872 matches found
CVE-2014-3844
The TinyMCE Color Picker plugin before 1.2 for WordPress does not properly check permissions, which allows remote attackers to modify plugin settings via unspecified vectors. NOTE: some of these details are obtained from third party information...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the TinyMCE Color Picker plugin before 1.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that change plugin settings via unknown vectors. NOTE: some of these details are obtained from third par...
Information disclosure
The TinyMCE Color Picker plugin before 1.2 for WordPress does not properly check permissions, which allows remote attackers to modify plugin settings via unspecified vectors. NOTE: some of these details are obtained from third party information...
CVE-2014-3844
The TinyMCE Color Picker plugin before 1.2 for WordPress does not properly check permissions, which allows remote attackers to modify plugin settings via unspecified vectors. NOTE: some of these details are obtained from third party information...
CVE-2014-3844
CVE-2014-3844 affects the TinyMCE Color Picker plugin for WordPress (before version 1.2). The root cause is a permissions check flaw that allows remote attackers to modify plugin settings via unspecified vectors. Affected: TinyMCE Color Picker plugin in WordPress; Impact: unauthorized configurati...
CVE-2014-3845
Cross-site request forgery CSRF vulnerability in the TinyMCE Color Picker plugin before 1.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that change plugin settings via unknown vectors. NOTE: some of these details are obtained from third par...
CVE-2014-3845
CVE-2014-3845 affects the TinyMCE Color Picker WordPress plugin before version 1.2. The vulnerability is a Cross-site request forgery (CSRF) that allows remote attackers to hijack the authentication of unspecified users to perform requests that change plugin settings via unknown vectors. The unde...
WordPress TinyMCE Color Picker Plugin <= 1.1 - Security Bypass
Because of this vulnerability, the attackers can modify plugin settings via unspecified vectors. Solution Update the plugin...
WordPress TinyMCE Color Picker Plugin <= 1.1 - CSRF
Because of this vulnerability, the attackers can hijack the authentication of unspecified users for requests that change plugin settings via unknown vectors. Solution Update the plugin...
TinyMCE Color Picker 1.1 - tinymce-colorpicker.php Color Saving CSRF
The TinyMCE Color Picker WordPress plugin was affected by a tinymce-colorpicker.php Color Saving CSRF security vulnerability...
CVE-2012-4230
The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the 1 encoding directive and 2 validelements attribute, which allows attackers to conduct cross-site scripting XSS attacks via application-specific vectors, as demonstrated using a textarea element...
CVE-2012-4230
The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the 1 encoding directive and 2 validelements attribute, which allows attackers to conduct cross-site scripting XSS attacks via application-specific vectors, as demonstrated using a textarea element...
Cross site scripting
The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the 1 encoding directive and 2 validelements attribute, which allows attackers to conduct cross-site scripting XSS attacks via application-specific vectors, as demonstrated using a textarea element...
CVE-2012-4230
The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the 1 encoding directive and 2 validelements attribute, which allows attackers to conduct cross-site scripting XSS attacks via application-specific vectors, as demonstrated using a textarea element...
CVE-2012-4230
CVE-2012-4230 affects the TinyMCE 3.5.8 bbcode plugin, where the plugin does not properly enforce the security policy for two directives: (1) encoding and (2) valid_elements. This misconfiguration allows attackers to perform cross-site scripting (XSS) via application-specific vectors, demonstrate...
CVE-2012-4230
Removed by vendor...
Fedora Update for drupal6-image_resize_filter FEDORA-2014-2612
Check for the Version of drupal6-imageresizefilter OpenVAS Vulnerability Test Fedora Update for drupal6-imageresizefilter FEDORA-2014-2612 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...
Fedora 20 : moodle-2.5.3-1.fc20 (2013-21312)
Latest upstreams, multiple security fixes. Name: CVE-2013-6780 URL: https://vulners.com/cve/CVE-2013-6780 Assigned: 20131112 Reference: https://yuilibrary.com/support/20131111-vulnerability/ Cross-site scripting XSS vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 2.5.0 throu...
TinyMCE 3.2.7 SQL Injection / Shell Upload
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...
TinyMCE v3.2.x <= (AuthBypass/ShellUpload) Multiple Vulnerabilites
TinyMCE v3.2.7 or ..X is suffer from Multiple vuln's / bug :p Remote Attacker can bypassin auth and upload files , shell's etc... 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit...