WP jQuery Spam 1.1 - dynamic.php id Parameter Reflected XSS

The WP jQuery Spam WordPress plugin was affected by a dynamic.php id Parameter Reflected XSS security vulnerability...

jQuery Mega Menu 1.0 - Local File Inclusion

The JQuery Mega Menu Widget WordPress plugin was affected by a Local File Inclusion security vulnerability...

Slideshow jQuery Image Gallery - Multiple Vulnerabilities

The Slideshow WordPress plugin was affected by a Multiple Vulnerabilities security vulnerability...

WordPress HTML5 jQuery Audio Player Plugin <= 2.3 - Stored XSS

This plugin is prone to a playlist/addplaylist.php multiple parameter stored cross site scripting vulnerability. Solution Update the plugin...

WordPress jQuery Spam Plugin <= 1.1 - Reflected XSS

This plugin is prone to a cross site scripting vulnerability in dynamic.php id parameter. Solution Update the plugin...

ZooEffect 1.08 - HTTP Referer Reflected XSS

Description The ZooEffect Plugin for Video player, Photo Gallery Slideshow jQuery and audio / music / podcast – HTML5 WordPress plugin was affected by a HTTP Referer Reflected XSS security vulnerability...

WordPress HTML5 jQuery Audio Player Plugin <= 2.3 - Stored XSS

This plugin is prone to a playlist/addplaylist.php multiple parameter stored cross site scripting vulnerability. Solution Update the plugin...

WordPress HTML5 jQuery Audio Player Plugin <= 2.3 - SQL Injection

This plugin is prone to a playlist/addplaylist.php id parameter SQL injection vulnerability. Solution Update this plugin...

WordPress HTML5 jQuery Audio Player Plugin <= 2.3 - SQL Injection

This plugin is prone to a playlist/addplaylist.php id parameter SQL injection vulnerability. Solution Update this plugin...

WEBMIS CMS Shell Upload

Exploit Title : WEBMIS CMS Shell Upload vulnerability Author : Jagriti Sahu Vendor : http://www.ksphp.com Download Link : https://github.com/ksphp/webmis version affected : all Date : 14/07/2014 Discovered at : IndiShell Lab Love to : Surbhi, Mradula and Harry //////////////////////// /// Overvie...

jQuery uploadify 2.1.0 - Remote File Upload

No description provided by source. Exploit Title: jQuery uploadify v2.1.0 Remote File Upload Date: 21/01/2010 Author: k4cp3r/Ablus Version: v2.1.0 uploadify.swf Actionscript: function setAllowedTypes:void allowedTypes = ; if param.fileDesc && param.fileExt var fileDescs:Array =...

Cloupia End-to-end FlexPod Management Directory Traversal

No description provided by source. Cloupia End-to-end FlexPod Management - Directory Traversal Vulnerability Advisory Information Advisory ID: KUSTODIAN-2011-011 Date published: Jan 13, 2011 Vulnerability Information Class: Directory Traversal Remotely Exploitable: Yes Locally Exploitable: Yes...

Bypass the JQuery-Real-Person captcha plugin 0day

No description provided by source. Exploit Title: Bypass the JQuery-Real-Person captcha plugin Google Dork: if relevant we will automatically add these to the GHDB Date: 28th November, 2011 Author: Alberto Garcia-Illera Software Link: http://keith-wood.name/realPerson.html Version: 1.0.1 0-day...

StartBBS v1.1.5存储型xss

简要描述： 存储型xss。 详细说明： 用户资料修改处，可以填写用户网站。 一般填写url的地方容易出现xss，很多人忽略。 观察代码，app/controllers/settings.php 36行 $data = array 'uid' = $uid, 'email' = striptags$this-input-post'email', 'homepage' = prepurlstriptags$this-input-post'homepage', 'location' = striptags$this-input-post'location', 'qq' =...

Paypal is a Dom-type XSS vulnerability analysis-vulnerability warning-the black bar safety net

DOM xss, also known as the third type ofxss, or type 0 to. Now DOM - xssmore and more, in addition to because of the variety of JS libraries such as YUI, Jquery, Jquery mobile, etc., there are many programming languages, such as php more support for HTML5 features. W3school defect code sample Man...

SA-CONTRIB-2014-022 - Slickgrid - Access bypass

The Slickgrid module is an implementation of the jQuery slickgrid plugin, a lightening fast JavaScript grid/spreadsheet. It defines a slickgrid view style, so all data can be output as an editable grid. The module doesn't check access sufficiently, allowing users to edit and change field values o...

SA-CONTRIB-2014-012- Modal Frame API - Cross Site Scripting (XSS)

This module enables provides an API to render an iframe within a modal dialog based on the jQuery UI Dialog plugin. You should not install this module unless another module requires you to, or you wish to use it for your own custom modules. The module doesn't sufficiently filter user supplied tex...

CVE-2013-4383

Cross-site scripting XSS vulnerability in the jQuery Countdown module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in the jQuery Countdown module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via unspecified vectors...

CVE-2013-4383

Cross-site scripting XSS vulnerability in the jQuery Countdown module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via unspecified vectors...