Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Tenable Nessus
Tenable Nessusadded 2018/11/05 12:0 a.m.7 views

WordPress 3.9.x < 3.9.21 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. - When domain-based...

9.8CVSS8.3AI score0.10428EPSS
Exploits1References6
Tenable Nessus
Tenable Nessusadded 2018/11/05 12:0 a.m.10 views

WordPress 4.4.x < 4.4.12 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. - When domain-based...

9.8CVSS8.3AI score0.10428EPSS
Exploits1References6
Veracode
Veracodeadded 2017/10/13 7:48 a.m.29 views

Cross-domain Flash Injection (XSF)

WordPress is vulnerable to cross-domain flash injection XSF attacks. The attack can be triggered via the code contained within the wp-includes/js/mediaelement/flashmediaelement.swf file. The vulnerability is possible only when domain-based flashmediaelement.swf sandboxing is not used...

4.7CVSS7.3AI score0.01241EPSS
Exploits0References3Affected Software2
CVE
CVEadded 2017/10/12 4:0 p.m.83 views

CVE-2016-9263

CVE-2016-9263 affects WordPress; the issue arises when domain-based flashmediaelement.swf sandboxing is not used, enabling remote cross-domain Flash injection (XSF) via code in wp-includes/js/mediaelement/flashmediaelement.swf. Connected documents confirm WordPress-related vulnerabilities of this...

4.7CVSS5.9AI score0.01241EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVEadded 2017/10/12 4:0 p.m.27 views

CVE-2016-9263

WordPress through 4.8.2, when domain-based flashmediaelement.swf sandboxing is not used, allows remote attackers to conduct cross-domain Flash injection XSF attacks by leveraging code contained within the wp-includes/js/mediaelement/flashmediaelement.swf file...

4.7CVSS5.6AI score0.01241EPSS
Exploits0
Packet Storm
Packet Stormadded 2017/06/14 12:0 a.m.59 views

Camstudio 2.0 XSS / XSF / Content Forgery

| \ | \ | | | | | | / \ | | | |/ / | |/ / | | | | | | | | | / / | | | / | / | | | | | | | | | | | | | | | |\ \ \ / / // / | | | /\ | | | | | / / / / / | | | \ | | / | | | / \ | | | | | \ | | | | \ \ / / | | | | | \ --. | | | / / | | | | | |/ / | | | | \ V / | | | . | --. \ | | | | | |...

0.5AI score
Exploits0
Exploit DB
Exploit DBadded 2015/01/26 12:0 a.m.26 views

SWFupload 2.5.0 - Cross Frame Scripting (XFS)

Exploit Title: SWFupload All Version XSF Vulnerability Date: 25/01/2014 Exploit Author: MindCracker - Team MaDLeeTs Contact : [email protected] - [email protected] | https://twitter.com/MindCrackerKhan Verion : All Tested on: Linux / Window Description : XSF occurs when an SWF have...

7.4AI score
Exploits0
ThreatPost
ThreatPostadded 2014/05/19 4:7 p.m.8 views

XMPP Mandating Encryption on Messaging Service Operators

Beginning today, the operators of instant messaging services that rely on the extensible messaging and presence protocol XMPP are expected to deploy encryption into the platforms they maintain. The XMPP Standard Foundation XSF announced today that a large number of services on the public XMPP...

Exploits0References7
Rows per page
Query Builder