WordPress Backup Plugin 2.0.1 Information Disclosure

No description provided by source. Exploit Title: WordPress Backup plugin exposes site data Google Dork: http://www.google.com/search?q=inurl:wp-content/backup.log Date: 01-jul-2012 Exploit Author: Stephan Knauss Vendor Homepage: http://wordpress.org/extend/plugins/backup/ Software Link:...

Wordpress MM Forms Community Plugin 2.2.6 - Arbitrary File Upload

No description provided by source. Description : Wordpress Plugins - MM Forms Community Arbitrary File Upload Vulnerability Version : 2.2.5 - 2.2.6 Link : http://wordpress.org/extend/plugins/mm-forms-community/ Plugins : http://downloads.wordpress.org/plugin/mm-forms-community.zip Date : 24-05-20...

Netscape Communicator 4.06/4.5/4.6/4.51/4.61 EMBED Buffer Overflow Vulnerability

No description provided by source. / source: http://www.securityfocus.com/bid/618/info In several versions of Netscape Communicator, there is an unchecked buffer in the code that handles EMBED tags. The buffer is in the 'plugins page' option. This vulnerability can be exploited by a malicious...

Nagios Plugin check_ups Local Buffer Overflow PoC

No description provided by source. Advisory: Nagios Plugin 'checkups' local buffer overflow Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on nagios-plugins-1.4.15 Vendor URL: http://nagiosplugins.org/ ./checkups -u perl -e 'print Ax16407' buffer...

Wordpress Fancy Gallery Plugin 1.2.4 - Arbitrary File Upload

No description provided by source. Description : Wordpress Plugins - Fancy Gallery Arbitrary File Upload Vulnerability Version : 1.2.4 link : http://codecanyon.net/item/fancy-gallery-wordpress-plugin/400535 Price : 18$ Date : 22-06-2012 Google Dork : inurl:/wp-content/plugins/radykal-fancy-galler...

Nagios Plugins 1.4.2/1.4.9 Location Header Remote Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25952/info Nagios Plugins are prone to a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer. Exploiting this iss...

amember 3.1.7 - (xss/sql/hi) Multiple Vulnerabilities

No description provided by source. AMember - Multiple Vulnerabilities Version Affected: 3.1.7 Apr-10-2009 newest Info: aMember is a flexible membership and subscription management PHP script. It has support for PayPal, BeanStream, 2Checkout, NoChex, VeriSign PayFlow, Authorize.Net, PaySystems,...

Nagios Plugins check_dhcp 2.0.2 - Arbitrary Option File Read Race Condition

Nagios Plugins checkdhcp 2.0.2 - Arbitrary Option File Read Race Condition ============================================= - Release date: 28.06.2014 - Discovered by: Dawid Golunski - Severity: Moderate ============================================= I. VULNERABILITY ------------------------- checkdh...

Zero-Day TimThumb WebShot Vulnerability leaves Thousands of Wordpress Blogs at Risk

Yesterday we learned of a critical Zero-day vulnerability in a popular image resizing library called TimThumb, which is used in thousands WordPress themes and plugins. WordPress is a free and open source blogging tool and a content management system CMS with more than 30,000 plugins, each of whic...

Multiple WordPress Plugins (TimThumb 2.8.13 / WordThumb 1.07) - 'WebShot' Remote Code Execution

| | / | \ | |/ |/ | / | | | | | | | | | | | | | / \ | | | || || | |\ | || | | / | | |/|| ||// \| Wordpress TimThumb 2.8.13 WebShot Remote Code Execution 0-day Affected website : a lot Wordpress Themes, Plugins, 3rd party components Exploit Author : @u0x Pichaya Morimoto Release dates :...

TimThumb 2.8.13 Remote Code Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 | | / | \ | |/ |/ | / | | | | | | | | | | | | | / \ | | | || || | |\ | || | | / | | |/|| ||// \| Wordpress TimThumb 2.8.13 WebShot Remote Code Execution 0-day Affected website : a lot Wordpress Themes, Plugins, 3rd party components Exploit...

SA-CONTRIB-2014-061 - VideoWhisper Webcam Plugins - Cross Site Scripting (XSS) - Unsupported

Includes multiple modules for video communications including room listing, pay per view access control. The module doesn't sufficiently filter user supplied text from the url reflected cross site scripting. No special permissions are required to exploit this issue. There are no mitigating factors...

CVE-2014-4165

Cross-site scripting XSS vulnerability in ntop allows remote attackers to inject arbitrary web script or HTML via the title parameter in a list action to plugins/rrdPlugin...

Cross site scripting

Cross-site scripting XSS vulnerability in ntop allows remote attackers to inject arbitrary web script or HTML via the title parameter in a list action to plugins/rrdPlugin...

CVE-2014-4165

CVE-2014-4165 is an XSS in ntop's web interface: lack of filtering in the title parameter of links to rrdPlugin allows remote attackers to inject script/HTML. Affected component is ntop’s web UI (plugins/rrdPlugin). Impact is XSS for users viewing the interface. Remediation: updated ntop packages...

openSUSE Security Update : MozillaFirefox (openSUSE-SU-2012:1345-1)

The Mozilla suite received following security updates bnc783533 : Mozilla Firefox was updated to 16.0.1. Mozilla SeaMonkey was updated to 2.13.1. Mozilla Thunderbird was updated to 16.0.1. Mozilla XULRunner was updated to 16.0.1. - MFSA 2012-88/CVE-2012-4191 bmo798045 Miscellaneous memory safety...

openSUSE Security Update : pidgin (openSUSE-SU-2013:0511-1)

Pidgin was updated to 2.10.7 to fix various security issues and the bug that IRC did not work at all in 12.3. Changes : - Add pidgin-irc-sasl.patch: link irc module to SASL. Allows the IRC module to be loaded bnc806975. - Update to version 2.10.7 bnc804742 : + Alien hatchery : - No changes +...

openSUSE Security Update : pidgin / pidgin-branding-openSUSE (openSUSE-SU-2014:0239-1)

Update to version 2.10.8 bnc861019 : + General: Python build scripts and example plugins are now compatible with Python 3 pidgin.im15624. + libpurple : - Fix potential crash if libpurple gets an error attempting to read a reply from a STUN server CVE-2013-6484. - Fix potential crash parsing a...

Cross site scripting

Cross-site scripting XSS vulnerability in plugins/jojocore/forgotpassword.php in Jojo before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter to forgot-password/...

Snoopy - A distributed tracking and data interception framework

Snoopy is a distributed tracking and profiling framework which can perform interesting tracking and profiling of mobile users through the use of WiFi. There have been recent initiatives from numerous governments to legalise the monitoring of citizens’ Internet based communications web sites...