Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3414. Reason: This candidate is a duplicate of CVE-2012-3414. Notes: All CVE users should reference CVE-2012-3414 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

Turbomail邮件系统XSS-1

简要描述： Turbomail邮件系统最新版某处存在xss漏洞，可以用来钓鱼，获取cookie等 详细说明： 版本：windows server下搭建的最新版5.2.0 漏洞文件为 C:\turbomail\web\webapps\ROOT\enterprise\swfupload\swfupload.swf 此版本存在xss缺陷，参考CVE-2012-3414...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3414. Reason: This candidate is a duplicate of CVE-2012-3414. Notes: All CVE users should reference CVE-2012-3414 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

CVE-2013-4145

CVE-2013-4145 is a duplicate of CVE-2012-3414. Connected data shows a TYPO3 SWFUpload movieName Cross Site Scripting vulnerability (CVE-2012-3414) where an attacker can exploit the movieName parameter to perform XSS and potentially steal cookies. The OpenVAS entry confirms the XSS nature and cook...

CVE-2012-3414

CVE-2012-3414 describes a cross-site scripting (XSS) vulnerability in the SWFUpload component (movieName parameter) used by SWFUpload 2.2.0.1 and earlier, and deployed in products such as WordPress ≤ 3.3.1/3.3.2 and TinyMCE Image Manager 1.1. The underlying cause is unsafe handling via ExternalIn...

CVE-2012-3414

Cross-site scripting XSS vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the...

XSS and CS vulnerabilities in Dotclear

Hello 3APA3A! These are Cross-Site Scripting and Content Spoofing vulnerabilities in Dotclear. CMS Dotclear has three vulnerable flash-files: swfupload.swf, playerflv.swf and playermp3.swf. File swfupload.swf it's Swfupload. I've wrote about vulnerabilities in Swfupload in November 2012...

Dotclear 2.4.4 Cross Site Scripting / Content Spoofing

Hello list! These are Cross-Site Scripting and Content Spoofing vulnerabilities in Dotclear. CMS Dotclear has three vulnerable flash-files: swfupload.swf, playerflv.swf and playermp3.swf. File swfupload.swf it's Swfupload. I've wrote about vulnerabilities in Swfupload in November 2012...

XSS vulnerability in web applications with swfupload: Dotclear, XenForo, InstantCMS, AionWeb, Dolphin

Hello 3APA3A! I will draw your attention to XSS vulnerability in other web applications with swfupload. Earlier I've wrote about swfupload in WordPress CVE-2012-3414 and that this hole is available in many web applications. In previous letter I've wrote the information about different versions of...

Cross-Site Scripting Vulnerability in TYPO3 Core

It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting. Component Type: TYPO3 Core Affected Versions: 4.5.0 up to 4.5.16, 4.6.0 up to 4.6.9, 4.7.0 up to 4.7.1 and development releases of the 6.0 branch. Bulletin history: July 4, 2012 - corrected Secunia Advisory ID Vulnerabl...

CVE-2012-3414

creationtimestamp| type| source ---|---|--- 2012-06-29 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/37470 2022-06-30 16:42:37+00:00| seen| https://t.me/VulnerabilityNews/28823 2023-12-11 12:32:52+00:00| seen| https://t.me/arpsyndicate/1733 2023-12-11 15:01:35+00:00| seen|...

WordPress Omni Secure Files Plugin 'upload.php' Arbitrary File Upload Vulnerability

WordPress Omni Secure Files Plugin is prone to file upload vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...