CVE-2011-4563

Cross-site scripting XSS vulnerability in index.php in JAKCMS 2.0.4.1, and possibly other versions before 2.2.6 2011-09-23, allows remote attackers to inject arbitrary web script or HTML via the userpost parameter in a PM request, related to tinymce. NOTE: some of these details are obtained from...

PT-2011-4991 · Jakcms +1 · Jakcms +1

Name of the Vulnerable Software and Affected Versions: JAKCMS versions prior to 2.2.6 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the userpost parameter in a PM request, related to tinymce. Recommendations: For versions prior to...

TinyMCE / flvPlayer Cross Site Scripting / Disclosure

No description provided by source. I want to warn you about multiple vulnerabilities in TinyMCE and flvPlayer and hundreds of web applications and tens millions of web sites. These are Full path disclosure, Content Spoofing and Cross-Site Scripting vulnerabilities in TinyMCE CS and XSS are in...

Multiple vulnerabilities in TinyMCE and flvPlayer and hundreds of web applications

Hello 3APA3A! I want to warn you about multiple vulnerabilities in TinyMCE and flvPlayer and hundreds of web applications and tens millions of web sites. These are Full path disclosure, Content Spoofing and Cross-Site Scripting vulnerabilities in TinyMCE CS and XSS are in flvPlayer, which is...

TinyMCE / flvPlayer Cross Site Scripting / Disclosure

Hello list! I want to warn you about multiple vulnerabilities in TinyMCE and flvPlayer and hundreds of web applications and tens millions of web sites. These are Full path disclosure, Content Spoofing and Cross-Site Scripting vulnerabilities in TinyMCE CS and XSS are in flvPlayer, which is includ...

WordPress Zingiri 2.2.3 Code Execution

get; 41. ifremoveTrailingSlash$sessionAction-getFolder == getParentPath$POST'id' && sizeof$selectedDocuments 42. 43. if$key = arraysearchbasename$POST'id', $selectedDocuments !== false 44. 45. $selectedDocuments$key = $POST'value'; 46. $sessionAction-set$selectedDocuments; 47. 48. 49. echo...

Code Execution and FPD vulnerabilities in Simple:Press Forum for WordPress

Hello 3APA3A! I want to warn you about multiple security vulnerabilities in plugin Simple:Press Forum for WordPress. These are Code Execution and Full path disclosure vulnerabilities. Code Execution WASC-31: Execution of arbitrary code is possible via TinyBrowser. As I already told concerning...

CVE-2011-3718

CMS Made Simple CMSMS 1.9.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/TinyMCE/TinyMCE.module.php and certain other files. NOTE: this might overlap CVE-2007-5444...

Information disclosure

CMS Made Simple CMSMS 1.9.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/TinyMCE/TinyMCE.module.php and certain other files. NOTE: this might overlap CVE-2007-5444...

iManager Plugin 1.2.8 Arbitrary File Deletion

iManager Plugin v1.2.8 d Remote Arbitrary File Deletion Vulnerability Vendor: net4visions.com Product web page: http://www.net4visions.com Affected version: = 1.2.8 Build 02012008 Summary: With iManager you can manage your files/images on your webserver, and it provides user interface to most of...

XSS и BF уязвимости в Drupal

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting и Brute Force уязвимостях в Drupal. XSS WASC-08: На страницах с формами например на странице комментария http://site/comment/reply/1, как формах добавления, так и редактирования данных, которые защищены токеном от CSRF, возмож...

Drupal 6.22 Cross Site Scripting

------------------------- Affected products: ------------------------- Vulnerable are Drupal 6.22 and previous versions. Taking into account that developers didn't fixed these holes, then versions 7.x also must be vulnerable. ---------- Details: ---------- XSS WASC-08: At pages with forms i.e. at...

XSS и AoF уязвимости в Drupal

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting и Abuse of Functionality уязвимостях в Drupal. XSS WASC-08: При добавлении или изменении данных в любых внутренних формах добавление/изменение поста и т.д. можно провести persistent XSS атаку. XSS код выполнится при посещении...

FestOS <= 2.3c TinyBrowser File Upload Code Execution

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

TinyMCE AjaxFileManager Shell Upload

Title : TinyMCE ajaxfilemanager Upload Vulnerability Author: Dr Trojan Greets to all my friends and everyone i know www.paksecteam.com Vendor: http://www.phpletter.com/Demo/Tinymce-Ajax-File-Manager/ Email : [email protected] Date : 29/05/2011 Dork : "tinymce/plugins/ajaxfilemanager" Category :...

FestOS 2.3c - upload.php Arbitrary File Upload

FestOS 2.3c - upload.php Arbitrary File Upload source: https://www.securityfocus.com/bid/47751/info FestOS is prone to an arbitrary-file-upload vulnerability because the application fails to adequately sanitize user-supplied input. An attacker can exploit this issue to upload arbitrary code and r...

Etomite v1.1 (TinyMCE) Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

impressCMS <= 1.2.4_final (FU/RFI) Multiple Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

PHP-Nuke 8.0 Cross Site Scripting

Hello list! I want to warn you about Insufficient Anti-automation and Cross-Site Scripting vulnerabilities in PHP-Nuke. SecurityVulns ID: 11485. ------------------------- Affected products: ------------------------- Vulnerable are PHP-Nuke 8.0 and previous versions. ---------- Details: ----------...

Новые уязвимости в PHP-Nuke

Здравствуйте 3APA3A! Сообщаю вам о найденных мною новых Insufficient Anti-automation и Cross-Site Scripting уязвимостях в системе PHP-Nuke. Insufficient Anti-automation WASC-21: http://site/modules.php?name=SubmitNews В форме нет защиты от автоматизированных запросов капчи. XSS WASC-08:...