| Max CVSS | 10.0 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2008-4796 | 10.0 |
The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitra
|
30-09-2021 - 15:13 | 30-10-2008 - 20:56 | |
| CVE-2008-1502 | 4.3 |
The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks
|
01-12-2020 - 14:52 | 25-03-2008 - 19:44 | |
| CVE-2008-4106 | 5.1 |
WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames, which allows rem
|
11-10-2018 - 20:50 | 18-09-2008 - 17:59 | |
| CVE-2009-2334 | 4.9 |
wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a configuration file in the page parameter to obtain sensit
|
10-10-2018 - 19:39 | 10-07-2009 - 21:00 | |
| CVE-2009-2851 | 4.3 |
Cross-site scripting (XSS) vulnerability in the administrator interface in WordPress before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via a comment author URL.
|
07-12-2017 - 21:36 | 18-08-2009 - 21:00 | |
| CVE-2009-2854 | 6.4 |
Wordpress before 2.8.3 does not check capabilities for certain actions, which allows remote attackers to make unauthorized edits or additions via a direct request to (1) edit-comments.php, (2) edit-pages.php, (3) edit.php, (4) edit-category-form.php,
|
22-11-2017 - 17:17 | 18-08-2009 - 21:00 | |
| CVE-2009-2853 | 10.0 |
Wordpress before 2.8.3 allows remote attackers to gain privileges via a direct request to (1) admin-footer.php, (2) edit-category-form.php, (3) edit-form-advanced.php, (4) edit-form-comment.php, (5) edit-link-category-form.php, (6) edit-link-form.php
|
16-11-2017 - 20:30 | 18-08-2009 - 21:00 | |
| CVE-2008-6762 | 4.3 |
Open redirect vulnerability in wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backto parameter.
|
17-08-2017 - 01:29 | 28-04-2009 - 16:30 | |
| CVE-2008-6767 | 10.0 |
wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to upgrade the application, and possibly cause a denial of service (application outage), via a direct request.
|
17-08-2017 - 01:29 | 28-04-2009 - 16:30 | |
| CVE-2008-5113 | 4.0 |
WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by at
|
08-08-2017 - 01:33 | 17-11-2008 - 23:30 | |
| CVE-2008-4769 | 9.3 |
Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php.
|
08-08-2017 - 01:32 | 28-10-2008 - 10:30 |