Mybloggie XSS Vulnerability
Application: mybloggie Version: 2.1.5 Vendor’s URL: http://mywebland.com/download.php?id=19 Bug type: Cross Site Scripting Risk: Medium Solution: - If you are using this cms, please keep your eyes...
View ArticleWordPress PHP_Self Cross-Site Scripting Vulnerability
Application Affected: WordPress WordPress 2.1.2 WordPress WordPress 2.1.1 WordPress WordPress 2.0.10 WordPress WordPress 2.0.7 WordPress WordPress 2.0.6 WordPress WordPress 2.0.5 WordPress WordPress...
View Articleaflog SQL Injection
Application: aflog Affected Version: 1.01 and other versions. Vendor’s URL: http://aflog.org/ Bug Type: SQL Injection Risk Level: Critical Solution: Edit the source code to ensure that input is...
View ArticleBlogMe PHP “id” SQL Injection
Application: BlogMe Affected Version: version 1.1 and other versions. Vendor’s URL: BlogMe Bug Type: SQL Injection Risk Level: Critical Solution: Edit the source code to ensure that input is properly...
View ArticleMaian Weblog Multiple Cross-Site Scripting
Application: Maian Weblog Affected Version: version 4.0 and other versions. Vendor’s URL: Maian Weblog Bug Type: Cross Site Scripting Risk Level: Medium Solution: Edit the source code to ensure that...
View ArticlemyBloggie SQL Injection
Application: myBloggie Affected Version: version 2.1.6 and other versions. Vendor’s URL: myBloggie Bug Type: SQL Injection Risk Level: Medium Solution: Edit the source code to ensure that input is...
View ArticleCiBlog SQL Injection
Application: CiBlog Affected Version: version 3.1 and other versions. Vendor’s URL: CiBlog Bug Type: SQL Injection Risk Level: Critical Solution: Edit the source code to ensure that input is properly...
View ArticleMovable Type Security Bypass and XSS
Application: Movable Type Affected Version: versions prior to 4.26. Vendor’s URL: Movable Type Bug Type: Security Bypass and Cross Site Scripting Risk Level: Critical Solution: Update to version 4.26...
View ArticleWordPress Plugins Compromised Source Packages Backdoor Security Issue
Application: WordPress Affected Version: WPtouch Plugin (source files were distributed on June 21st, 2011, and possibly prior.) W3 Total Cache Plugin (source files were distributed on June 21st, 2011...
View ArticleWordPress WP e-Commerce Plugin “cart_messages[]” Cross-Site Scripting
Application: WordPress Affected Version: version 3.8.6 and other versions. Vendor’s URL: WP e-Commerce Plugin Bug Type: Cross-Site Scripting Risk Level: Critical Solution: Edit the source code to...
View ArticleWordPress Media Library Categories Plugin “termid” SQL Injection
Application: WordPress Affected Version: version 1.0.6 and other versions. Vendor’s URL: Media Library Categories Plugin Bug Type: SQL Injection Risk Level: Critical Solution: Edit the source code to...
View ArticleWordPress UPM Polls Plugin “qid” SQL Injection
Application: WordPress Affected Version: version 1.0.3 and prior versions. Vendor’s URL: UPM Polls Plugin Bug Type: SQL Injection Risk Level: Critical Solution: Update to version 1.0.4.
View ArticleWordPress Link Library Plugin “id” Cross-Site Scripting and SQL Injection
Application: WordPress Affected Version: version 5.0.8 and other versions. Vendor’s URL: Link Library Plugin Bug Type: Cross-Site Scripting and SQL Injection Risk Level: Critical Solution: Edit the...
View ArticleWordPress All in One Adsense and YPN Plugin Security Bypass
Application: WordPress Affected Version: version 2.01 and other versions. Vendor’s URL: All in One Adsense and YPN Plugin Bug Type: Security Bypass Risk Level: Critical Solution: Restrict access to the...
View ArticleWordPress Odihost Newsletter Plugin “id” SQL Injection
Application: WordPress Affected Version: version 1.0 and other versions. Vendor’s URL: Odihost Newsletter Plugin Bug Type: SQL Injection Risk Level: Critical Solution: Edit the source code to ensure...
View ArticleWordPress WP DS FAQ Plugin “id” SQL Injection
Application: WordPress Affected Version: version 1.3.2 Vendor’s URL: WP DS FAQ Plugin Bug Type: SQL Injection Risk Level: Critical Solution: Edit the source code to ensure that input is properly...
View ArticleWordPress File Groups Plugin “fgid” SQL Injection
Application: WordPress Affected Version: version 1.1.2 and prior versions. Vendor’s URL: File Groups Plugin Bug Type: SQL Injection Risk Level: Critical Solution: Update to version 1.1.3.
View ArticleWordPress Menu Creator Plugin “menu_id” SQL Injection
Application: WordPress Affected Version: version 1.1.7 and other versions. Vendor’s URL: Menu Creator Plugin Bug Type: SQL Injection Risk Level: Critical Solution: Edit the source code to ensure that...
View ArticleWordPress Global Content Blocks Plugin “gcb” SQL Injection
Application: WordPress Affected Version: version 1.2 and other versions. Vendor’s URL: Global Content Blocks Plugin Bug Type: SQL Injection Risk Level: Critical Solution: Update to version 1.3.
View ArticleWordPress UnGallery Plugin “pic”, “zip”, and “movie” File Disclosure
Application: WordPress Affected Version: version 1.5.8 and prior versions. Vendor’s URL: UnGallery Plugin Bug Type: File Disclosure Risk Level: Critical Solution: Update to version 1.5.9.
View ArticleWordPress WP Symposium Plugin “uid” SQL Injection
Application: WordPress Affected Version: version 0.64 and prior versions. Vendor’s URL: WP Symposium Plugin Bug Type: SQL Injection Risk Level: Critical Solution: Update to version 11.8.18.
View ArticleWordPress SmoothGallery Plugin “src” Arbitrary File Upload
Application: WordPress Affected Version: version 1.15.1 and prior versions Vendor’s URL: SmoothGallery Plugin Bug Type: File Upload Risk Level: Critical Solution: Update to version 1.15.2.
View ArticleWordPress YSlider Plugin “src” Arbitrary File Upload
Application: WordPress Affected Version: version 1.0 and prior versions. Vendor’s URL: YSlider Plugin Bug Type: File Upload Risk Level: Critical Solution: Update to version 1.1.
View ArticleWordPress Redirection Plugin “Referer” Header Script Insertion
Application: WordPress Affected Version: version 2.2.9 and prior versions. Vendor’s URL: Redirection Plugin Bug Type: Cross Site Scripting Risk Level: Critical Solution: Update to version 2.2.10.
View Article