Show filters
47 Total Results
Displaying 21-30 of 47
Sort by:
Attacker Value
Unknown

CVE-2023-6360

Disclosure Date: November 30, 2023 (last updated December 06, 2023)
The 'My Calendar' WordPress Plugin, version < 3.4.22 is affected by an unauthenticated SQL injection vulnerability in the 'from' and 'to' parameters in the '/my-calendar/v1/events' rest route.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-34377

Disclosure Date: August 05, 2023 (last updated October 08, 2023)
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joseph C Dolson My Content Management plugin <= 1.7.6 versions.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2013-0317

Disclosure Date: March 27, 2013 (last updated October 05, 2023)
Cross-site scripting (XSS) vulnerability in the Manager Change for Organic Groups (og_manager_change) module 7.x-2.x before 7.x-2.1 for Drupal might allow remote attackers to inject arbitrary web script or HTML via the username in the new manager autocomplete field.
0
0
Attacker Value
Unknown

CVE-2012-6527

Disclosure Date: January 31, 2013 (last updated December 27, 2023)
Cross-site scripting (XSS) vulnerability in the My Calendar plugin before 1.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
0
0
Attacker Value
Unknown

CVE-2010-5000

Disclosure Date: November 02, 2011 (last updated October 04, 2023)
SQL injection vulnerability in login/login_index.php in MCLogin System 1.1 and 1.2 allows remote attackers to execute arbitrary SQL commands via the myusername parameter (aka Username field) in a do_login action. NOTE: some of these details are obtained from third party information.
0
0
Attacker Value
Unknown

CVE-2010-4858

Disclosure Date: October 05, 2011 (last updated October 04, 2023)
Directory traversal vulnerability in team.rc5-72.php in DNET Live-Stats 0.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the showlang parameter.
0
0
Attacker Value
Unknown

CVE-2010-2122

Disclosure Date: June 01, 2010 (last updated October 04, 2023)
Directory traversal vulnerability in the SimpleDownload (com_simpledownload) component before 0.9.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
0
0
Attacker Value
Unknown

CVE-2010-2047

Disclosure Date: May 25, 2010 (last updated October 04, 2023)
SQL injection vulnerability in index.php in JE CMS 1.0.0 and 1.1 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewcategory action. NOTE: some of these details are obtained from third party information.
0
0
Attacker Value
Unknown

CVE-2009-3783

Disclosure Date: October 26, 2009 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vector.
0
0
Attacker Value
Unknown

CVE-2009-3784

Disclosure Date: October 26, 2009 (last updated October 04, 2023)
Open redirect vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
0
0
View More Topics  < Previous  Next >