Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2011-4077 |
Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname. Published: January 27, 2012; 10:55:04 AM -0500 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2012-0901 |
Cross-site scripting (XSS) vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter. Published: January 20, 2012; 12:55:02 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-0898 |
Directory traversal vulnerability in meb_download.php in the myEASYbackup plugin 1.0.8.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dwn_file parameter. Published: January 20, 2012; 12:55:02 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2012-0896 |
Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter. Published: January 20, 2012; 12:55:01 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2012-0895 |
Cross-site scripting (XSS) vulnerability in map/map.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map parameter. Published: January 20, 2012; 12:55:01 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-5053 |
The Wi-Fi Protected Setup (WPS) protocol, when the "external registrar" authentication method is used, does not properly inform clients about failed PIN authentication, which makes it easier for remote attackers to discover the PIN value, and consequently discover the Wi-Fi network password or reconfigure an access point, by reading EAP-NACK messages. Published: January 06, 2012; 3:55:01 PM -0500 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2012-0287 |
Cross-site scripting (XSS) vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the query string in a POST operation that is not properly handled by the "Duplicate comment detected" feature. Published: January 05, 2012; 11:01:26 PM -0500 |
V3.x:(not available) V2.0: 2.6 LOW |
CVE-2011-5051 |
Multiple unrestricted file upload vulnerabilities in the WP Symposium plugin before 11.12.24 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extension using (1) uploadify/upload_admin_avatar.php or (2) uploadify/upload_profile_avatar.php, then accessing it via a direct request to the file in an unspecified directory inside the webroot. Published: January 04, 2012; 2:55:02 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2011-3841 |
Cross-site scripting (XSS) vulnerability in uploadify/get_profile_avatar.php in the WP Symposium plugin before 11.12.08 for WordPress allows remote attackers to inject arbitrary web script or HTML via the uid parameter. Published: December 27, 2011; 6:55:07 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-4203 |
CRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, 2.1.x before 2.1.3, and 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors involving the url variable. Published: December 22, 2011; 10:29:20 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2011-4803 |
SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. Published: December 13, 2011; 7:55:04 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2011-4673 |
SQL injection vulnerability in modules/sharedaddy.php in the Jetpack plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. Published: December 02, 2011; 1:55:02 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2011-4671 |
SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions before 3.6.8, for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter (aka redirect URL). Published: December 02, 2011; 1:55:00 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2011-4669 |
SQL injection vulnerability in wp-users.php in WordPress Users plugin 1.3 and possibly earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the uid parameter to index.php. Published: December 02, 2011; 11:55:00 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2011-4646 |
SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode when creating a post. NOTE: some of these details are obtained from third party information. Published: November 30, 2011; 2:55:00 PM -0500 |
V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2011-4568 |
Cross-site scripting (XSS) vulnerability in view/frontend-head.php in the Flowplayer plugin before 1.2.12 for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI. Published: November 29, 2011; 6:55:05 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-4562 |
Multiple cross-site scripting (XSS) vulnerabilities in (1) view/admin/log_item.php and (2) view/admin/log_item_details.php in the Redirection plugin 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header in a request to a post that does not exist. Published: November 28, 2011; 4:55:08 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-3364 |
Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file. Published: November 04, 2011; 5:55:03 PM -0400 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2010-4875 |
Cross-site scripting (XSS) vulnerability in vodpod-video-gallery/vodpod_gallery_thumbs.php in the Vodpod Video Gallery Plugin 3.1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gid parameter. Published: October 07, 2011; 6:55:07 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-3981 |
PHP remote file inclusion vulnerability in actions.php in the Allwebmenus plugin 1.1.3 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter. Published: October 04, 2011; 6:55:12 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |