395 matches found
Hardcoded credentials
The BBE theme before 1.53 for WordPress allows a direct launch of an HTML editor...
CVE-2018-11244
The BBE theme before 1.53 for WordPress allows a direct launch of an HTML editor...
CVE-2018-11244
The CVE-2018-11244 entry concerns the WordPress BBE theme prior to version 1.53. Multiple sources describe a Direct Object Reference vulnerability that allows direct launching of the HTML editor, implying that an attacker could indirectly trigger the HTML editor through the theme. Affected softwa...
CVE-2018-11244
The BBE theme before 1.53 for WordPress allows a direct launch of an HTML editor...
WYSIWYG HTML Editor PRO 1.0 - Arbitrary File Download
WYSIWYG HTML Editor PRO 1.0 - Arbitrary File Download Exploit Title: WYSIWYG HTML Editor PRO 1.0 - Arbitrary File Download Dork: N/A Date: 28.08.2017 Vendor Homepage: http://nelliwinne.net/ Software Link:...
Polycom VVX Web Interface Privilege Escalation
Exploit Title: Polycom VVX Web Interface - Change Admin Password as User Date: January 26, 2017 Exploit Author: Mike Brown Vendor Homepage: http://www.polycom.com/ Software Link: http://downloads.polycom.com/voice/voip/ucswreleasesmatrix.html Version: Polycom vvx 410 UC Software Version: 5.3.1.04...
Polycom VVX Web Interface - Change Admin Password
Polycom VVX Web Interface - Change Admin Password Exploit Title: Polycom VVX Web Interface - Change Admin Password as User Date: January 26, 2017 Exploit Author: Mike Brown Vendor Homepage: http://www.polycom.com/ Software Link: http://downloads.polycom.com/voice/voip/ucswreleasesmatrix.html...
Polycom VVX Web Interface - Change Admin Password
Exploit Title: Polycom VVX Web Interface - Change Admin Password as User Date: January 26, 2017 Exploit Author: Mike Brown Vendor Homepage: http://www.polycom.com/ Software Link: http://downloads.polycom.com/voice/voip/ucswreleasesmatrix.html Version: Polycom vvx 410 UC Software Version: 5.3.1.04...
Polycom VVX Web Interface - Change Admin Password Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Polycom VVX Web Interface - Change Admin Password as User Date: January 26, 2017 Exploit Author: Mike Brown Vendor Homepage: http://www.polycom.com/ Software Link:...
CVE-2016-5124
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev14. Adding images from external sources to HTML editors by drag&drop can potentially lead to script code execution in the context of the active user. To exploit this, a user needs to be tricked to use an image from a specially...
Design/Logic Flaw
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev14. Adding images from external sources to HTML editors by drag&drop can potentially lead to script code execution in the context of the active user. To exploit this, a user needs to be tricked to use an image from a specially...
CVE-2016-5124
Open-Xchange OX App Suite (frontend) is affected by CVE-2016-5124. Before 7.8.1-rev14, dragging and dropping images from external sources into HTML editors (e.g., E‑Mail Compose, OX Text) can inject script code in the user’s context, bypassing XSS filters. Exploitation requires user social engine...
openSUSE Security Update : roundcubemail (openSUSE-2016-1205)
This update for roundcubemail to 1.1.6 fixes several issues boo1001856. These security issues were fixed : - Fix XSS issue in href attribute on area tag - Wash position:fixed style in HTML mail for better security These non-security issues were fixed : - Searching in both contacts and groups when...
Webutler CMS 3.2 Cross Site Request Forgery
Exploit Title: Webutler CMS Cross-Site Request Forgery Date: 18 April 2016 Exploit Author: Keerati T. Post Vendor Homepage: http://webutler.de/en Software Link: http://webutler.de/download/webutlerv3.2.zip Version: 3.2 Tested on: Linux 1.Description The Webutler is a simple online page editor for...
[SECURITY] Fedora 20 Update: drupal7-ckeditor-1.16-2.fc20
This module will allow Drupal to replace textarea fields with the CKEditor - a visual HTML editor 1, usually called a WYSIWYG editor. This HTML text edi tor brings many of the powerful WYSIWYG editing functions of known desktop edit ors like Word to the web. It's very fast and doesn't require any...
[SECURITY] Fedora 19 Update: drupal7-ckeditor-1.16-2.fc19
This module will allow Drupal to replace textarea fields with the CKEditor - a visual HTML editor 1, usually called a WYSIWYG editor. This HTML text edi tor brings many of the powerful WYSIWYG editing functions of known desktop edit ors like Word to the web. It's very fast and doesn't require any...
[SECURITY] Fedora 21 Update: drupal7-ckeditor-1.16-2.fc21
This module will allow Drupal to replace textarea fields with the CKEditor - a visual HTML editor 1, usually called a WYSIWYG editor. This HTML text edi tor brings many of the powerful WYSIWYG editing functions of known desktop edit ors like Word to the web. It's very fast and doesn't require any...
AlleyCode 2.21 SEH Overflow PoC
No description provided by source. What is AlleyCode? AlleyCode is a free html editor. Alleycode was chosen as one of the best freebies on the Net. The entire list of the ' 101 Fabulous Freebies' was featured in the May 2006 issue of PCWorld Magazine. Thanks PCWorld... Alleycode is a fast, sleek...
openSUSE Security Update : seamonkey (openSUSE-SU-2013:0468-1)
seamonkey was updated to version 2.16.1 fixing a severe security issue. - MFSA 2013-29/CVE-2013-0787 bmo848644 Use-after-free in HTML Editor %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...
openSUSE Security Update : xulrunner (openSUSE-SU-2013:0466-1)
xulrunner was updated to 17.0.4esr bnc808243 to fix a important security issue : - MFSA 2013-29/CVE-2013-0787 bmo848644 Use-after-free in HTML Editor %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...