EUVD-2006-1651

Malware in sbrugna...

Operation Dianxun Cyberespionage Campaign Targeting Telecommunication Companies

ARCHIVED STORY Operation Diànxùn: Cyberespionage Campaign Targeting Telecommunication Companies By Thomas Roccia · MAR 16, 2021 In this report the McAfee Advanced Threat Research ATR Strategic Intelligence team details an espionage campaign, targeting telecommunication companies, dubbed Operation...

CVE-2013-2204

moxieplayer.as in Moxiecode moxieplayer, as used in the TinyMCE Media plugin in WordPress before 3.5.2 and other products, does not consider the presence of a pound sign character during extraction of the QUERYSTRING, which allows remote attackers to pass arbitrary parameters to a Flash...

Spoofing

moxieplayer.as in Moxiecode moxieplayer, as used in the TinyMCE Media plugin in WordPress before 3.5.2 and other products, does not consider the presence of a pound sign character during extraction of the QUERYSTRING, which allows remote attackers to pass arbitrary parameters to a Flash...

CVE-2013-2204

moxieplayer.as in Moxiecode moxieplayer, as used in the TinyMCE Media plugin in WordPress before 3.5.2 and other products, does not consider the presence of a pound sign character during extraction of the QUERYSTRING, which allows remote attackers to pass arbitrary parameters to a Flash...

CVE-2013-2204

The CVE-2013-2204 entry affects moxieplayer.as in Moxiecode moxieplayer, used in the TinyMCE Media plugin for WordPress prior to 3.5.2 (and other products). The root cause is the extraction of QUERY_STRING failing to account for a trailing # in the string, enabling remote attackers to pass arbitr...

CVE-2013-2204

moxieplayer.as in Moxiecode moxieplayer, as used in the TinyMCE Media plugin in WordPress before 3.5.2 and other products, does not consider the presence of a pound sign character during extraction of the QUERYSTRING, which allows remote attackers to pass arbitrary parameters to a Flash...

Meta: IDOR in Facebook Messages webcam photos

I found that photos people take with their webcam within private message conversations can be accessed without proper authorization via a photo preview mechanism. Even when the sender decides to discard the image after seeing the preview, it can later still be retrieved through this same preview...

SA-CONTRIB-2009-101 - Web Services - Access Bypass

The Web Services module provides an API for other sites to communicate with a Drupal site, enabling the publishing of content, change of user information, or simply integration of a Flash application. The module fails to implement proper access checks, leading to an Access Bypass vulnerability...

Code injection

Internet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is sti...