|
257631
|
- |
|
wordpress
|
wordpress
|
wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publish_posts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contr…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-5270
|
2014-01-22 02:31 |
2014-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257632
|
- |
|
wordpress
|
wordpress
|
WordPress before 3.0.1, when a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators t…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-5297
|
2014-01-22 02:28 |
2014-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257633
|
- |
|
wordpress
|
wordpress
|
wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticate…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-5296
|
2014-01-22 02:20 |
2014-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257634
|
- |
|
wordpress
|
wordpress
|
Cross-site scripting (XSS) vulnerability in wp-admin/plugins.php in WordPress before 3.0.2 might allow remote attackers to inject arbitrary web script or HTML via a plugin's author field, which is no…
|
CWE-79
Cross-site Scripting
|
CVE-2010-5295
|
2014-01-22 02:19 |
2014-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257635
|
- |
|
wordpress
|
wordpress
|
Multiple cross-site scripting (XSS) vulnerabilities in the request_filesystem_credentials function in wp-admin/includes/file.php in WordPress before 3.0.2 allow remote servers to inject arbitrary web…
|
CWE-79
Cross-site Scripting
|
CVE-2010-5294
|
2014-01-22 02:18 |
2014-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257636
|
- |
|
wordpress
|
wordpress
|
wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafte…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-5293
|
2014-01-22 02:16 |
2014-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257637
|
- |
|
sonatype
|
nexus
|
Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to unmarshalling of unintended Object types.
|
CWE-94
Code Injection
|
CVE-2014-0792
|
2014-01-21 23:14 |
2014-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257638
|
- |
|
rick_mead
|
media_library_categories
|
Multiple cross-site scripting (XSS) vulnerabilities in the Media Library Categories plugin 1.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) bulk parameter…
|
CWE-79
Cross-site Scripting
|
CVE-2012-6630
|
2014-01-18 04:16 |
2014-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257639
|
- |
|
xyzscripts
|
newsletter_manager
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Newsletter Manager plugin 1.0.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for r…
|
CWE-352
Origin Validation Error
|
CVE-2012-6629
|
2014-01-18 03:51 |
2014-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257640
|
- |
|
xyzscripts
|
newsletter_manager
|
Multiple cross-site scripting (XSS) vulnerabilities in the Newsletter Manager plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) xyz_em_campNa…
|
CWE-79
Cross-site Scripting
|
CVE-2012-6628
|
2014-01-18 03:50 |
2014-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
