872 matches found
CVE-2013-3630
Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor...
CVE-2013-3630
Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor...
UBUNTU-CVE-2013-3630
Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor...
Code injection
Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor...
CVE-2013-3630
Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor...
CVE-2013-3630
Moodle up to version 2.5.2 contains a remote code execution vulnerability: remote authenticated administrators can configure the aspell path and trigger spell-check in TinyMCE to execute arbitrary commands. The root cause is misconfiguration of the spellchecking mechanism (aspell path), enabling ...
WebTester 5.x SQL Injection / File Upload / Disclosure
========================================================================================== WebTester 5.x Multiple Vulnerabilities ==========================================================================================...
[PT-2013-41] Arbitrary Code Execution in Ajax File and Image Manager
----------------------------------------------------------- PT-2013-41 Positive Technologies Security Advisory Arbitrary Code Execution in Ajax File and Image Manager ----------------------------------------------------------- --- Vulnerable software Ajax File and Image Manager Version: 1.1 and...
Unauthenticated enumeration of resource information via tinymce plugin
It is possible for unauthenticated users to retrieve a large amount of information from a Confluence instance, including page titles, attachment filenames, and username, by making calls to the link REST API in the confluence-tinymce-plugin. This is effective even when the anonymous user does not...
Ajax File And Image Manager 1.1 Code Execution
----------------------------------------------------------- PT-2013-41 Positive Technologies Security Advisory Arbitrary Code Execution in Ajax File and Image Manager ----------------------------------------------------------- --- Vulnerable software Ajax File and Image Manager Version: 1.1 and...
CS, XSS and FPD vulnerabilities in MCImageManager for TinyMCE
Hello 3APA3A! I want to warn you about vulnerabilities in Moxiecode Image Manager MCImageManager. This is commercial plugin for TinyMCE. It concerns as MCImageManager, as all web applications which have MCImageManager in their bundle. These are Content Spoofing, Cross-Site Scripting and Full Path...
CS, XSS and FPD vulnerabilities in MCImageManager for TinyMCE
Hello 3APA3A! I want to warn you about vulnerabilities in Moxiecode Image Manager MCImageManager. This is commercial plugin for TinyMCE. It concerns as MCImageManager, as all web applications which have MCImageManager in their bundle. These are Content Spoofing, Cross-Site Scripting and Full Path...
CS, XSS and FPD vulnerabilities in MCImageManager for TinyMCE
Hello 3APA3A! I want to warn you about vulnerabilities in Moxiecode Image Manager MCImageManager. This is commercial plugin for TinyMCE. It concerns as MCImageManager, as all web applications which have MCImageManager in their bundle. These are Content Spoofing, Cross-Site Scripting and Full Path...
Moxiecode Image Manager 3.1.5 XSS / Content Spoofing / Disclosure
Hello list! I want to warn you about vulnerabilities in Moxiecode Image Manager MCImageManager. This is commercial plugin for TinyMCE. It concerns as MCImageManager, as all web applications which have MCImageManager in their bundle. These are Content Spoofing, Cross-Site Scripting and Full Path...
FreeBSD : wordpress -- multiple vulnerabilities (049332d2-f6e1-11e2-82f3-000c29ee3065)
The wordpress development team reports : - Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site - Disallow contributors from improperly publishing posts - An update to the SWFUpload external library to fix cross-site scripting...
CVE-2012-3414
Cross-site scripting XSS vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the...
DEBIAN-CVE-2012-3414
Cross-site scripting XSS vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the...
CVE-2012-3414
Cross-site scripting XSS vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the...
Cross site scripting
Cross-site scripting XSS vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the...
CVE-2012-3414
CVE-2012-3414 describes a cross-site scripting (XSS) vulnerability in the SWFUpload component (movieName parameter) used by SWFUpload 2.2.0.1 and earlier, and deployed in products such as WordPress ≤ 3.3.1/3.3.2 and TinyMCE Image Manager 1.1. The underlying cause is unsafe handling via ExternalIn...