503 matches found
SecNews: Querying private posts and changing post meta
Summary --- Unauthenticated user can run arbitrary post queries and insert arbitrary numeric post meta via vulnerable /wp-content/themes/SecNews-NewCustom/functions/ajax.php file. I'm including two exploits in one report because the fix for both is the same, i.e. delete ajax.php. Run arbitrary po...
DEBIAN-CVE-2015-5715
The mweditPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors...
UBUNTU-CVE-2015-5715
The mweditPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors...
CVE-2015-5715
The mweditPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors...
WordPress < 4.3.1 Multiple Vulnerabilities
Binary data 9032.prm...
[SECURITY] [DSA 3375-1] wordpress security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3375-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez October 19, 2015 https://www.debian.org/security/faq -...
Debian DSA-3375-1 : wordpress - security update
Several vulnerabilities have been fixed in Wordpress, the popular blogging engine. - CVE-2015-5714 A cross-site scripting vulnerability when processing shortcode tags has been discovered. The issue has been fixed by not allowing unclosed HTML elements in attributes. - CVE-2015-5715 A vulnerabilit...
Debian Security Advisory DSA 3375-1 (wordpress - security update)
Several vulnerabilities have been fixed in Wordpress, the popular blogging engine. CVE-2015-5714 A cross-site scripting vulnerability when processing shortcode tags has been discovered. The issue has been fixed by not allowing unclosed HTML elements in attributes. CVE-2015-5715 A vulnerability ha...
wordpress: multiple issues
CVE-2015-5714 cross-side scripting A cross-site scripting vulnerability has been discovered when processing shortcode tags. - CVE-2015-5715 permission bypass It has been discovered that users without proper permissions could publish private posts and make them sticky...
WordPress < 4.3.1 Multiple Vulnerabilities
According to its version number, the WordPress application running on the remote web server is prior to 4.3.1. It is, therefore, potentially affected by multiple vulnerabilities : - A cross-site scripting vulnerability exists when processing shortcode tags due to improper validation of...
DEBIAN-CVE-2012-3385
WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors...
CVE-2011-0701
wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read 1 draft posts or 2 private posts via a modified attachmentid parameter...
Code injection
wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read 1 draft posts or 2 private posts via a modified attachmentid parameter...
CVE-2011-0701
wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read 1 draft posts or 2 private posts via a modified attachmentid parameter...
DEBIAN-CVE-2011-0701
wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read 1 draft posts or 2 private posts via a modified attachmentid parameter...
CVE-2011-0701
wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read 1 draft posts or 2 private posts via a modified attachmentid parameter...
WordPress <= 3.0.4 - Multiple Security Vulnerabilities
Because of these vulnerabilities, remote authenticated users can read draft posts or private posts via a modified "attachmentid" parameter. Solution Update WordPress...
Debian DSA-899-1 : egroupware - programming errors
Several vulnerabilities have been discovered in egroupware, a web-based groupware suite. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-0870 Maksymilian Arciemowicz discovered several cross site scripting problems in phpsysinfo, which are also...
GLSA-200508-20 : phpGroupWare: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200508-20 phpGroupWare: Multiple vulnerabilities phpGroupWare improperly validates the 'mid' parameter retrieved via a forum post. The current version of phpGroupWare also adds several safeguards to prevent XSS issues, and disable...
phpGroupWare: Multiple vulnerabilities
Background phpGroupWare is a multi-user groupware suite written in PHP. Description phpGroupWare improperly validates the "mid" parameter retrieved via a forum post. The current version of phpGroupWare also adds several safeguards to prevent XSS issues, and disables the use of a potentially...