WordPress 3.5.1 - TinyMCE Plugin Flash Applet Unspecified Spoofing Weakness

...

aCMS 1.0 Shell Upload / Insufficient Authorization

Hello list! These are Insufficient Authorization and Arbitrary File Uploading vulnerabilities in aCMS. This is commercial CMS. There are multiple vulnerabilities in aCMS and it's the second part of them. ------------------------- Affected products: ------------------------- Vulnerable are aCMS 1....

WordPress < 3.5.2 Multiple Vulnerabilities

Binary data 6883.prm...

Moxiecode File Manager 3.1.5 Shell Upload

Hello list! I want to warn you about vulnerabilities in Moxiecode File Manager MCFileManager. This is commercial plugin for TinyMCE. It concerns as MCFileManager, as all web applications which have MCFileManager in their bundle. These are Arbitrary File Uploading vulnerabilities, which lead to Co...

Several XSS flaws in the /rest/tinymce/1

I've found several XSS in the urls and parameters listed below. The criticality of the issues is moderated since only browsers that perform content sniffing would be affected e.g. IE7. This limitation comes from the response's Content Type header being set as text/plain. The classical payload...

TinyMCE Ajax File Manager Remote Code Execution

/ | / \ / / \ / /\ \ / / \ | \ / \ \ | | | | /\ /\ / /|| /\ | | || \ \ / / / / / Exploit Title : timynce Ajax File Manager Remote Code Author : By onestree Software Link : http://www.phpletter.com/Demo/Tinymce-Ajax-File-Manager/ tested : windows 7 Dork : inurl:"/plugins/filemanager/" or...

TinyMCE 3.5.8 Cross Site Scripting

Vulnerability Report Author: Justin C. Klein Keane Date: 5 March, 2013 CVE-2012-4230 Description of Vulnerability: ----------------------------- "TinyMCE in itself can not be insecure" http://www.tinymce.com/wiki.php/Security "TinyMCE is a platform independent web based Javascript HTML WYSIWYG...

WordPress TinyMCE Media Plugin <= 3.5.1 - Content Spoofing

A moxieplayer.as does not consider the presence of a character during extraction of the QUERYSTRING. In that way the attackers can pass arbitrary parameters to a Flash application and conduct content-spoofing attacks. Solution Update the plugin...

Fedora 18 : tinymce-spellchecker-2.0.5-8.fc18 (2013-1371)

backport security fix Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...

Fedora Update for tinymce-spellchecker FEDORA-2013-1341

Check for the Version of tinymce-spellchecker OpenVAS Vulnerability Test Fedora Update for tinymce-spellchecker FEDORA-2013-1341 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

Fedora Update for tinymce-spellchecker FEDORA-2013-1371

Check for the Version of tinymce-spellchecker OpenVAS Vulnerability Test Fedora Update for tinymce-spellchecker FEDORA-2013-1371 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

Fedora Update for tinymce-spellchecker FEDORA-2013-1341

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora 17 : tinymce-spellchecker-2.0.5-8.fc17 (2013-1341)

backport security fix Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...

Fedora Update for tinymce-spellchecker FEDORA-2013-1371

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

[SECURITY] Fedora 17 Update: tinymce-spellchecker-2.0.5-8.fc17

This plugin adds spellchecker functionality to TinyMCE by providing a new button that performs a AJAX call to a back-end PHP page that uses PSpell/ASpell or Google spellchecker...

[SECURITY] Fedora 18 Update: tinymce-spellchecker-2.0.5-8.fc18

This plugin adds spellchecker functionality to TinyMCE by providing a new button that performs a AJAX call to a back-end PHP page that uses PSpell/ASpell or Google spellchecker...

DEBIAN-CVE-2012-6112

classes/GoogleSpell.php in the PHP Spellchecker aka Google Spellchecker addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote...

CVE-2012-6112

classes/GoogleSpell.php in the PHP Spellchecker aka Google Spellchecker addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote...

Design/Logic Flaw

classes/GoogleSpell.php in the PHP Spellchecker aka Google Spellchecker addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote...

CVE-2012-6112

The CVE-2012-6112 issue affects the PHP Spellchecker (Google Spellchecker) addon for TinyMCE, specifically the classes/GoogleSpell.php file in versions before 2.0.6.1. In Moodle deployments (2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, 2.4.x before 2.4.1) and other products, the c...