EUVD-2009-4539

Malware in sbrugna...

EUVD-2009-4138

Malware in sbrugna...

EUVD-2011-3569

Malware in sbrugna...

CVE-2011-3610

A Cross-site Scripting XSS vulnerability exists in the Serendipity freetag plugin before 3.30 in the tagcloud parameter to plugins/serendipityeventfreetag/tagcloud.swf...

Cross site scripting

A Cross-site Scripting XSS vulnerability exists in the Serendipity freetag plugin before 3.30 in the tagcloud parameter to plugins/serendipityeventfreetag/tagcloud.swf...

CVE-2011-3610

A Cross-site Scripting XSS vulnerability exists in the Serendipity freetag plugin before 3.30 in the tagcloud parameter to plugins/serendipityeventfreetag/tagcloud.swf...

Horde Webmail 5.2.22 - Multiple Vulnerabilities

Title: Horde Webmail - XSS + CSRF to SQLi, RCE, Stealing Emails var url = "http://webmail.victimserver.com/trean/"; var params =...

Horde Webmail 5.2.22 XSS / CSRF / SQL Injection / Code Execution Exploit

Horde Webmail version 5.2.22 suffers from code execution, cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. Title: Horde Webmail - XSS + CSRF to SQLi, RCE, Stealing Emails var url = "http://webmail.victimserver.com/trean/"; var params =...

WordPress plugin vulnerabilities affect over 100 million websites-vulnerability warning-the black bar safety net

As our Sucuri firewallWAF, vulnerability research part of the project, in order to find the existence of security issues, we have audited the plurality of open source projects. When audit WordPress“NextGEN”Gallery plugin, we found a seriousSQL injectionvulnerabilities. The vulnerability allows an...

NextGEN Gallery < 2.1.79 - Unauthenticated SQL Injection

According to the original source, one of the following conditions must be met for exploitation: 1. The use of a NextGEN Basic TagCloud gallery. 2. If users are able to submit posts to be reviewed contributors...

snazzy-archives <= 1.7.1 - swf/tagcloud.swf tagcloud Parameter XSS

The Snazzy Archives WordPress plugin was affected by a swf/tagcloud.swf tagcloud Parameter XSS security vulnerability...

Vulnerabilities in plugins for MODx CMS, XOOPS, uCoz, Magento and DSP CMS

Hello 3APA3A! Besides tens millions of vulnerable web sites with affected flash files and vulnerable multiple plugins for different engines, which I've wrote about earlier, there are a lot of other vulnerable plugins. Here are new ones some of them are vulnerable to two XSS holes. There are...

Vulnerability in plugins for Typepad, RapidWeaver, Habari, DasBlo, eZ Publish, EE, Serendipity, Social Web CMS, PHP-Fusion, Magento and Sweetcron

Hello 3APA3A! I want to warn you about Cross-Site Scripting vulnerability in multiple plugins for different engines it's combinations of my three publications which I've made earlier at my site. In plugins for Typepad, RapidWeaver, Habari, DasBlo, eZ Publish, EE, Serendipity, Social Web CMS,...

MybbCentral TagCloud 2.0 - Topic HTML Injection

MybbCentral TagCloud 2.0 - Topic HTML Injection source: https://www.securityfocus.com/bid/42406/info TagCloud is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow...

MyBB TagCloud 2.0 Cross Site Scripting

==================================================== MYBB TagCloud 2.0 cross site scripting vulnerability ==================================================== Author: http://www.3ethicalhackers.com Discovered by: http://www.3ethicalhackers.com Original post: http://www.3ethicalhackers.com...

MybbCentral TagCloud 2.0 - &#039;Topic&#039; HTML Injection

source: https://www.securityfocus.com/bid/42406/info TagCloud is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to run in the...

Kasseler CMS Cross Site Scripting

Hello Bugtraq! I want to warn you about security vulnerability in plugin tagcloud for Kasseler CMS ----------------------------- Advisory: Vulnerability in tagcloud for Kasseler CMS ----------------------------- URL: http://websecurity.com.ua/4191/ ----------------------------- Affected product:...

Vulnerability in tagcloud for Kasseler CMS

Здравствуйте 3APA3A! Сообщаю вам о Cross-Site Scripting уязвимости в плагине tagcloud для Kasseler CMS. Данная XSS уязвимость идентична XSS уязвимости в WP-Cumulus и других веб приложениях, о которых я уже сообщал, т.к. приложение использует tagcloud.swf созданный автором WP-Cumulus. Про миллионы...

Vulnerabilities in t3m_cumulus_tagcloud for TYPO3

Здравствуйте 3APA3A! Сообщаю вам о Cross-Site Scripting и Full path disclosure уязвимостях в плагине t3mcumulustagcloud для TYPO3. Данная XSS уязвимость идентична XSS уязвимости в Tagcloud для DLE http://websecurity.com.ua/3927/. Про миллионы флешек tagcloud.swf уязвимых к XSS атакам я упоминал в...

Vulnerability in Tagcloud for DataLife Engine

Здравствуйте 3APA3A! Сообщаю вам о Cross-Site Scripting уязвимости в плагине Tagcloud для DataLife Engine DLE. Данная уязвимость идентична XSS уязвимости в 3D Cloud для Joomla http://websecurity.com.ua/3883/. Про миллионы флешек tagcloud.swf уязвимых к XSS атакам я упоминал в своей статье XSS...