6150 matches found
WordPress Relevant Related Posts 1.0.7 Cross Site Scripting Vulnerability
WordPress Relevant Related Posts plugin version 1.0.7 suffers from a cross site scripting vulnerability. WordPress Relevant Related Posts 1.0.7 Cross Site Scripting Plugin Name : Relevant Related Posts Plugin Effected Version : 1.0.7 and most probably lower version's if any Vulnerability :...
WordPress < 4.3.1 Multiple Vulnerabilities
Binary data 9032.prm...
WordPress Relevant Related Posts 1.0.7 Cross Site Scripting
Plugin Name : Relevant Related Posts Plugin Effected Version : 1.0.7 and most probably lower version's if any Vulnerability : A3-Cross-Site Scripting XSS Identified by : Madhu Akula Technical Details Minimum Level of Access Required : Administrator PoC - Proof of Concept : The following fields pu...
[SECURITY] [DSA 3375-1] wordpress security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3375-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez October 19, 2015 https://www.debian.org/security/faq -...
Debian DSA-3375-1 : wordpress - security update
Several vulnerabilities have been fixed in Wordpress, the popular blogging engine. - CVE-2015-5714 A cross-site scripting vulnerability when processing shortcode tags has been discovered. The issue has been fixed by not allowing unclosed HTML elements in attributes. - CVE-2015-5715 A vulnerabilit...
WordPress Recent Posts Widget Extended Plugin <= 0.9.9.3 - Authenticated XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Upgrade the plugin...
Recent Posts Widget Extended <= 0.9.9.3 - Authenticated XSS (multisite)
XSS in the Recent Posts Widget Extended plugin allows single site admins to change network admin's password with simple CSRF described above POC field. This vulnerability is currently unpatched. PoC 1. Login as single site administrator 2. Add Recent Posts Extended Widget to some widget area 3...
Debian Security Advisory DSA 3375-1 (wordpress - security update)
Several vulnerabilities have been fixed in Wordpress, the popular blogging engine. CVE-2015-5714 A cross-site scripting vulnerability when processing shortcode tags has been discovered. The issue has been fixed by not allowing unclosed HTML elements in attributes. CVE-2015-5715 A vulnerability ha...
EMC RSA Archer GRC Restriction Bypass Vulnerability
EMC RSA Archer GRC is an enterprise IT governance and compliance governance product. EMC RSA Archer GRC has a security vulnerability that allows a remote attacker to bypass established access restrictions and read or modify Discussion Forum Fields messages...
wordpress: multiple issues
CVE-2015-5714 cross-side scripting A cross-site scripting vulnerability has been discovered when processing shortcode tags. - CVE-2015-5715 permission bypass It has been discovered that users without proper permissions could publish private posts and make them sticky...
WordPress < 4.3.1 Multiple Vulnerabilities
According to its version number, the WordPress application running on the remote web server is prior to 4.3.1. It is, therefore, potentially affected by multiple vulnerabilities : - A cross-site scripting vulnerability exists when processing shortcode tags due to improper validation of...
moodle -- multiple vulnerabilities
Moodle Release Notes report: MSA-15-0030: Students can re-attempt answering questions in the lesson CVE-2015-5264 MSA-15-0031: Teacher in forum can still post to "all participants" and groups they are not members of CVE-2015-5272 - 2.7.10 only MSA-15-0032: Users can delete files uploaded by other...
WordPress WP Attachment Export plugin <= 0.2.3 - Unauthenticated Posts Download vulnerability
Unauthenticated Posts Download vulnerability discovered by Nitin Venkatesh in WordPress WP Attachment Export plugin versions = 0.2.3. Solution Update the WordPress WP Attachment Export plugin to the latest available version at least 0.2.4...
WordPress Privilege Bypass Vulnerability
WordPress is a use of PHP language development blog platform, users can support PHP and MySQL database server set up their own weblog. WordPress has a security vulnerability that allows remote attackers to exploit vulnerabilities to bypass security restrictions and edit locked posts...
CVE-2015-5623
WordPress before 4.2.3 does not properly verify the editposts capability, which allows remote authenticated users to bypass intended access restrictions and create drafts by leveraging the Subscriber role, as demonstrated by a post-quickdraft-save action to wp-admin/post.php...
DEBIAN-CVE-2015-5623
WordPress before 4.2.3 does not properly verify the editposts capability, which allows remote authenticated users to bypass intended access restrictions and create drafts by leveraging the Subscriber role, as demonstrated by a post-quickdraft-save action to wp-admin/post.php...
Multiple Cross-Site Scripting Vulnerabilities in MetalGenix GeniXCMS
MetalGenix GeniXCMS is a PHP-based content management system and framework CMSF from MetalGenix Indonesia, which provides modules for user management, content management and menu management. A cross-site scripting vulnerability exists in MetalGenix GeniXCMS version 0.0.3. The vulnerability exists...
CVE-2015-5066
Multiple cross-site scripting XSS vulnerabilities in the MetalGenix GeniXCMS 0.0.3 allow remote attackers to inject arbitrary web script or HTML via the 1 content or 2 title field in an add action in the posts page to index.php or the 3 q parameter in the posts page to index.php...
CVE-2015-5066
Multiple cross-site scripting XSS vulnerabilities in the MetalGenix GeniXCMS 0.0.3 allow remote attackers to inject arbitrary web script or HTML via the 1 content or 2 title field in an add action in the posts page to index.php or the 3 q parameter in the posts page to index.php...
Space permissions ignored in list of blog posts by date
h3. Summary Users have the ability to view a list of all blog posts, even from spaces in which they don't have permission to access. h3. Steps to Reproduce Install Confluence 5.7.x Create two spaces Space A Space B remove all permissions for confluence-users Create a blog post in Space A Create a...