Search criteria
3 vulnerabilities by tom_braider
CVE-2012-3434 (GCVE-0-2012-3434)
Vulnerability from cvelistv5 – Published: 2012-08-15 21:00 – Updated: 2024-09-16 23:05
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in userperspan.php in the Count Per Day module before 3.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) datemin, or (3) datemax parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.darksecurity.de/advisories/2012/SSCHAD… | x_refsource_MISC |
| http://secunia.com/advisories/49692 | third-party-advisoryx_refsource_SECUNIA |
| http://plugins.trac.wordpress.org/changeset/57192… | x_refsource_CONFIRM |
| http://www.osvdb.org/83491 | vdb-entryx_refsource_OSVDB |
| http://www.openwall.com/lists/oss-security/2012/07/27/2 | mailing-listx_refsource_MLIST |
| http://www.tomsdimension.de/wp-plugins/count-per-day | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2012/07/24/4 | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-015.txt"
},
{
"name": "49692",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49692"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plugins.trac.wordpress.org/changeset/571926/count-per-day"
},
{
"name": "83491",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/83491"
},
{
"name": "[oss-security] 20120727 Re: CVE-request: WordPress plugin Count Per Day XSS (SSCHADV2012-015)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/27/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tomsdimension.de/wp-plugins/count-per-day"
},
{
"name": "[oss-security] 20120724 CVE-request: WordPress plugin Count Per Day XSS (SSCHADV2012-015)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/24/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in userperspan.php in the Count Per Day module before 3.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) datemin, or (3) datemax parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-15T21:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-015.txt"
},
{
"name": "49692",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49692"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plugins.trac.wordpress.org/changeset/571926/count-per-day"
},
{
"name": "83491",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/83491"
},
{
"name": "[oss-security] 20120727 Re: CVE-request: WordPress plugin Count Per Day XSS (SSCHADV2012-015)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/27/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tomsdimension.de/wp-plugins/count-per-day"
},
{
"name": "[oss-security] 20120724 CVE-request: WordPress plugin Count Per Day XSS (SSCHADV2012-015)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/24/4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3434",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in userperspan.php in the Count Per Day module before 3.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) datemin, or (3) datemax parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-015.txt",
"refsource": "MISC",
"url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-015.txt"
},
{
"name": "49692",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49692"
},
{
"name": "http://plugins.trac.wordpress.org/changeset/571926/count-per-day",
"refsource": "CONFIRM",
"url": "http://plugins.trac.wordpress.org/changeset/571926/count-per-day"
},
{
"name": "83491",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/83491"
},
{
"name": "[oss-security] 20120727 Re: CVE-request: WordPress plugin Count Per Day XSS (SSCHADV2012-015)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/07/27/2"
},
{
"name": "http://www.tomsdimension.de/wp-plugins/count-per-day",
"refsource": "CONFIRM",
"url": "http://www.tomsdimension.de/wp-plugins/count-per-day"
},
{
"name": "[oss-security] 20120724 CVE-request: WordPress plugin Count Per Day XSS (SSCHADV2012-015)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/07/24/4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3434",
"datePublished": "2012-08-15T21:00:00.000Z",
"dateReserved": "2012-06-14T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:05:49.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0895 (GCVE-0-2012-0895)
Vulnerability from cvelistv5 – Published: 2012-01-20 17:00 – Updated: 2024-08-06 18:38
VLAI
Summary
Cross-site scripting (XSS) vulnerability in map/map.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://wordpress.org/extend/plugins/count-per-day… | x_refsource_CONFIRM |
| http://www.exploit-db.com/exploits/18355 | exploitx_refsource_EXPLOIT-DB |
| http://plugins.trac.wordpress.org/changeset/48888… | x_refsource_CONFIRM |
| http://secunia.com/advisories/47529 | third-party-advisoryx_refsource_SECUNIA |
| http://osvdb.org/78271 | vdb-entryx_refsource_OSVDB |
| http://packetstormsecurity.org/files/108631/count… | x_refsource_MISC |
| http://www.securityfocus.com/bid/51402 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2012-01-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:15.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wordpress.org/extend/plugins/count-per-day/changelog/"
},
{
"name": "18355",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18355"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plugins.trac.wordpress.org/changeset/488883/count-per-day"
},
{
"name": "47529",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47529"
},
{
"name": "78271",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78271"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/108631/countperday-downloadxss.txt"
},
{
"name": "51402",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51402"
},
{
"name": "countperday-map-xss(72384)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72384"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in map/map.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wordpress.org/extend/plugins/count-per-day/changelog/"
},
{
"name": "18355",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18355"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plugins.trac.wordpress.org/changeset/488883/count-per-day"
},
{
"name": "47529",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47529"
},
{
"name": "78271",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78271"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/108631/countperday-downloadxss.txt"
},
{
"name": "51402",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51402"
},
{
"name": "countperday-map-xss(72384)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72384"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0895",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in map/map.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wordpress.org/extend/plugins/count-per-day/changelog/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/extend/plugins/count-per-day/changelog/"
},
{
"name": "18355",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18355"
},
{
"name": "http://plugins.trac.wordpress.org/changeset/488883/count-per-day",
"refsource": "CONFIRM",
"url": "http://plugins.trac.wordpress.org/changeset/488883/count-per-day"
},
{
"name": "47529",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47529"
},
{
"name": "78271",
"refsource": "OSVDB",
"url": "http://osvdb.org/78271"
},
{
"name": "http://packetstormsecurity.org/files/108631/countperday-downloadxss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/108631/countperday-downloadxss.txt"
},
{
"name": "51402",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51402"
},
{
"name": "countperday-map-xss(72384)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72384"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0895",
"datePublished": "2012-01-20T17:00:00.000Z",
"dateReserved": "2012-01-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:38:15.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0896 (GCVE-0-2012-0896)
Vulnerability from cvelistv5 – Published: 2012-01-20 17:00 – Updated: 2024-08-06 18:38
VLAI
Summary
Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://wordpress.org/extend/plugins/count-per-day… | x_refsource_CONFIRM |
| http://www.exploit-db.com/exploits/18355 | exploitx_refsource_EXPLOIT-DB |
| http://osvdb.org/78270 | vdb-entryx_refsource_OSVDB |
| http://plugins.trac.wordpress.org/changeset/48888… | x_refsource_CONFIRM |
| http://secunia.com/advisories/47529 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://packetstormsecurity.org/files/108631/count… | x_refsource_MISC |
| http://www.securityfocus.com/bid/51402 | vdb-entryx_refsource_BID |
Date Public
2012-01-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:15.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wordpress.org/extend/plugins/count-per-day/changelog/"
},
{
"name": "18355",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18355"
},
{
"name": "78270",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78270"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plugins.trac.wordpress.org/changeset/488883/count-per-day"
},
{
"name": "47529",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47529"
},
{
"name": "countperday-download-file-download(72385)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72385"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/108631/countperday-downloadxss.txt"
},
{
"name": "51402",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51402"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wordpress.org/extend/plugins/count-per-day/changelog/"
},
{
"name": "18355",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18355"
},
{
"name": "78270",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78270"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plugins.trac.wordpress.org/changeset/488883/count-per-day"
},
{
"name": "47529",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47529"
},
{
"name": "countperday-download-file-download(72385)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72385"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/108631/countperday-downloadxss.txt"
},
{
"name": "51402",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51402"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0896",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wordpress.org/extend/plugins/count-per-day/changelog/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/extend/plugins/count-per-day/changelog/"
},
{
"name": "18355",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18355"
},
{
"name": "78270",
"refsource": "OSVDB",
"url": "http://osvdb.org/78270"
},
{
"name": "http://plugins.trac.wordpress.org/changeset/488883/count-per-day",
"refsource": "CONFIRM",
"url": "http://plugins.trac.wordpress.org/changeset/488883/count-per-day"
},
{
"name": "47529",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47529"
},
{
"name": "countperday-download-file-download(72385)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72385"
},
{
"name": "http://packetstormsecurity.org/files/108631/countperday-downloadxss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/108631/countperday-downloadxss.txt"
},
{
"name": "51402",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51402"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0896",
"datePublished": "2012-01-20T17:00:00.000Z",
"dateReserved": "2012-01-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:38:15.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}