CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2008-1478

Malware in sbrugna...

4.3CVSS6.3AI score0.00516EPSS

Exploits0References9

RedhatCVE•added 2025/05/22 2:43 a.m.•5 views

CVE-2010-5293

wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match...

5.8CVSS6.8AI score0.00387EPSS

Exploits1References1

Hacker One•added 2019/08/14 11:6 a.m.•186 views

GSA Bounty: xmlrpc.php file enabled - data.gov

Wordpress that have xmlrpc.php enabled for pingbacks, trackbacks, etc. can be made as a part of a huge botnet causing a major DDOS. this website www.data.gov has the xmlrpc.php file enabled. Impact This can be automated from multiple hosts and be used to cause a mass DDOS attack on the victim...

1AI score

Exploits0

Hacker One•added 2018/11/21 5:29 p.m.•15 views

FormAssembly: xmlrpc.php file is enable it will used for (DOS) and bruteforce attack

Wordpress that have xmlrpc.php enabled for pingbacks, trackbacks, etc. can be made as a part of a huge botnet causing a major DDOS. The website https://www.formassembly.com/ has the xmlrpc.php file enabled and could thus be potentially used for such an attack against other victim hosts. In order ...

7AI score

Exploits0

WPVulnDB•added 2014/08/01 10:58 a.m.•10 views

WordPress 2.0 - 3.0.1 SQL Injection in do_trackbacks()

...

1.8AI score

Exploits0References1Affected Software1

OSV•added 2014/01/21 1:55 a.m.•1 views

DEBIAN-CVE-2010-5293

5.8CVSS6.9AI score0.00387EPSS

Exploits1References1

UbuntuCve•added 2014/01/21 1:55 a.m.•19 views

CVE-2010-5293

5.8CVSS5.9AI score0.00387EPSS

Exploits1References4

CVE•added 2014/01/21 1:0 a.m.•54 views

CVE-2010-5293

The vulnerability CVE-2010-5293 affects WordPress

5.8CVSS6.5AI score0.00387EPSS

Exploits1References3Affected Software1

Patchstack•added 2014/01/20 12:0 a.m.•19 views

WordPress <= 3.0.1

wp-includes/comment.php does not properly whitelist trackbacks and pingbacks in the blogroll. In that way the attackers can bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match. Solution Update WordPress...

5.8CVSS4.6AI score0.00387EPSS

Exploits1References1Affected Software1

OSV•added 2010/12/29 12:0 a.m.•15 views

DSA-2138-1 wordpress - SQL injection

Bulletin has no description...

6CVSS6AI score0.03296EPSS

Exploits0

NVD•added 2010/12/07 1:53 p.m.•10 views

CVE-2010-4257

SQL injection vulnerability in the dotrackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field...

6CVSS7.7AI score0.03296EPSS

Exploits0References20

OSV•added 2010/12/07 1:53 p.m.•1 views

DEBIAN-CVE-2010-4257

6CVSS8.6AI score0.03296EPSS

Exploits0References1

Debian CVE•added 2010/12/07 1:0 a.m.•16 views

CVE-2010-4257

6CVSS6.7AI score0.03296EPSS

Exploits0

CVE•added 2010/12/07 1:0 a.m.•105 views

CVE-2010-4257

CVE-2010-4257 is a SQL injection in WordPress up to version 3.0.2 affecting the do_trackbacks function in wp-includes/comment.php. The vulnerability allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field due to improper input sanitization. Related adviso...

6CVSS7.8AI score0.03296EPSS

Exploits0References20Affected Software1

Patchstack•added 2010/12/05 12:0 a.m.•13 views

WordPress Do_Trackbacks() Function - SQL Injection Vulnerability

WordPress dotrackbacks function is prone to an SQL injection vulnerability. It allows remote attacker to execute arbitrary select SQL query that can lead to disclosure of any information stored in the WordPress database. Solution Update WordPress. Also, you can disable trackbacks manually...

3.6AI score

Exploits0References1Affected Software1

FreeBSD•added 2010/11/16 12:0 a.m.•19 views

wordpress -- SQL injection vulnerability

Vendor reports: SQL injection vulnerability in the dotrackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field...

6CVSS7.9AI score0.03296EPSS

Exploits0References1

UbuntuCve•added 2008/03/24 10:44 p.m.•14 views

CVE-2008-1476

Cross-site scripting XSS vulnerability in Serendipity S9Y before 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to received trackbacks...

4.3CVSS6AI score0.00516EPSS

Exploits0References1

Prion•added 2008/03/24 10:44 p.m.•7 views

Cross site scripting

Cross-site scripting XSS vulnerability in Serendipity S9Y before 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to received trackbacks...

4.3CVSS6.1AI score0.00516EPSS

Exploits0References7Affected Software1

NVD•added 2008/03/24 10:44 p.m.•10 views

CVE-2008-1476

Cross-site scripting XSS vulnerability in Serendipity S9Y before 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to received trackbacks...

4.3CVSS5.6AI score0.00516EPSS

Exploits0References7

CVE•added 2008/03/24 10:0 p.m.•37 views

CVE-2008-1476

Serendipity (S9Y) up to version 1.2.x is vulnerable to cross-site scripting via received trackbacks. Root cause: insufficient input sanitisation in several scripts. Impact: remote attackers can inject arbitrary script/HTML. Mitigation: upgrade to Serendipity 1.3 or later (per Debian DSAs and rela...

4.3CVSS5.6AI score0.00516EPSS

Exploits0References7Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by