MiracleLinux 3 : libtiff-3.8.2-7.7.0.1.AXS3 (AXSA:2011-140:02)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-140:02 advisory. The libtiff package contains a library of functions for manipulating TIFF Tagged Image File Format image format files. TIFF is a widely used file format for...

Arbitrary Code Execution

libtiff is vulnerable to arbitrary code execution. The vulnerability exists as a heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF files encoded with a 4-bit run-length encoding scheme from ThunderScan. An attacker could use this flaw to create a specially-crafte...

WordPress Strong Testimonials 2.31.4 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Advisory Title: WordPress Strong Testimonials Plugin Multiple XSS Vulnerabilities Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Strong Testimonials plugin Language: PHP Version: 2.31.4 and below Vendor Status:...

WordPress Gwolle Guestbook 2.5.3 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Advisory Title: WordPress Gwolle Guestbook Plugin XSS Security Vulnerability Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Gwolle Guestbook plugin Language: PHP Version: 2.5.3 and below Vendor Status: Vendor...

WordPress Snazzy Maps 1.1.3 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Advisory Title: WordPress Snazzy Maps Plugin Multiple XSS Vulnerabilities Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Snazzy Maps plugin Language: PHP Version: 1.1.3 and below Vendor Status: Vendor contacted, no...

WordPress Gwolle Guestbook 2.5.3 Cross Site Scripting

DefenseCode ThunderScan SAST Advisory: WordPress Gwolle Guestbook Plugin XSS Security Vulnerability Advisory ID: DC-2018-05-008 Advisory Title: WordPress Gwolle Guestbook Plugin XSS Security Vulnerability Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Gwolle Guestbook...

WordPress Snazzy Maps 1.1.3 Cross Site Scripting

DefenseCode ThunderScan SAST Advisory: WordPress Snazzy Maps Plugin Multiple XSS Security Vulnerabilities Advisory ID: DC-2018-05-006 Advisory Title: WordPress Snazzy Maps Plugin Multiple XSS Vulnerabilities Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Snazzy Maps...

WordPress WP Google Map 4.0.4 SQL Injection

DefenseCode ThunderScan SAST Advisory: WordPress WP Google Map Plugin Multiple SQL injection Security Vulnerabilities Advisory ID: DC-2018-05-002 Advisory Title: WordPress WP Google Map Plugin Multiple SQL injection Vulnerabilities Advisory URL: http://www.defensecode.com/advisories.php Software:...

WordPress Ultimate Form Builder Lite 1.3.7 XSS / SQL Injection

DefenseCode ThunderScan SAST Advisory: WordPress Ultimate Form Builder Lite Plugin Multiple Vulnerabilities XSS and SQLi Advisory ID: DC-2018-05-009 Advisory Title: WordPress Ultimate Form Builder Lite Plugin Multiple Vulnerabilities XSS and SQLi Advisory URL:...

WordPress Contact Form Maker 1.12.20 XSS / CSRF / SQL Injection

DefenseCode ThunderScan SAST Advisory: WordPress Contact Form Maker Plugin Multiple Security Vulnerabilities Advisory ID: DC-2018-05-004 Advisory Title: WordPress Contact Form Maker Plugin Multiple Vulnerabilities Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Contact...

WordPress Form Maker 1.12.24 XSS / CSRF / SQL Injection

DefenseCode ThunderScan SAST Advisory: WordPress Form Maker Plugin Multiple Security Vulnerabilities Advisory ID: DC-2018-05-001 Advisory Title: WordPress Form Maker Plugin Multiple Vulnerabilities Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Form Maker plugin...

SugarCRM Community Edition 6.5.26 SQL Injection

DefenseCode ThunderScan SAST Advisory SugarCRM Community Edition Multiple SQL Injection Vulnerabilities Advisory ID: DC-2018-01-011 Advisory Title: SugarCRM Community Edition Multiple SQL Injection Vulnerabilities Advisory URL: http://www.defensecode.com/advisories.php Software: SugarCRM Communit...

WordPress Smooth Slider 2.8.6 SQL Injection

DefenseCode ThunderScan SAST Advisory: WordPress Smooth Slider Plugin SQL injection Security Vulnerability Advisory ID: DC-2018-01-004 Advisory Title: WordPress Smooth Slider Plugin SQL injection Security Vulnerability Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress...

WordPress Testimonial Slider 1.2.4 SQL Injection

DefenseCode ThunderScan SAST Advisory: WordPress Testimonial Slider Plugin SQL injection Security Vulnerability Advisory ID: DC-2018-01-005 Advisory Title: WordPress Testimonial Slider Plugin SQL injection Security Vulnerability Advisory URL: http://www.defensecode.com/advisories.php Software:...

Testimonial Slider <= 1.2.4 - Authenticated SQL Injection

During the security analysis, ThunderScan discovered SQL injection vulnerability in Testimonial Slider WordPress plugin. The easiest way to reproduce the vulnerability is to visit the provided URL while being logged in as administrator or another user that is authorized to access the plugin...

WordPress Clean Up Optimizer 4.0.0 SQL Injection Vulnerability

WordPress Clean Up Optimizer plugin versions 4.0.0 and below suffer from a remote SQL injection vulnerability. Advisory Title: WordPress Clean Up Optimizer Plugin Security Vulnerability Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Clean Up Optimizer plugin Language:...

WordPress Booking Calendar 7.0 / 7.1 SQL Injection / Local File Inclusion Vulnerabilities

WordPress Booking Calendar plugin versions 7.1, 7.0, and below suffer from remote SQL injection and local file inclusion vulnerabilities. Advisory Title: WordPress Booking Calendar Plugin Multiple Vulnerabilities Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Booking...

WordPress Clean Up Optimizer 4.0.0 SQL Injection

DefenseCode ThunderScan SAST Advisory: WordPress Clean Up Optimizer Plugin Security Vulnerability Advisory ID: DC-2017-12-004 Advisory Title: WordPress Clean Up Optimizer Plugin Security Vulnerability Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Clean Up Optimizer...

WordPress Top-10 2.4.2 SQL Injection

DefenseCode ThunderScan SAST Advisory: WordPress Top-10 Plugin SQL Injection Security Vulnerability Advisory ID: DC-2017-12-003 Advisory Title: WordPress Top-10 Plugin SQL Injection Security Vulnerability Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Top-10 plugin...

WordPress Ad Widget 2.10.0 Local File Inclusion Vulnerability

WordPress Ad Widget plugin versions 2.10.0 and below suffer from a local file inclusion vulnerability. Advisory Title: WordPress Ad Widget Plugin Local file Inclusion A Security Vulnerability Advisory URL:A A http://www.defensecode.com/advisories.php Software:A A A A A A WordPress Ad Widget plugi...