Lucene search
+L

120 matches found

Patchstack
Patchstack
added 2015/05/31 12:0 a.m.19 views

WordPress WP Smiley Plugin <= 1.4.1 - XSS

This vulnerability allows an authenticated user to inject arbitrary web script or HTML via the "s4w-more" parameter to wp-admin/options-general.php. Solution Update the plugin...

3.5CVSS1.4AI score0.01564EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2015/05/31 12:0 a.m.18 views

WordPress WP Smiley Plugin <= 1.4.1 - CSRF

This vulnerability allows an attacker to hijack the authentication of editors for requests that conduct cross-site scripting XSS attacks via the "s4w-more" parameter to the smilies4wp.php page to wp-admin/options-general.php. Solution Update the plugin...

6.8CVSS4.6AI score0.01149EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/05/29 12:0 a.m.24 views

WP Smiley <= 1.4.1 - CSRF & Cross-Site Scripting (XSS)

Cross-Site scripting XSS in smilies4wp.php in the WP Smiley plugin 1.4.1 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the s4w-more parameter to wp-admin/options-general.php...

6.8CVSS3.4AI score0.01564EPSS
Exploits2References2Affected Software1
Talos
Talos
added 2014/11/06 12:0 a.m.59 views

Pidgin Theme/Smiley Untar Arbitrary File Write Vulnerability

Talos Vulnerability Report VRT-2014-0205 Pidgin Theme/Smiley Untar Arbitrary File Write Vulnerability November 6, 2014 CVE Number CVE-2014-3697 Description An exploitable remote code execution vulnerability exists in Pidgin’s implementation of the TAR archive parsing functionality. An attacker wh...

6.4CVSS7.2AI score0.03838EPSS
Exploits0
NVD
NVD
added 2014/10/29 10:55 a.m.28 views

CVE-2014-3697

Absolute path traversal vulnerability in the untarblock function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar archive of a smiley theme...

6.4CVSS6.6AI score0.03838EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2014/10/29 10:55 a.m.34 views

CVE-2014-3697

Absolute path traversal vulnerability in the untarblock function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar archive of a smiley theme...

6.4CVSS6AI score0.03838EPSS
Exploits0References3
Prion
Prion
added 2014/10/29 10:55 a.m.27 views

Path traversal

Absolute path traversal vulnerability in the untarblock function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar archive of a smiley theme...

6.4CVSS7.1AI score0.03838EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2014/10/29 10:0 a.m.35 views

CVE-2014-3697

Absolute path traversal vulnerability in the untarblock function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar archive of a smiley theme...

6.4AI score0.03838EPSS
Exploits0References4
securityvulns
securityvulns
added 2014/10/27 12:0 a.m.69 views

[slackware-security] pidgin &#40;SSA:2014-296-02&#41;

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security pidgin SSA:2014-296-02 New pidgin packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+...

6.4CVSS7.5AI score0.03838EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/10/27 12:0 a.m.44 views

Pidgin < 2.10.10 Multiple Vulnerabilities

The version of Pidgin installed on the remote host is a version prior to 2.10.10. It is, therefore, affected by the following vulnerabilities : - An error exists in the included libpurple library related the SSL Basic Constraints extension and Certificate Authority CA verification that allows...

6.4CVSS7.5AI score0.03838EPSS
Exploits0References11
Slackware Linux
Slackware Linux
added 2014/10/24 5:36 a.m.46 views

[slackware-security] pidgin

New pidgin packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: pidgin-2.10.10-i486-1slack14.1.txz: Upgraded. This update fixes several security issues: Insufficient SSL certificate...

6.4CVSS9.2AI score0.03838EPSS
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

AOL Instant Messenger 4.x/5.x Smiley Icon Location Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13553/info AOL Instant Messenger is reported prone to a remote denial of service vulnerability. The issue manifests when the affected client application handles a chat invitation, a file transfer, or a game request that...

7.1AI score
Exploits0
Drupal
Drupal
added 2012/11/14 12:0 a.m.24 views

SA-CONTRIB-2012-164 - Smiley module and Smileys module - Cross Site Scripting (XSS)

These modules enable you to substitutes text emoticons, like :-, with images. These modules don't sufficiently sanitize user defined smiley acronyms before displaying smiley images. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer...

4.8CVSS5.1AI score0.00963EPSS
Exploits0References10
OpenVAS
OpenVAS
added 2012/09/10 12:0 a.m.29 views

Slackware: Security Advisory (SSA:2004-239-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.4AI score0.05427EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.30 views

Scientific Linux Security Update : pidgin on SL4.x, SL5.x i386/x86_64

CVE-2009-3026 pidgin: ignores SSL/TLS requirements with old jabber servers CVE-2009-2703 Pidgin: NULL pointer dereference by handling IRC topics DoS CVE-2009-3083 Pidgin: NULL pointer dereference by processing incomplete MSN SLP invite DoS CVE-2009-3085 Pidgin: NULL pointer dereference by...

5CVSS5.3AI score0.02683EPSS
Exploits1References5
Packet Storm
Packet Storm
added 2012/07/16 12:0 a.m.35 views

SMF Board 2.0.2 Cross Site Scripting

Title: ====== SMF Board v2.0.2 - Multiple Web Vulnerabilities Date: ===== 2012-06-25 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=596 VL-ID: ===== 624 Common Vulnerability Scoring System: ==================================== 4.1 Introduction: ============= Simple...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2012/07/16 12:0 a.m.25 views

Simple Machines 2.0.2 - Multiple HTML Injection Vulnerabilities

Simple Machines 2.0.2 - Multiple HTML Injection Vulnerabilities source: https://www.securityfocus.com/bid/54456/info Simple Machines is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2012/07/16 12:0 a.m.40 views

Simple Machines 2.0.2 - Multiple HTML Injection Vulnerabilities

source: https://www.securityfocus.com/bid/54456/info Simple Machines is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script cod...

7.4AI score
Exploits0
Vulnerability Lab
Vulnerability Lab
added 2012/06/25 12:0 a.m.16 views

SMF Board v2.0.2 - Multiple Web Vulnerabilities

Document Title: =============== SMF Board v2.0.2 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=596 Release Date: ============= 2012-06-25 Vulnerability Laboratory ID VL-ID: ==================================== 624 Common...

7.4AI score
Exploits0
0day.today
0day.today
added 2010/08/15 12:0 a.m.39 views

MYBB 1.6 (admin/index.php) XSS Vulnerabilities

Exploit for php platform in category web applications ============================================== MYBB 1.6 admin/index.php XSS Vulnerabilities ============================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, ...

7.1AI score
Exploits0
Rows per page
Query Builder