CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2008-0507 – AdServe < 0.3 - SQL Injection
https://notcve.org/view.php?id=CVE-2008-0507
SQL injection vulnerability in adclick.php in the AdServe 0.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en adclick.php en el plugin AdServe 0.2 para WordPress. Permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro id. • https://www.exploit-db.com/exploits/5013 http://secunia.com/advisories/28708 http://www.securityfocus.com/bid/27504 http://www.vupen.com/english/advisories/2008/0364 https://exchange.xforce.ibmcloud.com/vulnerabilities/40045 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2008-0520 – WassUp Real Time Analytics 1.4 - 1.4.3 - SQL Injection
https://notcve.org/view.php?id=CVE-2008-0520
Multiple SQL injection vulnerabilities in main.php in the WassUp plugin 1.4 through 1.4.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) from_date or (2) to_date parameter to spy.php. Múltiples vulnerabilidades de inyección SQL en main.php en el plugin 1.4 WassUp a través de 1.4.3 para WordPress, permiten a atacantes remotos ejecutar comandos SQL arbitrarios a través de los parámetros (1) from_date o (2) to_date a spy.php. • https://www.exploit-db.com/exploits/5017 http://secunia.com/advisories/28702 http://www.securityfocus.com/bid/27525 http://www.vupen.com/english/advisories/2008/0365 http://www.wpwp.org/archives/warning-security-bug-in-version • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2008-0490 – WP-Cal <= 0.3 - SQL Injection
https://notcve.org/view.php?id=CVE-2008-0490
SQL injection vulnerability in functions/editevent.php in the WP-Cal 0.3 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en functions/ editevent.php en el plugin WP-Cal 0.3 para WordPress permite a atacantes remotos ejecutar comandos arbitrarios de SQL a través del parámetro id. • https://www.exploit-db.com/exploits/4992 http://secunia.com/advisories/28683 http://www.securityfocus.com/bid/27465 http://www.vupen.com/english/advisories/2008/0348 https://exchange.xforce.ibmcloud.com/vulnerabilities/39966 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 2CVE-2008-0508 – Dean's Permalinks Migration <= 1.0 - Cross-Site Request Forgery to Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-0508
Cross-site request forgery (CSRF) vulnerability in deans_permalinks_migration.php in the Dean's Permalinks Migration 1.0 plugin for WordPress allows remote attackers to modify the oldstructure (aka dean_pm_config[oldstructure]) configuration setting as administrators via the old_struct parameter in a deans_permalinks_migration.php action to wp-admin/options-general.php, as demonstrated by placing an XSS sequence in this setting. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en deans_permalinks_migration.php en el plugin Dean's Permalinks Migration 1.0 para WordPress, permite a atacantes remotos modificar la configuración de oldstructure (también conocido como dean_pm_config[oldstructure]) como administradores a través del parámetro old_struct en una acción deans_permalinks_migration.php a wp-admin/options-general.php, como se demostró poniendo una secuencia XSS en este ajuste de la configuración. • http://g30rg3x.com/wp-files/dpm_11gx.zip http://g30rg3x.com/xsrf-bajo-deans-permalinks-migration-10 http://packetstorm.linuxsecurity.com/0801-advisories/deans-xsrf.txt http://secunia.com/advisories/28593 http://securityreason.com/securityalert/3595 http://www.securityfocus.com/archive/1/486840/100/0/threaded http://www.vupen.com/english/advisories/2008/0281 https://exchange.xforce.ibmcloud.com/vulnerabilities/39845 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 6%CPEs: 1EXPL: 2CVE-2008-0388 – WP-Forum <= 1.7.4 - Remote SQL Injection
https://notcve.org/view.php?id=CVE-2008-0388
SQL injection vulnerability in the WP-Forum 1.7.4 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the user parameter in a showprofile action to the default URI. Vulnerabilidad de inyección SQL en el añadido WP-Forum 1.7.4 para WordPress permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro user en una acción showprofile en la URI por defecto. • https://www.exploit-db.com/exploits/4939 http://archives.neohapsis.com/archives/bugtraq/2008-02/0272.html http://osvdb.org/52211 http://secunia.com/advisories/28567 http://weblogtoolscollection.com/archives/2008/01/21/wp-forum-plugin-security-bulletin http://www.securityfocus.com/bid/27362 http://www.vupen.com/english/advisories/2008/0235 https://exchange.xforce.ibmcloud.com/vulnerabilities/39800 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •