EUVD-2006-1651

Malware in sbrugna...

Operation Dianxun Cyberespionage Campaign Targeting Telecommunication Companies

ARCHIVED STORY Operation Diànxùn: Cyberespionage Campaign Targeting Telecommunication Companies By Thomas Roccia · MAR 16, 2021 In this report the McAfee Advanced Threat Research ATR Strategic Intelligence team details an espionage campaign, targeting telecommunication companies, dubbed Operation...

Spoofing

moxieplayer.as in Moxiecode moxieplayer, as used in the TinyMCE Media plugin in WordPress before 3.5.2 and other products, does not consider the presence of a pound sign character during extraction of the QUERYSTRING, which allows remote attackers to pass arbitrary parameters to a Flash...

CVE-2013-2204

moxieplayer.as in Moxiecode moxieplayer, as used in the TinyMCE Media plugin in WordPress before 3.5.2 and other products, does not consider the presence of a pound sign character during extraction of the QUERYSTRING, which allows remote attackers to pass arbitrary parameters to a Flash...

CVE-2013-2204

moxieplayer.as in Moxiecode moxieplayer, as used in the TinyMCE Media plugin in WordPress before 3.5.2 and other products, does not consider the presence of a pound sign character during extraction of the QUERYSTRING, which allows remote attackers to pass arbitrary parameters to a Flash...

CVE-2013-2204

moxieplayer.as in Moxiecode moxieplayer, as used in the TinyMCE Media plugin in WordPress before 3.5.2 and other products, does not consider the presence of a pound sign character during extraction of the QUERYSTRING, which allows remote attackers to pass arbitrary parameters to a Flash...

CVE-2013-2204

The CVE-2013-2204 entry affects moxieplayer.as in Moxiecode moxieplayer, used in the TinyMCE Media plugin for WordPress prior to 3.5.2 (and other products). The root cause is the extraction of QUERY_STRING failing to account for a trailing # in the string, enabling remote attackers to pass arbitr...

Meta: IDOR in Facebook Messages webcam photos

I found that photos people take with their webcam within private message conversations can be accessed without proper authorization via a photo preview mechanism. Even when the sender decides to discard the image after seeing the preview, it can later still be retrieved through this same preview...

SA-CONTRIB-2009-101 - Web Services - Access Bypass

The Web Services module provides an API for other sites to communicate with a Drupal site, enabling the publishing of content, change of user information, or simply integration of a Flash application. The module fails to implement proper access checks, leading to an Access Bypass vulnerability...

Code injection

Internet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is sti...