Linux Distros Unpatched Vulnerability : CVE-2008-0191

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive information via an invalid p parameter in an rss2 action to the default URI, which reveals...

Discussion Forums 2k 3.3 - Multiple SQL Injection Vulnerabilities

No description provided by source. Author: !DoktOR! Date found: 30.09.08 Product: Discussion Forums 2k Version: 3.3 URL: http://developer.berlios.de/projects/df2k/ Vulnerability Class: SQL Injection Condition: magicquotesgpc = Off Exploit 1:...

miniBB RSS插件远程文件包含漏洞

BUGTRAQ ID: 30421 CNCAN ID：CNCAN-2008073001 miniBB是一款基于PHP的论坛程序。 miniBB不正确过滤用户提交的参数，远程攻击者可以利用漏洞以WEB进程权限执行任意PHP代码。 miniBB包含的RSS插件脚本不正确过滤用户提交的WEB参数，指定远程服务器上的任意文件作为包含对象，可导致以WEB进程权限执行任意PHP代码。 Paul Puzyrev RSS 2.0 目前没有解决方案提供： http://www.minibb.com/download.htmladdons...

CVE-2008-0191

CVE-2008-0191 affects WordPress 2.2.x and 2.3.x. The vulnerability allows remote attackers to obtain sensitive information by passing an invalid p parameter to the rss2 action, revealing the full path and the SQL database structure. Impact is information disclosure (partial confidentiality). Reme...

CVE-2007-4104

Multiple cross-site scripting XSS vulnerabilities in the WP-FeedStats before 2.4 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, one of which involves an rss2 feed with an invalid or missing blog with an XSS sequence in the query string...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the WP-FeedStats before 2.4 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, one of which involves an rss2 feed with an invalid or missing blog with an XSS sequence in the query string...