Page 140 of 701 results (0.012 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message. • http://marc.info/?l=bugtraq&m=111661517716733&w=2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-425: Direct Request ('Forced Browsing') •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in template-functions-post.php in WordPress 1.5 and earlier allow remote attackers to execute arbitrary commands via the (1) content or (2) title of the post. • http://bugs.gentoo.org/show_bug.cgi?id=88926 http://marc.info/?l=bugtraq&m=111336102101571&w=2 http://security.gentoo.org/glsa/glsa-200506-04.xml http://wordpress.org/support/topic.php?id=30721 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 8

Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) redirect_to, text, popupurl, or popuptitle parameters to wp-login.php, (2) redirect_url parameter to admin-header.php, (3) popuptitle, popupurl, content, or post_title parameters to bookmarklet.php, (4) cat_ID parameter to categories.php, (5) s parameter to edit.php, or (6) s or mode parameter to edit-comments.php. • https://www.exploit-db.com/exploits/24642 https://www.exploit-db.com/exploits/24643 https://www.exploit-db.com/exploits/24644 https://www.exploit-db.com/exploits/24646 https://www.exploit-db.com/exploits/24645 https://www.exploit-db.com/exploits/24641 http://marc.info/?l=bugtraq&m=109641484723194&w=2 http://secunia.com/advisories/12683 http://securitytracker.com/id?1011440 http://www.securityfocus.com/bid/11268 https://exchange.xforce.ibmcloud.com/vulnerabilities/17532 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 4%CPEs: 1EXPL: 2

CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the text parameter. • https://www.exploit-db.com/exploits/570 http://marc.info/?l=bugtraq&m=109716327724041&w=2 http://secunia.com/advisories/12773 http://wordpress.org/development/2004/10/wp-121 http://www.gentoo.org/security/en/glsa/glsa-200410-12.xml http://www.securityfocus.com/bid/11348 https://exchange.xforce.ibmcloud.com/vulnerabilities/17649 • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable. Una vulnerabilidad de inyección SQL en el archivo log.header.php en WordPress versión 0.7 y anteriores, permite a los atacantes remotos ejecutar comandos SQL arbitrarios por medio de la variable posts. • http://osvdb.org/show/osvdb/4610 http://seclists.org/oss-sec/2012/q1/77 http://secunia.com/advisories/8954 http://www.kernelpanik.org/docs/kernelpanik/wordpressadv.txt http://www.securityfocus.com/bid/7784 https://exchange.xforce.ibmcloud.com/vulnerabilities/12204 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •