WordPress Sniplets <=1.2.2 - Cross-Site Scripting

WordPress Sniplets 1.1.2 and 1.2.2 plugin contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the text parameter to warning.php, notice.php, and inset.php in view/sniplets/, and possibly modules/execute.php; via the url parameter ...

WordPress Sniplets 1.1.2 - Local File Inclusion

PHP remote file inclusion vulnerability in modules/syntaxhighlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter. id: CVE-2008-1059 info: name: WordPress Sniplets 1.1.2 - Local File Inclusion autho...

EUVD-2008-1070

Malware in sbrugna...

EUVD-2008-1072

Malware in sbrugna...

Sniplets 1.1.2 - (RFI/XSS/RCE) Multiple Vulnerabilities

The Sniplets WordPress plugin was affected by a RFI/XSS/RCE Multiple Vulnerabilities security vulnerability...

WordPress Sniplets插件多个输入验证漏洞

BUGTRAQ ID: 27985 WordPress是一款免费的论坛Blog系统。 WordPress的Sniplets插件中存在多个输入验证错误，允许远程攻击者执行跨站脚本攻击、泄露敏感信息或入侵有漏洞的系统。 1 modules/syntaxhighlight.php文件中没有正确的验证对libpath参数的输入，可能允许攻击者包含本地或外部资源的任意文件。 2 在调用eval之前modules/execute.php文件中没有正确的过滤对text参数的输入，允许攻击者通过提交特制的参数值注入并执行任意PHP代码。 3...

Immunity Canvas: WPSNIPLETS_RFI

Name| wpsnipletsrfi ---|--- CVE| CVE-2008-1059 Exploit Pack| CANVAS Description| WordPress Plugin Sniplets 1.1.2 Remote File Include Notes| CVE Name: CVE-2008-1059 VENDOR: WordPress Repeatability: Infinite CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1059 References: None CVSS: 7.5...

Immunity Canvas: WPSNIPLETS_EXEC

Name| wpsnipletsexec ---|--- CVE| CVE-2008-1060 Exploit Pack| CANVAS Description| Wordpress Plugin Sniplets 1.1.2 Remote Code Execution exploict Notes| CVE Name: CVE-2008-1060 VENDOR: WordPress Repeatability: Infinite References: http://seclists.org/bugtraq/2008/Feb/0402.html CVE Url:...

CVE-2008-1060

Eval injection vulnerability in modules/execute.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via the text parameter...

CVE-2008-1061

Multiple cross-site scripting XSS vulnerabilities in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 text parameter to a warning.php, b notice.php, and c inset.php in view/sniplets/, and possibly d modules/execute.php; the ...

CVE-2008-1059

PHP remote file inclusion vulnerability in modules/syntaxhighlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter...

Sql injection

Eval injection vulnerability in modules/execute.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via the text parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in modules/syntaxhighlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 text parameter to a warning.php, b notice.php, and c inset.php in view/sniplets/, and possibly d modules/execute.php; the ...

CVE-2008-1059

The CVE-2008-1059 issue affects WordPress Sniplets plugin (versions 1.1.2 and 1.2.2). It is a PHP remote file inclusion in modules/syntax_highlight.php that allows an attacker to execute arbitrary PHP code via the libpath URL parameter. This can lead to remote code execution and potential comprom...

CVE-2008-1060

Eval injection vulnerability in modules/execute.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via the text parameter...

CVE-2008-1061

Multiple cross-site scripting XSS vulnerabilities in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 text parameter to a warning.php, b notice.php, and c inset.php in view/sniplets/, and possibly d modules/execute.php; the ...

CVE-2008-1060

The CVE affects the Sniplets WordPress plugin, specifically versions 1.1.2 and 1.2.2, where an eval injection in modules/execute.php allows remote attackers to execute arbitrary PHP code via the text parameter. This results in remote code execution with the webserver user’s privileges, aligning w...

CVE-2008-1059

PHP remote file inclusion vulnerability in modules/syntaxhighlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter...

CVE-2008-1061

The CVE-2008-1061 issue affects WordPress Sniplets plugin versions 1.1.2 and 1.2.2, where XSS can be triggered via the text parameter to warning.php, notice.php, and inset.php (in view/sniplets/), possibly modules/execute.php; via the url parameter to view/admin/submenu.php; and via the page para...