RBS Change Complet Open Source 3.6.8 - Cross-Site Request Forgery Exploit Title: RBS Change Complet Open Source CSRF Google Dork: intext:"une réalisation rbs" Date: 10/01/2014 Exploit Author: KrustyHack Vendor Homepage: http://www.rbschange.fr/ Software Link:...

RBS Change Complet Open Source 3.6.8 - Cross-Site Request Forgery

Exploit Title: RBS Change Complet Open Source CSRF Google Dork: intext:"une réalisation rbs" Date: 10/01/2014 Exploit Author: KrustyHack Vendor Homepage: http://www.rbschange.fr/ Software Link: http://www.rbschange.fr/addons/distributions/RBS-Change-complet-Open-Source,67203.html Version: 3.6.8...

RBS Change Complet Open Source 3.6.8 - CSRF Vulnerability

Exploit for php platform in category web applications Exploit Title: RBS Change Complet Open Source CSRF Google Dork: intext:"une réalisation rbs" Date: 10/01/2014 Exploit Author: KrustyHack Vendor Homepage: http://www.rbschange.fr/ Software Link:...

RBS Change Complet Open Source Cross Site Request Forgery

Exploit Title: RBS Change Complet Open Source CSRF Google Dork: intext:"une réalisation rbs" Date: 10/01/2014 Exploit Author: KrustyHack Vendor Homepage: http://www.rbschange.fr/ Software Link: http://www.rbschange.fr/addons/distributions/RBS-Change-complet-Open-Source,67203.html Version: 3.6.8...

DEBIAN-CVE-2003-1598

SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable...

WordPress Mobile Pack Plugin Information Disclosure Vulnerability

WordPress Mobile Pack Plugin is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2014-5337

The WordPress Mobile Pack plugin before 2.0.2 for WordPress does not properly restrict access to password protected posts, which allows remote attackers to obtain sensitive information via an exportarticles action to export/content.php...

Redirection - view/admin/log_item.php Non-existent Posts Referer HTTP Header XSS

The Redirection WordPress plugin was affected by a view/admin/logitem.php Non-existent Posts Referer HTTP Header XSS security vulnerability...

WordPress Related Posts 2.6.1 - Cross-Site Request Forgery

The WordPress Related Posts WordPress plugin was affected by a Cross-Site Request Forgery security vulnerability...

Related Posts 2.7.1 - Cross-Site Request Forgery

The related-posts WordPress plugin was affected by a Cross-Site Request Forgery security vulnerability...

Allow PHP in Posts & Pages <= 2.0.0.RC2 - SQL Injection

The Allow PHP in Posts and Pages WordPress plugin was affected by a SQL Injection security vulnerability...

Video Posts Webcam Recorder < 1.55.5 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The Video Posts Webcam Recorder WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability. https://example.com/wp-content/plugins/video-posts-webcam-recorder/posts/videowhisper/rlogout.php?message=message'//...

CVE-2014-4717

Multiple cross-site request forgery CSRF vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 ssbasharetext parameter in a save...