20 matches found
EUVD-2024-18110
Malicious code in bioql PyPI...
CVE-2024-20395
A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such ...
CVE-2024-20395
A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such ...
CVE-2024-1293
The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the embedded media custom block in all versions up to, and including, 2.4.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-1293
The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the embedded media custom block in all versions up to, and including, 2.4.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress Plugin Brizy Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
CVE-2022-23166
Sysaid – Sysaid Local File Inclusion LFI – An unauthenticated attacker can access to the system by accessing to "/lib/tinymce/examples/index.html" path. in the "Insert/Edit Embedded Media" window Choose Type : iFrame and File/URL : here is the LFI Solution: Update to 22.2.20 cloud version, or to...
CVE-2022-23166
Sysaid – Sysaid Local File Inclusion LFI – An unauthenticated attacker can access to the system by accessing to "/lib/tinymce/examples/index.html" path. in the "Insert/Edit Embedded Media" window Choose Type : iFrame and File/URL : here is the LFI Solution: Update to 22.2.20 cloud version, or to...
CVE-2018-0201
A vulnerability in Cisco Jabber Client Framework JCF could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of an affected device. The vulnerability is due to improper neutralization of input during web page generation. An attacker could exploit...
Drupal Embedded Media Field Module Security Bypass Vulnerability
Drupal is a free and open source content management system developed in PHP and maintained by the Drupal community.Embedded Media Field is one of the modules used to embed third-party video and audio. A security bypass vulnerability in the Drupal Embedded Media Field module 6.x-2.7 before version...
Fedora 24 : drupal6-emfield-2.7-1.fc24 (2016-f0bb0dad51)
6.x-2.7 Fixes Embedded Media Field - Moderately Critical - Access Bypass - DRUPAL-SA-CONTRIB-2016-004 Changes since 6.x-2.6: by dalin: Ensure that width and height are always numbers. \1868588 by tangent: URL detection regex does not match hyphens / breaks HTML markup Note that Tenable Network...
Drupal Embedded Media Field Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Details of this disclosure can also be found at http://www.madirish.net/?article=474 Description of Vulnerability: - ----------------------------- Drupal http://drupal.org is a robust content management system CMS written in PHP and MySQL. The Drupal...
Drupal Embedded Media Field Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Details of this disclosure are also available at http://www.madirish.net/?article=472 Description of Vulnerability: - ----------------------------- Drupal http://drupal.org is a robust content management system CMS written in PHP and MySQL. The Drupal...
SA-CONTRIB-2010-109 - Embedded Media Field, Media: Video Flotsam, Media: Audio Flotsam - Multiple Vulnerabilities
1 - Arbitrary File Upload/Code Execution Vulnerability The Embedded Thumbnail module packaged with the project allows users who upload videos to upload their own thumbnails to replace The Drupal Embedded Media Field module. Unfortunately, the Embedded Thumbnail Module contains a vulnerability tha...
Drupal Module Embedded Media FieldMedia 6.x : Video FlotsamMedia: Audio Flotsam - Multiple Vulnerabilities
Drupal Module Embedded Media FieldMedia 6.x : Video FlotsamMedia: Audio Flotsam - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/45276/info The Embedded Media Field, Media: Video Flotsam, and Media: Audio Flotsam modules for Drupal are prone to multiple remote vulnerabilities,...
Drupal Module Embedded Media Field/Media 6.x : Video Flotsam/Media: Audio Flotsam - Multiple Vulnerabilities
source: https://www.securityfocus.com/bid/45276/info The Embedded Media Field, Media: Video Flotsam, and Media: Audio Flotsam modules for Drupal are prone to multiple remote vulnerabilities, including: 1. An HTML-injection vulnerability 2. An arbitrary-file-upload vulnerability. An attacker could...
SA-CONTRIB-2010-094 - Embedded Media Field - Access bypass
The Embedded Media Field project is a set of modules that enable editors to post URL's and embed codes for third party media providers such as YouTube, Vimeo, or Flickr, which will be automatically parsed and displayed using preset formatters. The Embedded Video Field module packaged with the...
SA-CONTRIB-2010-095 - Lightbox2 - Multiple Vulnerabilities
The Lightbox2 module enables images to be overlaid on the current page using JavaScript. The module displays images above the page instead of within it, freeing the page design from layout constraints and keeping users on the same page. The module does not sanitize some of the user supplied data...
[Full-disclosure] Drupal Embedded Media Field Module Multiple XSS
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Details of this disclosure are posted at http://lampsecurity.org/drupal-6-embed-media-xss-vulnerability Vendor notified: 5/27/09 Vendor response: see below Description of Vulnerability: - ----------------------------- Drupal http://drupal.org is a...
Qualcomm Eudora WebBrowser Control Embedded Media Player File Vulnerability
Binary data 1286.prm...