EUVD-2015-3346

Malware in sbrugna...

EUVD-2015-4016

Malware in sbrugna...

EUVD-2011-5107

Malware in sbrugna...

WordPress Plugin TheCartPress eCommerce Shopping Cart Cross-Site Request Forgery Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports setting up personal blog sites on servers with PHP and MySQL.TheCartPress eCommerce Shopping Cart plugin for WordPress is an eCommerce shopping cart plugin for WordPress based ...

WordPress TheCartPress Plugin 1.3.9 /checkout/CheckoutEditor.class.php 本地文件包含漏洞

checkout/CheckoutEditor.class.phpfunction adminaction if empty $POST return; if isset $REQUEST'tcpsavefields' $partialpath = $REQUEST'tcpboxpath'; $classname = $REQUEST'tcpboxname'; $initialpath = dirname dirname TCPADMINFOLDER . '/'; requireonce $initialpath . $partialpath ; $box = new $classnam...

WordPress Plugin TheCartPress Has Multiple Cross-Site Scripting Vulnerabilities

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. Multiple cross-site scripting vulnerabilities exist in the WordPress plugin TheCartPress. 1 Because many user-supplied HTTP...

WordPress Plugin TheCartPress Local PHP File Inclusion Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A local PHP file inclusion vulnerability exists in the WordPress plugin TheCartPress. Due to input passed to the...

CVE-2011-5207

Cross-site scripting XSS vulnerability in admin/OptionsPostsList.php in the TheCartPress plugin for WordPress before 1.1.6 before 2011-12-31 allows remote attackers to inject arbitrary web script or HTML via the tcpnamepostXXXXX parameter...

CVE-2011-5207

The CVE-2011-5207 entry concerns TheCartPress WordPress plugin. Affected component: admin/OptionsPostsList.php. Vulnerability: cross-site scripting (XSS) allowing remote attackers to inject arbitrary script/HTML via the tcp_name_post_XXXXX parameter, prior to TheCartPress 1.1.6 (before 2011-12-31...

WordPress TheCartPress Plugin 1.6 - Cross Site Scripting

WordPress TheCartPress plugin's "OptionsPostsList.php" is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can ste...

WordPress Filedownload Plugin 0.1 - Remote File Disclosure Vulnerability

TheCartPress plugin's "download.php" parameter is prone to remote file include vulnerability. It allows an attacker to include a remote file and get access to the server. It causes such problems as sensitive information disclosure, corss-site scripting attacks, code execution on the web server...