26 matches found
WordPress RokBox Plugin - Multiple Vulnerabilities
This plugin is prone to multiple vulnerabilities. Solution Update plugin...
WordPress RokBox Plugin <= 2.13 - Multiple Vulnerabilities
This plugin is prone to multiple vulnerabilities: 1. Path Disclosure via thumb.php "src" parameter. 2. Cross site scripting in thumb.php "src" parameter. 3. Direct request path disclosure in rokbox.php. 4. Arbitrary file upload via thumb.php "src" parameter. 5. Direct request error log informatio...
WordPress Refraction Theme XSS / Content Spoofing / Path Disclosure
Hello list! In 2012 I've disclosed vulnerabilities in JW Player and in RokBox. Which were fixed by the developers - JW Player developers fixed one hole and promised to fix others later and RokBox developers fixed all holes but it was questionable how they fixed holes related to JW Player. In...
RokBox <= 2.13 - jwplayer/jwplayer.swf abouttext Parameter XSS
The wprokbox WordPress plugin was affected by a jwplayer/jwplayer.swf abouttext Parameter XSS security vulnerability...
RokBox <= 2.13 - thumb.php src Parameter Malformed Input Path Disclosure
The wprokbox WordPress plugin was affected by a thumb.php src Parameter Malformed Input Path Disclosure security vulnerability...
RokBox <= 2.13 - thumb.php src Parameter XSS
The wprokbox WordPress plugin was affected by a thumb.php src Parameter XSS security vulnerability...
RokBox <= 2.13 - error_log Direct Request Error Log Information Disclosure
The wprokbox WordPress plugin was affected by an errorlog Direct Request Error Log Information Disclosure security vulnerability...
RokBox <= 2.13 - thumb.php src Parameter Arbitrary File Upload
The wprokbox WordPress plugin was affected by a thumb.php src Parameter Arbitrary File Upload security vulnerability...
RokBox <= 2.13 - rokbox.php Direct Request Path Disclosure
The wprokbox WordPress plugin was affected by a rokbox.php Direct Request Path Disclosure security vulnerability...
Multiple vulnerabilities in Colormix theme for WordPress
Hello 3APA3A! Last year I've disclosed vulnerabilities in JW Player and in RokBox. Which were fixed by the developers - JW Player developers fixed one hole and promised to fix others later and RokBox fixed all holes but it was questionable how they fixed holes related to JW Player. In December I'...
WordPress Colormix theme XSS / Full path disclosure Vulnerability
Exploit for php platform in category web applications Last year I've disclosed vulnerabilities in JW Player and in RokBox. Which were fixed by the developers - JW Player developers fixed one hole and promised to fix others later and RokBox fixed all holes but it was questionable how they fixed...
WordPress Colormix XSS / Content Spoofing / Path Disclosure
Hello list! Last year I've disclosed vulnerabilities in JW Player and in RokBox. Which were fixed by the developers - JW Player developers fixed one hole and promised to fix others later and RokBox fixed all holes but it was questionable how they fixed holes related to JW Player. In December I've...
CS and XSS vulnerabilities in BuddyPress for WordPress
Hello 3APA3A! I want to warn you about multiple security vulnerabilities in plugin BuddyPress for WordPress. I've disclosed vulnerabilities in JW Player in June and August including in commercial version JW Player Pro and disclosed vulnerabilities in Rokbox in December. And BuddyPress uses this...
Multiple vulnerabilities in multiple themes for WordPress
Hello 3APA3A! Some time ago, when I've found vulnerabilities in plugin BuddyPress for WordPress particularly in Affinity BuddyPress theme for it with Rokbox, which I disclosed earlier, I also found multiple vulnerable themes for WP with Rokbox. So I want to warn you about multiple vulnerabilities...
XSS and CS vulnerabilities in BuddyPress for WordPress
Hello 3APA3A! I want to warn you about multiple security vulnerabilities in plugin BuddyPress for WordPress. I've disclosed vulnerabilities in JW Player in June and August including in commercial version JW Player Pro and disclosed vulnerabilities in Rokbox in December. And BuddyPress uses this...
Multiple vulnerabilities in RocketTheme themes for WordPress
Hello 3APA3A! Earlier I've wrote to the list about multiple vulnerabilities in multiple themes for WordPress http://seclists.org/fulldisclosure/2012/Dec/236. In that later I've mentioned 16 themes by RocketTheme with Rokbox: Afterburner, Refraction, Solarsentinel, Mixxmag, Iridium, Infuse,...
WordPress Rokbox Themes Content Spoofing / XSS
Hello list! Some time ago, when I've found vulnerabilities in plugin BuddyPress for WordPress particularly in Affinity BuddyPress theme for it with Rokbox, which I disclosed earlier, I also found multiple vulnerable themes for WP with Rokbox. So I want to warn you about multiple vulnerabilities i...
WordPress BuddyPress Cross Site Scripting / Content Spoofing
Hello list! I want to warn you about multiple security vulnerabilities in plugin BuddyPress for WordPress. I've disclosed vulnerabilities in JW Player in June and August including in commercial version JW Player Pro and disclosed vulnerabilities in Rokbox in December. And BuddyPress uses this...
WordPress Rokbox Plugin Multiple Vulnerabilities
WordPress Rokbox Plugin is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress...
Multiple vulnerabilities in RokBox for WordPress
Hello 3APA3A! I want to warn you about multiple security vulnerabilities in plugin Rokbox for WordPress. These are Cross-Site Scripting, Full path disclosure, Abuse of Functionality, Denial of Service, Arbitrary File Upload, Content Spoofing and Information Leakage vulnerabilities. Rokbox uses...