WordPress FV Flowplayer Video Player plugin <= 7.2.0.727 - Authenticated Cross-Site Scripting (XSS) vulnerability

Authenticated Cross-Site Scripting XSS vulnerability found by Janek Vind "waraxe" in WordPress FV Flowplayer Video Player plugin versions = 7.2.0.727. Solution Update the WordPress FV Flowplayer Video Player plugin to the latest available version at least 7.2.1.727...

Invision Power Board <= 2.3.5 - Remote SQL Injection Exploit

No description provided by source. ?php errorreportingEALL; /////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////// // IPB = 2.3.5 sql injection exploit // Version 1.0 // written by Janek Vind waraxe // Estoni...

CuteNews <= 1.4.5 Admin Password md5 Hash Fetching Exploit

No description provided by source. ?php errorreportingEALL; /////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////// // Cutenews = 1.4.5 admin password md5 hash fetching exploit // Version 1.0 // written by Jan...

Saurus CMS 4.7.1 4.7.1 LFI / RFI / XSS / SQL Injection / Traversal / CSRF

waraxe-2013-SA106 - Multiple Vulnerabilities in Saurus CMS 4.7.1 ================================================================================ Author: Janek Vind "waraxe" Date: 14. July 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-106.html Description of vulnerable software...

Fedora 17 : phpMyAdmin-3.5.8.1-1.fc17 (2013-7000)

phpMyAdmin 3.5.8.1 2013-04-24 =============================== - security Remote code execution pregreplace, reported by Janek Vind see PMASA-2013-2 - security Locally Saved SQL Dump File Multiple File Extension Remote Code Execution, reported by Janek Vind see PMASA-2013-3 Note that Tenable Netwo...

Fedora 18 : phpMyAdmin-3.5.8.1-1.fc18 (2013-6977)

phpMyAdmin 3.5.8.1 2013-04-24 =============================== - security Remote code execution pregreplace, reported by Janek Vind see PMASA-2013-2 - security Locally Saved SQL Dump File Multiple File Extension Remote Code Execution, reported by Janek Vind see PMASA-2013-3 Note that Tenable Netwo...

Fedora 19 : phpMyAdmin-3.5.8.1-1.fc19 (2013-6928)

phpMyAdmin 3.5.8.1 2013-04-24 =============================== - security Remote code execution pregreplace, reported by Janek Vind see PMASA-2013-2 - security Locally Saved SQL Dump File Multiple File Extension Remote Code Execution, reported by Janek Vind see PMASA-2013-3 Note that Tenable Netwo...

Local file inclusion vulnerability.

PMASA-2013-4 Announcement-ID: PMASA-2013-4 Date: 2013-04-24 Summary Local file inclusion vulnerability. Description In the Export feature, a parameter specifying the export type was not correctly validated, opening the door to a local file inclusion attack. Severity We consider this vulnerability...

Fedora 18 : phpMyAdmin-3.5.8-1.fc18 (2013-5620)

phpMyAdmin 3.5.8.0 2013-04-08 =============================== - bug MariaDB reported as MySQL - bug Incorrect header for Safari 6.0 - bug Attempt to open trigger for edit gives NULL - change Use HTML5 DOCTYPE - security Self-XSS on GIS visualisation page, reported by Janek Vind - bug Incorrect...

Fedora 17 : phpMyAdmin-3.5.8-1.fc17 (2013-5623)

phpMyAdmin 3.5.8.0 2013-04-08 =============================== - bug MariaDB reported as MySQL - bug Incorrect header for Safari 6.0 - bug Attempt to open trigger for edit gives NULL - change Use HTML5 DOCTYPE - security Self-XSS on GIS visualisation page, reported by Janek Vind - bug Incorrect...

Fedora 19 : phpMyAdmin-3.5.8-1.fc19 (2013-5604)

phpMyAdmin 3.5.8.0 2013-04-08 =============================== - bug MariaDB reported as MySQL - bug Incorrect header for Safari 6.0 - bug Attempt to open trigger for edit gives NULL - change Use HTML5 DOCTYPE - security Self-XSS on GIS visualisation page, reported by Janek Vind - bug Incorrect...

XSS due to unescaped HTML output in GIS visualisation page.

PMASA-2013-1 Announcement-ID: PMASA-2013-1 Date: 2013-04-18 Summary XSS due to unescaped HTML output in GIS visualisation page. Description When modifying a URL parameter with a crafted value it is possible to trigger an XSS. Severity We consider this vulnerability to be non critical. Mitigation...

phpMyAdmin 3.5.7 Cross Site Scripting Vulnerability

phpMyAdmin version 3.5.7 suffers from a reflective cross site scripting vulnerability. Reflected XSS in phpMyAdmin 3.5.7 ==================================================== Author: Janek Vind "waraxe" Date: 09. April 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-102.html...

phpMyAdmin 3.5.7 Cross Site Scripting

waraxe-2013-SA102 - Reflected XSS in phpMyAdmin 3.5.7 =============================================================================== Author: Janek Vind "waraxe" Date: 09. April 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-102.html Description of vulnerable software: phpMyAdmi...

OpenCart 1.5.5.1 - &#039;FileManager.php&#039; Directory Traversal Arbitrary File Access

waraxe-2013-SA098 - Directory Traversal Vulnerabilities in OpenCart 1.5.5.1 =============================================================================== Author: Janek Vind "waraxe" Date: 19. March 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-98.html Description of vulnerabl...

WordPress GRAND Flash Album Gallery SQL Injection / Disclosure / File Overwrite

waraxe-2012-SA094 - Multiple Vulnerabilities in Wordpress GRAND Flash Album Gallery Plugin ============================================================================================= Author: Janek Vind "waraxe" Date: 24. October 2012 Location: Estonia, Tartu Web:...

WordPress GRAND Flash Album Gallery SQL Injection / Disclosure / File Overwrite

WordPress GRAND Flash Album Gallery plugin versions 1.9.0 and 2.0.0 suffer from file disclosure, file overwrite, directory traversal, and remote SQL injection vulnerabilities. Multiple Vulnerabilities in Wordpress GRAND Flash Album Gallery Plugin...

WordPress Plugin social discussions 6.1.1 - Multiple Vulnerabilities

WordPress Plugin social discussions 6.1.1 - Multiple Vulnerabilities waraxe-2012-SA093 - Multiple Vulnerabilities in Wordpress Social Discussions Plugin ====================================================================================== Author: Janek Vind "waraxe" Date: 17. October 2012...

Joomla 2.5.4 Cross Site Scripting

waraxe-2012-SA088 - Reflected XSS in Joomla 2.5.4 admin sysinfo page =============================================================================== Author: Janek Vind "waraxe" Date: 03. May 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-88.html CVE:...

Invision Power Board 3.3.0 Local File Inclusion

Exploit for php platform in category web applications Author: Janek Vind "waraxe" Date: 12. April 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-86.html CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2226 Description of vulnerable software: Invision Power Board...