Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Wordpress
  • Search Type: Search All
There are 3,690 matching records.
Displaying matches 3,401 through 3,420.
Vuln ID Summary CVSS Severity
CVE-2010-4518

Cross-site scripting (XSS) vulnerability in wp-safe-search/wp-safe-search-jx.php in the Safe Search plugin 0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the v1 parameter.

Published: December 09, 2010; 4:00:02 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-4479

Unspecified vulnerability in pdf.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka "bb #2380," a different vulnerability than CVE-2010-4260.

Published: December 07, 2010; 8:53:30 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-4261

Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party information.

Published: December 07, 2010; 8:53:29 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-4260

Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV before 0.96.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka (1) "bb #2358" and (2) "bb #2396."

Published: December 07, 2010; 8:53:29 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2010-4257

SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field.

Published: December 07, 2010; 8:53:29 AM -0500
V3.x:(not available)
V2.0: 6.0 MEDIUM
CVE-2010-4403

The Register Plus plugin 3.5.1 and earlier for WordPress allows remote attackers to obtain sensitive information via a direct request to (1) dash_widget.php and (2) register-plus.php, which reveals the installation path in an error message.

Published: December 06, 2010; 8:37:32 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2010-4402

Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Register Plus plugin 3.5.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) firstname, (2) lastname, (3) website, (4) aim, (5) yahoo, (6) jabber, (7) about, (8) pass1, and (9) pass2 parameters in a register action.

Published: December 06, 2010; 8:37:32 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-3445

Stack consumption vulnerability in the dissect_ber_unknown function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.4.x before 1.4.1 and 1.2.x before 1.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a long string in an unknown ASN.1/BER encoded packet, as demonstrated using SNMP.

Published: November 26, 2010; 2:00:07 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2010-3851

libguestfs before 1.5.23, as used in virt-v2v, virt-inspector 1.5.3 and earlier, and possibly other products, when a raw-format disk image is used, allows local guest OS administrators to read files from the host via a crafted (1) qcow2, (2) VMDK, or (3) VDI header, related to lack of support for a disk format specifier.

Published: November 04, 2010; 2:00:02 PM -0400
V3.x:(not available)
V2.0: 4.7 MEDIUM
CVE-2010-3977

Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters.

Published: November 03, 2010; 9:37:09 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-0405

Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.

Published: September 28, 2010; 2:00:02 PM -0400
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-2010-2924

SQL injection vulnerability in myLDlinker.php in the myLinksDump Plugin 1.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the url parameter. NOTE: some of these details are obtained from third party information.

Published: July 30, 2010; 4:30:04 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-1855

SQL injection vulnerability in auktion.php in Pay Per Watch & Bid Auktions System allows remote attackers to execute arbitrary SQL commands via the id_auk parameter.

Published: May 07, 2010; 4:30:01 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-1365

SQL injection vulnerability in index.php in Uiga Fan Club, as downloaded on 20100310, allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action.

Published: April 13, 2010; 4:30:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-1148

The cifs_create function in fs/cifs/dir.c in the Linux kernel 2.6.33.2 and earlier allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a NULL nameidata (aka nd) field in a POSIX file-creation request to a server that supports UNIX extensions.

Published: April 12, 2010; 1:30:00 PM -0400
V3.x:(not available)
V2.0: 4.7 MEDIUM
CVE-2010-1338

SQL injection vulnerability in ts_other.php in the Teamsite Hack plugin 3.0 and earlier for WoltLab Burning Board allows remote attackers to execute arbitrary SQL commands via the userid parameter in a modboard action.

Published: April 09, 2010; 2:30:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-1186

Cross-site scripting (XSS) vulnerability in xml/media-rss.php in the NextGEN Gallery plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the mode parameter.

Published: April 07, 2010; 11:30:00 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-1271

SQL injection vulnerability in showplugs.php in smartplugs 1.3 allows remote attackers to execute arbitrary SQL commands via the domain parameter.

Published: April 06, 2010; 12:30:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-0751

The ip_evictor function in ip_fragment.c in libnids before 1.24, as used in dsniff and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via crafted fragmented packets.

Published: April 06, 2010; 12:30:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2010-1270

SQL injection vulnerability in auktion.php in Multi Auktions Komplett System 2 allows remote attackers to execute arbitrary SQL commands via the id_auk parameter.

Published: April 06, 2010; 11:30:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH