136 matches found
CVE-2016-4566
Cross-site scripting XSS vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution SOME attack...
CVE-2016-4566
Cross-site scripting XSS vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution SOME attack...
CVE-2016-4566
The CVE-2016-4566 entry concerns a cross-site scripting (XSS) vulnerability in plupload.flash.swf (Plupload before 2.1.9) used by WordPress before 4.5.2. The flaw allows remote attackers to inject arbitrary script or HTML via a Same-Origin Method Execution (SOME) attack. Public details from conne...
WordPress Same Origin Method Execution Vulnerability (May 2016) - Linux
WordPress is prone to same origin method execution vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
WordPress Same Origin Method Execution Vulnerability (May 2016) - Windows
WordPress is prone to same origin method execution vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
WordPress < 4.5.2 Multiple XSS Vulnerabilities (May 2016) - Linux
WordPress is prone to multiple cross-site scripting XSS vulnerabilities in third-party libraries. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...
WordPress < 4.5.2 Multiple Vulnerabilities (ImageTragick)
According to its self-reported version number, the WordPress application running on the remote web server is prior to 4.5.2. It is, therefore, affected by the following vulnerabilities : - A remote code execution vulnerability, known as ImageTragick, exists in the ImageMagick library due to a...
Zomato: Reflected XSS on business-blog.zomato.com - Part 2
Hi guys, I would like to report a reflected XSS on business-blog.zomato.com. 1. Open Chrome and Firefox latest versions 2. Open https://business-blog.zomato.com/wp-includes/js/plupload/plupload.flash.swf?target%g=alert&uid%g=hello& 3. Payload is executed Check the attached screenshot. Solution: -...
[BSA-110] Security Update for wordpress
Craig Small [email protected] uploaded new packages for wordpress which fixed the following securty problems: CVE-2016-4566 Reflected XSS in PLupload and mediaelement For the jessie-backports distribution the problems have been fixed in version 4.5.2+dfsg-1bpo8+1 Craig Small @smallsees...
FreeBSD : wordpress -- multiple vulnerabilities (3686917b-164d-11e6-94fa-002590263bf5)
Helen Hou-Sandi reports : WordPress 4.5.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.5.1 and earlier are affected by a SOME vulnerability through Plupload, the third-party library...
WordPress 4.5.2 Security Release
WordPress vulnerabilities continue to be a magnet for hackers laden with exploit kits, and as recently as February, crippling ransomware attacks. As a result, WordPress has already released three security updates this year, the latest for the content management system coming last Friday, bringing...
WordPress has an unspecified vulnerability (CNVD-2016-02898)
WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress 4.5.1 and earlier versions. The vulnerability can be exploited b...
WordPress <= 4.5.1 - XSS
This vulnerability in plupload.flash.swf in Plupload before 2.1.9 allows an attacker to inject arbitrary web script or HTML via a Same-Origin Method Execution SOME attack. Solution Update WordPress...
wordpress -- multiple vulnerabilities
Helen Hou-Sandi reports: WordPress 4.5.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.5.1 and earlier are affected by a SOME vulnerability through Plupload, the third-party library...
WordPress < 3.5.1 Multiple Vulnerabilities
Binary data 9095.prm...
WordPress plupload Cross-Site Scripting Vulnerability - Linux
WordPress is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
WordPress plupload Cross-Site Scripting Vulnerability - Windows
WordPress is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Microweber 1.0.3 - Arbitrary File Upload Filter Bypass PHP Remote Code Execution
Microweber 1.0.3 - Arbitrary File Upload Filter Bypass PHP Remote Code Execution Microweber v1.0.3 File Upload Filter Bypass Remote PHP Code Execution Vendor: Microweber Team Product web page: http://www.microweber.com Affected version: 1.0.3 Summary: Microweber is an open source drag and drop...
Wordpress Ephox Plupload Cross-Site Scripting Vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed in PHP language, which supports setting up personal blog sites on PHP and MySQL servers.Ephox Plupload is a Web browser-based file upload module from Ephox, which supports displaying upload progress, automatic image...
CVE-2015-3439
Cross-site scripting XSS vulnerability in the Ephox formerly Moxiecode plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as...