RSS   Vulnerabilities for 'Sniplets plugin'   RSS

2008-02-28
 
CVE-2008-1061

CWE-79
 
 
Multiple cross-site scripting (XSS) vulnerabilities in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to (a) warning.php, (b) notice.php, and (c) inset.php in view/sniplets/, and possibly (d) modules/execute.php; the (2) url parameter to (e) view/admin/submenu.php; and the (3) page parameter to (f) view/admin/pager.php.

 
 
CVE-2008-1060

CWE-94
 
 
Eval injection vulnerability in modules/execute.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via the text parameter.

 
 
CVE-2008-1059

CWE-94
 
 
PHP remote file inclusion vulnerability in modules/syntax_highlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter.

 

 >>> Vendor: Wordpress 54 Products
Wordpress
Wordpress mu
BLIX
Blixed
Blixkrieg
Unamed theme
Unamed theme se
Sirius
POOL
Wordpressclassic
Pictpress
Wp-contactform
Cryptographp
Math comment spam protection plugin
Captcha
Filemanager
Wp forum
Wp cal plugin
Fgallery plugin
Adserve
Permalinks migration plugin
Wassup plugin
Wordspew
St newsletter plugin
Wp-footnotes
Search unleashed plugin
Dean logan wp-people plugin
Photo album plugin
Sniplets plugin
Wp download
WPSS
Download monitor plugin
Upload file plugin
Wp downloads manager
Spambam plugin
Page flip image gallery plugin
Peter's math anti-spam for wordpress
Wordpress-users
Fcchat widget
Plugin newsletter plugin
Alert before you post
Lanoba social plugin
Slideshow gallery2
Pay-with-tweet
Audio player
Terillion reviews plugin
Wp maintenance mode plugin
Booking system
Twitget plugin
Alipay plugin
Cbi referral manager
Amasin plugin
Gb gallery slideshow plugin
Mail plugin

Copyright 2024, cxsecurity.com

 

Back to Top