120 matches found
WordPress WP Smiley Plugin <= 1.4.1 - XSS
This vulnerability allows an authenticated user to inject arbitrary web script or HTML via the "s4w-more" parameter to wp-admin/options-general.php. Solution Update the plugin...
WordPress WP Smiley Plugin <= 1.4.1 - CSRF
This vulnerability allows an attacker to hijack the authentication of editors for requests that conduct cross-site scripting XSS attacks via the "s4w-more" parameter to the smilies4wp.php page to wp-admin/options-general.php. Solution Update the plugin...
WP Smiley <= 1.4.1 - CSRF & Cross-Site Scripting (XSS)
Cross-Site scripting XSS in smilies4wp.php in the WP Smiley plugin 1.4.1 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the s4w-more parameter to wp-admin/options-general.php...
Pidgin Theme/Smiley Untar Arbitrary File Write Vulnerability
Talos Vulnerability Report VRT-2014-0205 Pidgin Theme/Smiley Untar Arbitrary File Write Vulnerability November 6, 2014 CVE Number CVE-2014-3697 Description An exploitable remote code execution vulnerability exists in Pidgin’s implementation of the TAR archive parsing functionality. An attacker wh...
CVE-2014-3697
Absolute path traversal vulnerability in the untarblock function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar archive of a smiley theme...
CVE-2014-3697
Absolute path traversal vulnerability in the untarblock function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar archive of a smiley theme...
Path traversal
Absolute path traversal vulnerability in the untarblock function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar archive of a smiley theme...
CVE-2014-3697
Absolute path traversal vulnerability in the untarblock function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar archive of a smiley theme...
[slackware-security] pidgin (SSA:2014-296-02)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security pidgin SSA:2014-296-02 New pidgin packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+...
Pidgin < 2.10.10 Multiple Vulnerabilities
The version of Pidgin installed on the remote host is a version prior to 2.10.10. It is, therefore, affected by the following vulnerabilities : - An error exists in the included libpurple library related the SSL Basic Constraints extension and Certificate Authority CA verification that allows...
[slackware-security] pidgin
New pidgin packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: pidgin-2.10.10-i486-1slack14.1.txz: Upgraded. This update fixes several security issues: Insufficient SSL certificate...
AOL Instant Messenger 4.x/5.x Smiley Icon Location Remote Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13553/info AOL Instant Messenger is reported prone to a remote denial of service vulnerability. The issue manifests when the affected client application handles a chat invitation, a file transfer, or a game request that...
SA-CONTRIB-2012-164 - Smiley module and Smileys module - Cross Site Scripting (XSS)
These modules enable you to substitutes text emoticons, like :-, with images. These modules don't sufficiently sanitize user defined smiley acronyms before displaying smiley images. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer...
Slackware: Security Advisory (SSA:2004-239-01)
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Scientific Linux Security Update : pidgin on SL4.x, SL5.x i386/x86_64
CVE-2009-3026 pidgin: ignores SSL/TLS requirements with old jabber servers CVE-2009-2703 Pidgin: NULL pointer dereference by handling IRC topics DoS CVE-2009-3083 Pidgin: NULL pointer dereference by processing incomplete MSN SLP invite DoS CVE-2009-3085 Pidgin: NULL pointer dereference by...
SMF Board 2.0.2 Cross Site Scripting
Title: ====== SMF Board v2.0.2 - Multiple Web Vulnerabilities Date: ===== 2012-06-25 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=596 VL-ID: ===== 624 Common Vulnerability Scoring System: ==================================== 4.1 Introduction: ============= Simple...
Simple Machines 2.0.2 - Multiple HTML Injection Vulnerabilities
Simple Machines 2.0.2 - Multiple HTML Injection Vulnerabilities source: https://www.securityfocus.com/bid/54456/info Simple Machines is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content...
Simple Machines 2.0.2 - Multiple HTML Injection Vulnerabilities
source: https://www.securityfocus.com/bid/54456/info Simple Machines is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script cod...
SMF Board v2.0.2 - Multiple Web Vulnerabilities
Document Title: =============== SMF Board v2.0.2 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=596 Release Date: ============= 2012-06-25 Vulnerability Laboratory ID VL-ID: ==================================== 624 Common...
MYBB 1.6 (admin/index.php) XSS Vulnerabilities
Exploit for php platform in category web applications ============================================== MYBB 1.6 admin/index.php XSS Vulnerabilities ============================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, ...