59 matches found
Webmaster Tools Verification <= 1.2 - Unauthenticated Arbitrary Plugin Deactivation
The plugin does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins curl -X POST --data "wmtvuninstall=1&wmtvuninstallconfirm=1&plugin=akismet/akismet.php" https://example.com...
Webmaster Tools Verification <= 1.2 - Unauthenticated Arbitrary Plugin Deactivation
The plugin does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins PoC curl -X POST --data "wmtvuninstall=1uninstallconfirm=1=akismet/akismet.php" https://example.com...
WordPress Webmaster Tools Verification plugin <= 1.2 - Unauthenticated Arbitrary Plugin Deactivation vulnerability
Unauthenticated Arbitrary Plugin Deactivation vulnerability discovered by Daniel Ruf in WordPress Webmaster Tools Verification plugin versions = 1.2. Solution Deactivate and delete. This plugin has been closed as of October 19, 2022 and is not available for download. This closure is temporary,...
Cross site scripting
Multiple Cross Site Scripting XSS vulnerabilities exits in SEO Panel v4.8.0 via the 1 totime parameter in a backlinks.php, b analytics.php, c log.php, d overview.php, e pagespeed.php, f rank.php, g review.php, h saturationchecker.php, i socialmedia.php, and j reports.php; the 2 fromtime parameter...
PT-2021-22582 · Seo Panel · Seo Panel
Name of the Vulnerable Software and Affected Versions: SEO Panel version 4.8.0 Description: Multiple Cross Site Scripting XSS vulnerabilities exist in SEO Panel via several parameters in various PHP files. The affected parameters include to time in files such as backlinks.php, analytics.php, and...
SEO Panel Cross-Site Scripting Vulnerability (CNVD-2021-23383)
SEO Panel is a free, open source SEO optimization software. A cross-site scripting vulnerability exists in SEO Panel version 4.8.0. The vulnerability can be exploited to inject JavaScript via the totime parameter in webmaster-tools.php...
SEO Panel 跨站脚本漏洞
SEO Panel is a free, open source SEO optimization software. A cross-site scripting vulnerability exists in SEO Panel version 4.8.0. The vulnerability can be exploited to inject JavaScript via the totime parameter in webmaster-tools.php...
CVE-2021-29008
A cross-site scripting XSS issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via webmaster-tools.php in the "totime" parameter...
PT-2021-18021 · Seo Panel · Seo Panel
Name of the Vulnerable Software and Affected Versions: SEO Panel version 4.8.0 Description: A cross-site scripting issue allows remote attackers to inject JavaScript code. The issue is exploited via the "webmaster-tools.php" endpoint, specifically through the to time parameter. Recommendations: F...
Code Execution Vulnerability in Online Titanium Article Management System (OTCMS)
Nettitanium technology is committed to article management system, article news CMS, webmaster tools class of research and development, Nettitanium article management system station adopts mainstream DIV + CSS framework layout, applicable to the news release type of website, but also applies to...
WordPress Plugin Smart Google Code Inserter < 3.5 - Authentication Bypass / SQL Injection
Exploit Title: Smart Google Code Inserter 3.5 - Auth Bypass/SQLi Google Dork: inurl:wp-content/plugins/smart-google-code-inserter/ Date: 26-Nov-17 Exploit Author: Benjamin Lim Vendor Homepage: http://oturia.com/ Software Link: https://wordpress.org/plugins/smart-google-code-inserter/ Version: 3.4...
WordPress Plugin Smart Google Code Inserter 3.5 - Authentication Bypass SQL Injection
WordPress Plugin Smart Google Code Inserter 3.5 - Authentication Bypass SQL Injection Exploit Title: Smart Google Code Inserter 3.5 - Auth Bypass/SQLi Google Dork: inurl:wp-content/plugins/smart-google-code-inserter/ Date: 26-Nov-17 Exploit Author: Benjamin Lim Vendor Homepage: http://oturia.com/...
Site Verify - Moderately Critical - Cross Site Scripting - SA-CONTRIB-2017-051
The Site Verify module enables privilege users to verify a site with services like Google Webmaster Tools using meta tags or file uploads. The module doesn't sufficiently sanitize input or restrict uploads. This vulnerability is mitigated by the fact that an attacker must have a role with the...
Google Broadens Scope of Unwanted Software Warnings
Google yesterday announced that it would expand its browser security efforts with a new warning in Chrome about unwanted software to caution users about accessing sites that are known to encourage unsafe downloads. The Mountain View, Calif., search and browsing giant has invested serious resource...
CGIScript.net csPassword.CGI 1.0 Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4887/info CGIScript.net provides various webmaster related tools and is maintained by Mike Barone and Andy Angrick. A vulnerability has been reported in the csPassword.cgi script developed by CGIScript.net that discloses...
Indexable User Content (Attachments) on Google
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-47021. panel User content uploaded onto answers.atlassian.com is indexable by Google due to the lack of appropriate indexing...
Torrent-Finder fighting with Google for Domain !
The US government - along with organizations like the RIAA and the MPAA - are hitting Torrent sites where it hurts. Indeed, due to a slew of recent domain seizures, affected websites are currently experiencing major dips in traffic. However, Torrent-Finder is refusing to throw in the towel. The...
Google Expands Malware-Alert Services for Site Operators
Google is expanding the set of tools it makes available to Webmasters to help them detect and remove malware infections on their sites, adding a new alert service that will let the owners of large blocks of sites know as early as possible about the presence of malicious content on any of the site...
Google to Provide Samples of Malicious Code to Webmasters
Google is making a significant change in the way that it handles legitimate sites that have been compromised and are serving up malware. The search giant announced Monday that it will now provide webmasters with specific examples of the malicious code that was used to compromise their sites. For...