Page 108 of 701 results (0.010 seconds)

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 4

SQL injection vulnerability in cplphoto.php in the Copperleaf Photolog plugin 0.16, and possibly earlier, for WordPress allows remote attackers to execute arbitrary SQL commands via the postid parameter. Vulnerabilidad de inyección SQL en cplphoto.php en el plugin Copperleaf Photolog V0.16, y posiblemente anteriores, para WordPress, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro postid. • https://www.exploit-db.com/exploits/11458 http://osvdb.org/62346 http://packetstormsecurity.org/1002-exploits/wpcopperleaf-sql.txt http://secunia.com/advisories/38579 http://www.exploit-db.com/exploits/11458 http://www.securityfocus.com/bid/38239 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 1

WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter. WordPress v2.9 anterior a v2.9.2, permite a usuarios autenticados remotamente leer mensajes eliminados de otros autores a través de una petición directa con una modificación en el parámetro "p". • https://www.exploit-db.com/exploits/11441 http://hakre.wordpress.com/2010/02/16/the-short-memory-of-wordpress-org-security http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052917.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052932.html http://secunia.com/advisories/38592 http://secunia.com/advisories/42871 http://tmacuk.co.uk/?p=180 http://wordpress.org/development/2010/02/wordpress-2-9-2 http://www.osvdb.org/62330 https: • CWE-264: Permissions, Privileges, and Access Controls CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 4

SQL injection vulnerability in results.php in the Pyrmont plugin 2 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en results.php in el plugin Pyrmont v2 para WordPress permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro "id". The Pyrmont V2 theme for WordPress is vulnerable to SQL Injection via the 'id' parameter in versions up to, and including, 2.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://www.exploit-db.com/exploits/10535 http://packetstormsecurity.org/0912-exploits/wppyrmont-sql.txt http://www.exploit-db.com/exploits/10535 http://www.securityfocus.com/bid/37409 https://exchange.xforce.ibmcloud.com/vulnerabilities/54907 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 16%CPEs: 20EXPL: 3

Cross-site scripting (XSS) vulnerability in Roy Tanck tagcloud.swf, as used in the WP-Cumulus plugin before 1.23 for WordPress and the Joomulus module 2.0 and earlier for Joomla!, allows remote attackers to inject arbitrary web script or HTML via the tagcloud parameter in a tags action. Cross-site scripting (XSS) vulnerability in tagcloud.swf in the WP-Cumulus Plug-in before 1.23 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tagcloud parameter. Vulnerabilidad de tipo cross-site scripting (XSS) en el archivo tagcloud.swf, tal como es usado en el plugin WP-Cumulus de Roy Tanck anterior a versión 1.23 para WordPress y la versión 2.0 y anterior del módulo Joomulus para Joomla!, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro tagcloud en una acción tags. • https://www.exploit-db.com/exploits/33371 http://packetstormsecurity.org/1001-exploits/joomlajvclouds-xss.txt http://secunia.com/advisories/37483 http://secunia.com/advisories/38161 http://websecurity.com.ua/3665 http://websecurity.com.ua/3789 http://websecurity.com.ua/3801 http://websecurity.com.ua/3839 http://www.roytanck.com/2009/11/15/wp-cumulus-updated-to-address-yet-another-security-issue http://www.securityfocus.com/archive/1/508071/100/0/threaded http://www.securi • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 2

WP-Cumulus Plug-in 1.20 for WordPress, and possibly other versions, allows remote attackers to obtain sensitive information via a crafted request to wp-cumulus.php, probably without parameters, which reveals the installation path in an error message. WP-Cumulus Plug-in v1.20 para WordPress y puede que otras versiones, permite a atacantes remotos obtener información sensible a través de solicitudes manipuladas a wp-cumulus.php, puede que sin parámetros, esto revela la ruta de instalación en un mensaje de error. • https://www.exploit-db.com/exploits/10228 http://websecurity.com.ua/3665 http://www.securityfocus.com/archive/1/508071/100/0/threaded • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •