WordPress WP-Filebase Download Manager plugin <= 0.2.9 - SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress WP-Filebase Download Manager plugin = 0.2.9 SQL Injection Vulnerability Date: 2011-09-09 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/wp-filebase.0.2.9.zip Version:...

XSS and FPD vulnerabilities in Js-Multi-Hotel for WordPress

Hello 3APA3A! These are vulnerabilities in Js-Multi-Hotel plugin for WordPress. ------------------------- Affected products: ------------------------- Vulnerable are Js-Multi-Hotel 2.2.1 and previous versions. ------------------------- Affected vendors: ------------------------- Joomlaskin...

WordPress Plugin Securimage-WP - &#039;siwp_test.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/59816/info The Securimage-WP plugin for WordPress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

Firefox Continues to Curb Out-of-Date, Flawed Third-Party Plug-ins

After pushing its “click-to-play” blacklisting function live last fall, Mozilla has announced plans to further implement the security feature in its Firefox browser. The company is planning to make it so only the most recent version of Flash is automatically run on web pages while users will have...

WordPress Plugin Crayon Syntax Highlighter - &#039;wp_load&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/55919/info The Crayon Syntax Highlighter plug-in for WordPress is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these issues may allow a remote attacker to obtain sensitive...

Mozilla Adds Click-to-Play Plugin Security Feature to Firefox Beta

Attackers have been going after vulnerabilities in browser plugins and extensions for years now, as they know that users are slow about updating these components. Even if users have the browser set to update automatically, the third-party components are a separate issue and need to be patched on...

WordPress Plugin PICA Photo Gallery 1.0 - Remote File Disclosure

WordPress Plugin PICA Photo Gallery 1.0 - Remote File Disclosure Description : Wordpress Plugins - PICA Photo Gallery Remote File Disclosure Vulnerability Version : 1.0 Link : http://wordpress.org/extend/plugins/pica-photo-gallery/ Plugins :...

Mozilla Firefox 8.0 Multiple Vulnerabilities

Binary data 801379.prm...

WP VideoWhisper plugin 1. Version 1 0DAY-vulnerability warning-the black bar safety net

EXP: a Date: 2011-09-02 Author: Miroslav Stampar miroslav. stamparatgmail.com @stamparm Software Link: Version: 1.1 tested Note: magicquotes has to be turned off --------------- PoC POST data --------------- s=-1' AND 1=IF21,BENCHMARK5 0 0 0 0 0 0,MD5CHAR115,113,108,109,97,112,0--%2 0 e.g.: curl...

WordPress Plugin image Gallery with Slideshow 1.5 - Multiple Vulnerabilities

WordPress Plugin image Gallery with Slideshow 1.5 - Multiple Vulnerabilities Title: Wordpress image-gallery-with-slideshow plugin = 1.5 Arbitrary file upload / SQL injection Version:1.5 Date: 30-8-2011 Author: Hrvoje Spoljar hrvoje.spoljaratgmail.com Software link:...

maxthon_arbitrary_read-write.html.txt

var iVuln=null; function checkVuln try if external.readFilemaxsecurityid,"m2bookmark","plugin.ini"!=null pls.innerText='Done!'; alert"Vulnerable!"; showFileContent; window.clearIntervaliVuln; else window.status=''; // Refresh the "max.src" script by setting the source file as the same file...

CVE-2004-1753

The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindowNULL calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs...

CVE-2004-1029

The Sun Java Plugin capability in Java 2 Runtime Environment JRE 1.4.201, 1.4.204, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using th...

jdk/jre -- Security Vulnerability With Java Plugin

The Sun Java Plugin capability in Java 2 Runtime Environment JRE 1.4.201, 1.4.204, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code...

Sun Java Plugin 1.4.2 _01 - Cross-Site Applet Sandbox Security Model Violation

source: https://www.securityfocus.com/bid/8857/info A vulnerability has been reported in Java implementations that may potentially allow Java applets from two different domains to violate the sandbox security model and share read/write access to data areas. This violates the principle of isolatio...

Adobe Acrobat Reader plugin trojaning

Because of weak cryptography it's possible to spoof Adobe signature for Acrobat Reader plugins...

VPOPMail Account Administration &#40;squirrel mail&#41; version 0.9.7

Plugin info: http://www.squirrelmail.org/pluginview.php?id=103 Description: VPOPMail Account Administration The plugin lets the user do the tasks he would be able using qmailadmin change password let mails forward create away messages Notes from the README: IMPORTANT For the plugin to work...

CVE-2001-1008

Java Plugin 1.4 for JRE 1.3 executes signed applets even if the certificate is expired, which could allow remote attackers to conduct unauthorized activities via an applet that has been signed by an expired certificate...