30 matches found
EUVD-2015-4375
Malware in sbrugna...
EUVD-2014-8421
Malware in sbrugna...
EUVD-2015-4374
Malware in sbrugna...
CVE-2014-8584
Cross-site scripting XSS vulnerability in the Web Dorado Spider Video Player aka WordPress Video Player plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
WordPress Spider Video Player Plugin <= 2.1 - Reflected Cross Site Scripting
This plugin is prone to a cross site scripting vulnerability via "get" parameter. Solution Upgrade the plugin...
Wordpress Spider Video Player插件-settings.php文件-跨站脚本漏洞
No description provided by source...
CVE-2015-4352
Cross-site request forgery CSRF vulnerability in the Spider Video Player module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete videos via unspecified vectors...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the Spider Video Player module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete videos via unspecified vectors...
Code injection
The Spider Video Player module for Drupal allows remote authenticated users with the "access Spider Video Player administration" permission to delete arbitrary files via a crafted URL...
CVE-2015-4352
The CVE-2015-4352 entry concerns the Drupal Spider Video Player module. Multiple sources confirm a CSRF vulnerability that can cause an administrator’s authenticated session to be used to delete videos via specially crafted requests (vectors not specified). Impact is limited to admin actions like...
CVE-2015-4351
CVE-2015-4351 affects the Drupal Spider Video Player module. Remote authenticated users with the access Spider Video Player administration permission could delete arbitrary files via a crafted URL. The issue stems from insufficient validation of delete requests (and related CSRF protections) in t...
CVE-2015-4352
Cross-site request forgery CSRF vulnerability in the Spider Video Player module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete videos via unspecified vectors...
SA-CONTRIB-2015-059 - Spider Video Player - Multiple vulnerabilities - Unsupported
Spider Video Player module enables you to add HTML5 and Flash videos to your site. The module doesn't sufficiently check user input when deleting files. A malicious user could delete arbitrary files by making a request to a specially-crafted URL. This vulnerability is mitigated by the fact that t...
WordPress Web Dorado Spider Video Player XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescription...
CVE-2014-8584
Cross-site scripting XSS vulnerability in the Web Dorado Spider Video Player aka WordPress Video Player plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in the Web Dorado Spider Video Player aka WordPress Video Player plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
WordPress Spider Video Player Plugin <= 1.5.1 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via unspecified vectors. Solution Update the plugin...
Joomla! Spider Video Player Component <= 2.8.3 SQLi Vulnerability - Active Check
Joomla! Spider video player Component is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Joomla! Component spidervideoplayer - theme SQL Injection
Joomla! Component spidervideoplayer - theme SQL Injection source: https://www.securityfocus.com/bid/69422/info Spider Video Player extension for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An...
Joomla! Component spidervideoplayer - 'theme' SQL Injection
source: https://www.securityfocus.com/bid/69422/info Spider Video Player extension for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker may leverage this issue to compromise the application...