CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4352
https://notcve.org/view.php?id=CVE-2015-4352
15 Jun 2015 — Cross-site request forgery (CSRF) vulnerability in the Spider Video Player module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete videos via unspecified vectors. Vulnerabilidad de CSRF en el módulo Spider Video Player para Drupal permite a atacantes remotos secuestrar la autenticación de administradores para solicitudes que eliminan vídeos a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2015/04/25/6 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4350
https://notcve.org/view.php?id=CVE-2015-4350
15 Jun 2015 — Multiple cross-site request forgery (CSRF) vulnerabilities in the Spider Catalog module for Drupal allow remote attackers to hijack the authentication of administrators for requests that delete (1) products, (2) ratings, or (3) categories via unspecified vectors. Múltiples vulnerabilidades de CSRF en el módulo Spider Catalog para Drupal permiten a atacantes remotos secuestrar la autenticación de administradores para solicitudes que eliminan (1) productos, (2) calificaciones o (3) categorías a través de vect... • http://www.openwall.com/lists/oss-security/2015/04/25/6 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4351
https://notcve.org/view.php?id=CVE-2015-4351
15 Jun 2015 — The Spider Video Player module for Drupal allows remote authenticated users with the "access Spider Video Player administration" permission to delete arbitrary files via a crafted URL. El módulo Spider Video Player para Drupal permite a usuarios remotos autenticados con el permiso 'acceso a la administración de Spider Video Player' eliminas ficheros arbitrarios a través de una URL manipulada. • http://www.openwall.com/lists/oss-security/2015/04/25/6 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 41%CPEs: 1EXPL: 4CVE-2015-2562 – Joomla! Component ECommerce-WD 1.2.5 - SQL Injection
https://notcve.org/view.php?id=CVE-2015-2562
20 Mar 2015 — Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) search_category_id, (2) sort_order, or (3) filter_manufacturer_ids in a displayproducts action to index.php. Múltiples vulnerabilidades de inyección SQL en el componente Web-Dorado ECommerce WD (com_ecommercewd) 1.2.5 de Joomla! permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de (1) search_category_id, ... • https://packetstorm.news/files/id/181185 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 2CVE-2015-2196 – SpiderCalendar <= 1.4.9 - Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2015-2196
13 Feb 2015 — SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php. Vulnerabilidad de inyección SQL en Spider Event Calendar 1.4.9 para WordPress permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro cat_id en una acción spiderbigcalendar_month en wp-admin/admin-ajax.php. • https://www.exploit-db.com/exploits/36061 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1582 – WDSocialWidgets < 1.0.11 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-1582
26 Jan 2015 — Multiple cross-site scripting (XSS) vulnerabilities in the Spider Facebook plugin before 1.0.11 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the appid parameter in a registration task to the default URI or remote administrators to inject arbitrary web script or HTML via the (2) asc_or_desc, (3) order_by, (4) page_number, (5) serch_or_not, or (6) search_events_by_title parameter in (a) the Spider_Facebook_manage page to wp-admin/admin.php or a (b) selectpagesforfacebook... • http://packetstormsecurity.com/files/130318/WordPress-Spider-Facebook-1.0.10-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2014-8584 – SpiderVPlayer <= 1.5.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-8584
04 Nov 2014 — Cross-site scripting (XSS) vulnerability in the Web Dorado Spider Video Player (aka WordPress Video Player) plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el plugin Web Dorado Spider Video Player (también conocido como WordPress Video Player) anterior a 1.5.2 para WordPress permite a atacantes remtoos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • https://wordpress.org/plugins/player/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •