4 results (0.015 seconds)

CVSS: 6.1EPSS: %CPEs: 1EXPL: 0

The Addressbook plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

SQL injection vulnerability in the Addressbook module for Drupal 6.x-4.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el módulo Addressbook para Drupal v6.x-4.2 y anteriores permite a atacantes remotos ejecutar comandos SQL a través de vectores no especificados. • http://drupal.org/node/1557868 http://www.openwall.com/lists/oss-security/2012/05/03/1 http://www.openwall.com/lists/oss-security/2012/05/03/2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.8EPSS: 0%CPEs: 10EXPL: 0

Cross-site request forgery (CSRF) vulnerability in the Addressbook module for Drupal 6.x-4.2 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Vulnerabilidad de falsificación de peticiones en sitios cruzados (CSRF) en el módulo Addressbook para Drupal v6.x-4.2 y anteriores, permite a atacantes remotos secuestrar la autenticación de víctimas no especificadas a través de vectores desconocidos. • http://drupal.org/node/1557868 http://www.openwall.com/lists/oss-security/2012/05/03/1 http://www.openwall.com/lists/oss-security/2012/05/03/2 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 1

Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file. Vulnerabilidad de salto de directorio en addressbook.php del módulo Addressbook 1.2 para PHP-Nuke permite a atacantes remotos incluir y ejecutar ficheros locales de su elección mediante una secuencia .. (punto punto) en el parámetro module_name, como ha sido demostrado inyectando secuencias PHP en el fichero de log de Apache HTTP Server. • https://www.exploit-db.com/exploits/3582 http://osvdb.org/36572 http://secunia.com/advisories/24697 http://www.securityfocus.com/bid/23156 http://www.vupen.com/english/advisories/2007/1118 https://exchange.xforce.ibmcloud.com/vulnerabilities/33243 •