DEBIAN-CVE-2013-2204

moxieplayer.as in Moxiecode moxieplayer, as used in the TinyMCE Media plugin in WordPress before 3.5.2 and other products, does not consider the presence of a pound sign character during extraction of the QUERYSTRING, which allows remote attackers to pass arbitrary parameters to a Flash...

Spoofing

moxieplayer.as in Moxiecode moxieplayer, as used in the TinyMCE Media plugin in WordPress before 3.5.2 and other products, does not consider the presence of a pound sign character during extraction of the QUERYSTRING, which allows remote attackers to pass arbitrary parameters to a Flash...

csrf

This plugin finds Cross Site Request Forgeries csrf vulnerabilities. The simplest type of csrf is checked to be vulnerable, the web application must have sent a permanent cookie, and the aplicacion must have query string parameters. Plugin type Audit Options This plugin doesnt have any user...

CVE-2013-0143

cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string...

CVE-2013-0143

cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string...

Securimage 3.5 URI-based Cross-Site Scripting Vulnerability

Summary Securimage is an open-source free PHP CAPTCHA script for generating complex images and CAPTCHA codes to protect forms from spam and abuse. Description Securimage suffers from a XSS issue in 'exampleform.php' that uses the 'REQUESTURI' variable. The vulnerability is present because there...

Backupbuddy 2.2.4 Sensitive Data Exposure

Backupbuddy - sensitive data exposure in importbuddy.php "the premiere WordPress backup plugin to backup, restore and move WordPress" http://ithemes.com/purchase/backupbuddy/ known versions affected: v1.3.4, v2.1.4, v2.2.25, v2.2.28, v2.2.4, likely other versions also impact: access to wordpress...

Route Parameter Injection Via Query String in Zend\Mvc

More info at https://framework.zend.com/security/advisory/ZF2013-01...

[SECURITY] Fedora 16 Update: perl-CGI-3.52-203.fc16

CGI.pm is a stable, complete and mature solution for processing and prepari ng HTTP requests and responses. Major features including processing form submissions, file uploads, reading and writing cookies, query string genera tion and manipulation, and processing and preparing HTTP headers. Some...

[SECURITY] Fedora 17 Update: perl-CGI-3.52-218.fc17

CGI.pm is a stable, complete and mature solution for processing and prepari ng HTTP requests and responses. Major features including processing form submissions, file uploads, reading and writing cookies, query string genera tion and manipulation, and processing and preparing HTTP headers. Some...

[SECURITY] Fedora 18 Update: perl-CGI-3.51-10.fc18

CGI.pm is a stable, complete and mature solution for processing and prepari ng HTTP requests and responses. Major features including processing form submissions, file uploads, reading and writing cookies, query string genera tion and manipulation, and processing and preparing HTTP headers. Some...

Cross site scripting

Cross-site scripting XSS vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page...

CVE-2012-4242

Cross-site scripting XSS vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page...

CVE-2012-4242

MF Gig Calendar 0.9.2 (WordPress) is affected by CVE-2012-4242, a cross-site scripting (XSS) vulnerability. The root cause is insufficient sanitisation of a generic parameter in the calendar page query string, enabling remote attackers to inject arbitrary script/HTML. Impact described in the sour...

PT-2012-5271 · Mf · Mf Gig Calendar Plugin

Name of the Vulnerable Software and Affected Versions: MF Gig Calendar plugin version 0.9.2 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page, which is a cross-site scripting XSS vulnerability. This enables attackers to...

CVE-2012-3848

Multiple cross-site scripting XSS vulnerabilities in the web console in Plixer Scrutinizer aka Dell SonicWALL Scrutinizer before 9.5.0 allow remote attackers to inject arbitrary web script or HTML via 1 the query string to d4d/exporters.php, 2 the HTTP Referer header to d4d/exporters.php, or 3...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the web console in Plixer Scrutinizer aka Dell SonicWALL Scrutinizer before 9.5.0 allow remote attackers to inject arbitrary web script or HTML via 1 the query string to d4d/exporters.php, 2 the HTTP Referer header to d4d/exporters.php, or 3...

CVE-2012-2955

Multiple cross-site scripting XSS vulnerabilities in the administrative user interface in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allow remote attackers to inject arbitrary web script or HTML via the query string...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the administrative user interface in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allow remote attackers to inject arbitrary web script or HTML via the query string...

php: incomplete CVE-2012-1823 fix - missing filtering of -T and -h

sapi/cgi/cgimain.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to cause a denial of service resource consumption by placing command-line options...