Information disclosure

The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages...

CVE-2015-5321

The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages...

WordPress Dynamic Widgets Plugin <= 1.5.10 - XSS

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

MediaWiki Widgets Extension Cross-Site Scripting Vulnerability

MediaWiki is the Wikimedia Foundation and MediaWiki volunteers to develop and maintain a set of free and free Web-based Wiki engine , it can be used to deploy internal knowledge management and content management system . Widgets is one of the wiki page templates can be embedded in the HTML page...

CVE-2015-6737

Cross-site scripting XSS vulnerability in the Widgets extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors involving base64 encoded content...

CVE-2015-6737

Cross-site scripting XSS vulnerability in the Widgets extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors involving base64 encoded content...

Cross site scripting

Cross-site scripting XSS vulnerability in the Widgets extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors involving base64 encoded content...

CVE-2015-6737

CVE-2015-6737 is a MediaWiki Widgets extension XSS vulnerability. Remote attackers could inject arbitrary script/HTML via base64-encoded content. Affected: MediaWiki Widgets extension. Root cause: cross-site scripting in the Widgets template. Impact documented as possible remote code execution vi...

WordPress WP Symposium Plugin 15.1 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Plugin wp-symposium Unauthenticated SQL Injection Vulnerability Date: 2015-07-30 Exploit Author: PizzaHatHacker Vendor Homepage: http://www.wpsymposium.com/ Version: ? = version = 15.5.1 Tested on: Apache / WordPress...

CVE-2015-5499

The Navigate module for Drupal does not properly check permissions, which allows remote authenticated users to modify custom widgets and create widget database records by leveraging the "navigate view" permission...

Dynamic Widgets <= 1.5.10 - Authenticated Cross-Site Scripting (XSS) & CSRF

The Dynamic Widgets WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS & CSRF security vulnerability...

Display Widgets <= 2.03 - Authenticated Cross-Site Scripting (XSS)

The display-widgets WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability...

WordPress Display Widgets Plugin <= 2.03 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

wordpress: multiple issues

CVE-2015-2213: SQL injection in comments ID. - CVE-2015-5730: Timing attack in widgets. - CVE-2015-5731: Denial of service by locking a post from being edited. - CVE-2015-5732, CVE-2015-5733 CVE-2015-5734: XSS...

WordPress <= 4.2.3 - Widgets Title Cross-Site Scripting (XSS)

...

WordPress F/T/G Social Widgets 1.3.7 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Title: WordPress 'Facebook, Twitter & Google+ Social Widgets' Plugin Version: 1.3.7 Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej Date: 2015-06-15 Download: - https://wordpress.org/plugins/facebook-twitter-google-social-widgets/ -...

WordPress F/T/G Social Widgets 1.3.7 Cross Site Scripting

Title: WordPress 'Facebook, Twitter & Google+ Social Widgets' Plugin Version: 1.3.7 Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej Date: 2015-06-15 Download: - https://wordpress.org/plugins/facebook-twitter-google-social-widgets/ -...

WordPress Leads 1.6.1-1.6.2 - Stored XSS

The WordPress Leads plugin exposes a number of functions via AJAX to Anonymous users via the ‘nopriv’ prefix. One of these functions that is registered in ‘leads/shared/classes/class.lead-storage.php’ controls the insertion of leads into the database. A number of fields accepted as POST parameter...

ProxyDroid - Set Proxys (Http / Socks4 / Socks5) on your Android devices

ProxyDroid is an app that can help you to set the proxy http / socks4 / socks5 on your android devices. FEATURES 1. Support HTTP / HTTPS / SOCKS4 / SOCKS5 proxy 2. Support basic / NTLM / NTLMv2 authentication methods 3. Individual proxy for only one or several apps 4. Multiple profiles support 5...

CVE-2012-5244

Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 return, 2 display, 3 table, or 4 search parameter to functions/suggest.php; 5 the id parameter to functions/widgets.php, 6 the category parameter to...