WordPress Sniplets <=1.2.2 - Cross-Site Scripting

WordPress Sniplets 1.1.2 and 1.2.2 plugin contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the text parameter to warning.php, notice.php, and inset.php in view/sniplets/, and possibly modules/execute.php; via the url parameter ...

WordPress Sniplets 1.1.2 - Local File Inclusion

PHP remote file inclusion vulnerability in modules/syntaxhighlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter. id: CVE-2008-1059 info: name: WordPress Sniplets 1.1.2 - Local File Inclusion autho...

EUVD-2008-1070

Malware in sbrugna...

EUVD-2008-1072

Malware in sbrugna...

Sniplets 1.1.2 - (RFI/XSS/RCE) Multiple Vulnerabilities

The Sniplets WordPress plugin was affected by a RFI/XSS/RCE Multiple Vulnerabilities security vulnerability...

WordPress Sniplets插件多个输入验证漏洞

BUGTRAQ ID: 27985 WordPress是一款免费的论坛Blog系统。 WordPress的Sniplets插件中存在多个输入验证错误，允许远程攻击者执行跨站脚本攻击、泄露敏感信息或入侵有漏洞的系统。 1 modules/syntaxhighlight.php文件中没有正确的验证对libpath参数的输入，可能允许攻击者包含本地或外部资源的任意文件。 2 在调用eval之前modules/execute.php文件中没有正确的过滤对text参数的输入，允许攻击者通过提交特制的参数值注入并执行任意PHP代码。 3...

Immunity Canvas: WPSNIPLETS_EXEC

Name| wpsnipletsexec ---|--- CVE| CVE-2008-1060 Exploit Pack| CANVAS Description| Wordpress Plugin Sniplets 1.1.2 Remote Code Execution exploict Notes| CVE Name: CVE-2008-1060 VENDOR: WordPress Repeatability: Infinite References: http://seclists.org/bugtraq/2008/Feb/0402.html CVE Url:...

CVE-2008-1060

Eval injection vulnerability in modules/execute.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via the text parameter...

Sql injection

Eval injection vulnerability in modules/execute.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via the text parameter...

CVE-2008-1059

PHP remote file inclusion vulnerability in modules/syntaxhighlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter...

Immunity Canvas: WPSNIPLETS_RFI

Name| wpsnipletsrfi ---|--- CVE| CVE-2008-1059 Exploit Pack| CANVAS Description| WordPress Plugin Sniplets 1.1.2 Remote File Include Notes| CVE Name: CVE-2008-1059 VENDOR: WordPress Repeatability: Infinite CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1059 References: None CVSS: 7.5...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 text parameter to a warning.php, b notice.php, and c inset.php in view/sniplets/, and possibly d modules/execute.php; the ...

Remote file inclusion

PHP remote file inclusion vulnerability in modules/syntaxhighlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter...

CVE-2008-1061

Multiple cross-site scripting XSS vulnerabilities in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 text parameter to a warning.php, b notice.php, and c inset.php in view/sniplets/, and possibly d modules/execute.php; the ...

CVE-2008-1061

Multiple cross-site scripting XSS vulnerabilities in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 text parameter to a warning.php, b notice.php, and c inset.php in view/sniplets/, and possibly d modules/execute.php; the ...

CVE-2008-1059

PHP remote file inclusion vulnerability in modules/syntaxhighlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter...

CVE-2008-1060

Eval injection vulnerability in modules/execute.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via the text parameter...

CVE-2008-1060

The CVE affects the Sniplets WordPress plugin, specifically versions 1.1.2 and 1.2.2, where an eval injection in modules/execute.php allows remote attackers to execute arbitrary PHP code via the text parameter. This results in remote code execution with the webserver user’s privileges, aligning w...

CVE-2008-1061

The CVE-2008-1061 issue affects WordPress Sniplets plugin versions 1.1.2 and 1.2.2, where XSS can be triggered via the text parameter to warning.php, notice.php, and inset.php (in view/sniplets/), possibly modules/execute.php; via the url parameter to view/admin/submenu.php; and via the page para...

CVE-2008-1059

The CVE-2008-1059 issue affects WordPress Sniplets plugin (versions 1.1.2 and 1.2.2). It is a PHP remote file inclusion in modules/syntax_highlight.php that allows an attacker to execute arbitrary PHP code via the libpath URL parameter. This can lead to remote code execution and potential comprom...