Lucene search
K

503 matches found

Hacker One
Hacker One
added 2016/08/07 12:53 p.m.23 views

SecNews: Querying private posts and changing post meta

Summary --- Unauthenticated user can run arbitrary post queries and insert arbitrary numeric post meta via vulnerable /wp-content/themes/SecNews-NewCustom/functions/ajax.php file. I'm including two exploits in one report because the fix for both is the same, i.e. delete ajax.php. Run arbitrary po...

Exploits0
OSV
OSV
added 2016/05/22 1:59 a.m.2 views

DEBIAN-CVE-2015-5715

The mweditPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors...

4.3CVSS6.7AI score0.06279EPSS
Exploits0References1
OSV
OSV
added 2016/05/22 1:59 a.m.8 views

UBUNTU-CVE-2015-5715

The mweditPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors...

4.3CVSS6.6AI score0.06279EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2016/05/22 1:0 a.m.41 views

CVE-2015-5715

The mweditPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors...

4.3CVSS5.6AI score0.06279EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/12/17 12:0 a.m.47 views

WordPress < 4.3.1 Multiple Vulnerabilities

Binary data 9032.prm...

6.1CVSS5.7AI score0.06389EPSS
Exploits2References6
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.114 views

[SECURITY] [DSA 3375-1] wordpress security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3375-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez October 19, 2015 https://www.debian.org/security/faq -...

4.3CVSS0.9AI score0.06389EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2015/10/20 12:0 a.m.55 views

Debian DSA-3375-1 : wordpress - security update

Several vulnerabilities have been fixed in Wordpress, the popular blogging engine. - CVE-2015-5714 A cross-site scripting vulnerability when processing shortcode tags has been discovered. The issue has been fixed by not allowing unclosed HTML elements in attributes. - CVE-2015-5715 A vulnerabilit...

6.1CVSS5.8AI score0.06389EPSS
Exploits2References9
OpenVAS
OpenVAS
added 2015/10/19 12:0 a.m.47 views

Debian Security Advisory DSA 3375-1 (wordpress - security update)

Several vulnerabilities have been fixed in Wordpress, the popular blogging engine. CVE-2015-5714 A cross-site scripting vulnerability when processing shortcode tags has been discovered. The issue has been fixed by not allowing unclosed HTML elements in attributes. CVE-2015-5715 A vulnerability ha...

4.3CVSS5.8AI score0.06389EPSS
Exploits2References1
ArchLinux
ArchLinux
added 2015/09/21 12:0 a.m.44 views

wordpress: multiple issues

CVE-2015-5714 cross-side scripting A cross-site scripting vulnerability has been discovered when processing shortcode tags. - CVE-2015-5715 permission bypass It has been discovered that users without proper permissions could publish private posts and make them sticky...

1.7AI score0.06389EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2015/09/17 12:0 a.m.159 views

WordPress < 4.3.1 Multiple Vulnerabilities

According to its version number, the WordPress application running on the remote web server is prior to 4.3.1. It is, therefore, potentially affected by multiple vulnerabilities : - A cross-site scripting vulnerability exists when processing shortcode tags due to improper validation of...

6.1CVSS6.6AI score0.06389EPSS
Exploits2References6
OSV
OSV
added 2012/07/22 5:55 p.m.5 views

DEBIAN-CVE-2012-3385

WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors...

5CVSS6.6AI score0.01902EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2011/03/14 7:55 p.m.25 views

CVE-2011-0701

wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read 1 draft posts or 2 private posts via a modified attachmentid parameter...

4CVSS5.9AI score0.03168EPSS
Exploits0References1
Prion
Prion
added 2011/03/14 7:55 p.m.24 views

Code injection

wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read 1 draft posts or 2 private posts via a modified attachmentid parameter...

4CVSS6.3AI score0.03168EPSS
Exploits0References13Affected Software1
OSV
OSV
added 2011/03/14 7:55 p.m.10 views

CVE-2011-0701

wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read 1 draft posts or 2 private posts via a modified attachmentid parameter...

5.8AI score
Exploits0References18
OSV
OSV
added 2011/03/14 7:55 p.m.8 views

DEBIAN-CVE-2011-0701

wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read 1 draft posts or 2 private posts via a modified attachmentid parameter...

4CVSS6.2AI score0.03168EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2011/03/14 7:0 p.m.42 views

CVE-2011-0701

wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read 1 draft posts or 2 private posts via a modified attachmentid parameter...

4CVSS4.4AI score0.03168EPSS
Exploits0
Patchstack
Patchstack
added 2011/01/31 12:0 a.m.24 views

WordPress <= 3.0.4 - Multiple Security Vulnerabilities

Because of these vulnerabilities, remote authenticated users can read draft posts or private posts via a modified "attachmentid" parameter. Solution Update WordPress...

4CVSS3.8AI score0.03168EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2006/10/14 12:0 a.m.51 views

Debian DSA-899-1 : egroupware - programming errors

Several vulnerabilities have been discovered in egroupware, a web-based groupware suite. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-0870 Maksymilian Arciemowicz discovered several cross site scripting problems in phpsysinfo, which are also...

6.8CVSS5.1AI score0.03716EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2005/09/06 12:0 a.m.28 views

GLSA-200508-20 : phpGroupWare: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200508-20 phpGroupWare: Multiple vulnerabilities phpGroupWare improperly validates the 'mid' parameter retrieved via a forum post. The current version of phpGroupWare also adds several safeguards to prevent XSS issues, and disable...

7.5CVSS5.9AI score0.05091EPSS
Exploits0References4
Gentoo Linux
Gentoo Linux
added 2005/08/30 12:0 a.m.37 views

phpGroupWare: Multiple vulnerabilities

Background phpGroupWare is a multi-user groupware suite written in PHP. Description phpGroupWare improperly validates the "mid" parameter retrieved via a forum post. The current version of phpGroupWare also adds several safeguards to prevent XSS issues, and disables the use of a potentially...

7.5CVSS6.5AI score0.05091EPSS
Exploits0
Rows per page
Query Builder