Last.fm Rotation 1.0 - Path Traversal

Directory traversal vulnerability in lastfm-proxy.php in the Last.fm Rotation lastfm-rotation plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the snode parameter. id: CVE-2014-5181 info: name: Last.fm Rotation 1.0 - Path Traversal author: DhiyaneshDK...

EUVD-2014-5079

Malware in sbrugna...

EUVD-2019-8877

Malware in sbrugna...

CVE-2025-7684

The Last.fm Recent Album Artwork plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the 'lastfmalbumsartwork.php' page. This makes it possible for unauthenticated attackers to update...

CVE-2025-7684 Last.fm Recent Album Artwork <= 1.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Last.fm Recent Album Artwork plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the 'lastfmalbumsartwork.php' page. This makes it possible for unauthenticated attackers to update...

CVE-2025-7684

The CVE-2025-7684 issue is confirmed for the WordPress plugin Last.fm Recent Album Artwork (versions up to and including 1.0.2). The root cause is missing/incorrect nonce validation on lastfm_albums_artwork.php, enabling Cross‑Site Request Forgery that can lead to a Stored Cross‑Site Scripting co...

WordPress plugin Last.fm Recent Album Artwork 跨站请求伪造漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in WordPress plugin Last.fm Recent...

WordPress Last.fm Recent Album Artwork plugin <= 1.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin Last.fm Recent Album Artwork versions = 1.0.2...

CVE-2019-19251

The Last.fm desktop app Last.fm Scrobbler through 2.1.39 on macOS makes HTTP requests that include an API key without the use of SSL/TLS. Although there is an Enable SSL option, it is disabled by default, and cleartext requests are made as soon as the app starts...

CVE-2014-5181

Directory traversal vulnerability in lastfm-proxy.php in the Last.fm Rotation lastfm-rotation plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the snode parameter...

[SECURITY] Fedora 38 Update: qmmp-2.1.2-4.fc38

This program is an audio-player, written with help of Qt library. The user interface is similar to winamp or xmms. Main opportunities: Winamp and xmms skins support plugins support MPEG1 layer 2/3 support Ogg Vorbis support native FLAC support WavePack support ModPlug support PCM WAVE support CD...

Fedora: Security Advisory for qmmp (FEDORA-2023-a5e10b188a)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

All Vulnerabilities for last.fm Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| last.fm ---|--- Open Bug Bounty Program...

CVE-2019-19251

The Last.fm desktop app Last.fm Scrobbler through 2.1.39 on macOS makes HTTP requests that include an API key without the use of SSL/TLS. Although there is an Enable SSL option, it is disabled by default, and cleartext requests are made as soon as the app starts...

CVE-2019-19251

The Last.fm desktop app Last.fm Scrobbler through 2.1.39 on macOS makes HTTP requests that include an API key without the use of SSL/TLS. Although there is an Enable SSL option, it is disabled by default, and cleartext requests are made as soon as the app starts...

Design/Logic Flaw

The Last.fm desktop app Last.fm Scrobbler through 2.1.39 on macOS makes HTTP requests that include an API key without the use of SSL/TLS. Although there is an Enable SSL option, it is disabled by default, and cleartext requests are made as soon as the app starts...

CVE-2019-19251

The Last.fm desktop app Last.fm Scrobbler through 2.1.39 on macOS makes HTTP requests that include an API key without the use of SSL/TLS. Although there is an Enable SSL option, it is disabled by default, and cleartext requests are made as soon as the app starts...

CVE-2019-19251

The Last.fm desktop app (Last.fm Scrobbler) for macOS, up to version 2.1.39, makes HTTP requests that include an API key without SSL/TLS. An Enable SSL option exists but is disabled by default, causing cleartext requests to be sent as soon as the app starts. This can expose API keys and sensitive...

Hacker Selling Over 1 Million Decrypted Gmail and Yahoo Passwords On Dark Web

Hardly a day goes without headlines about any significant data breach. In past year, billions of accounts from popular sites and services, including LinkedIn, Tumblr, MySpace, Last.FM, Yahoo!, VK.com were exposed on the Internet. Now, according to the recent news, login credentials and other...

Hey, Music Lovers! Last.Fm Hack Leaks 43 Million Account Passwords

Another Day, Another Data Breach! If you love to listen to music online and have an account on Last.fm website, your account details may have compromised in a data breach that leaked more than 43 Million user personal data online. Last.fm was hacked in March of 2012 and three months after the...