144 matches found
CVE-2011-4106
TimThumb timthumb.php before 2.0 does not validate the entire source with the domain white list, which allows remote attackers to upload and execute arbitrary code via a URL containing a white-listed domain in the src parameter, then accessing it via a direct request to the file in the cache...
Design/Logic Flaw
TimThumb timthumb.php before 2.0 does not validate the entire source with the domain white list, which allows remote attackers to upload and execute arbitrary code via a URL containing a white-listed domain in the src parameter, then accessing it via a direct request to the file in the cache...
CVE-2011-4106
TimThumb timthumb.php before 2.0 does not validate the entire source with the domain white list, which allows remote attackers to upload and execute arbitrary code via a URL containing a white-listed domain in the src parameter, then accessing it via a direct request to the file in the cache...
CVE-2011-4106
TimThumb (timthumb.php) prior to version 2.0 contains a flaw where the code does not validate the entire image source against the domain whitelist. This allows a remote attacker to craft a URL with a whitelisted domain in the src parameter to upload and subsequently access a file in the cache dir...
VulnCheck KEV: CVE-2011-4106
TimThumb timthumb.php before 2.0 does not validate the entire source with the domain white list, which allows remote attackers to upload and execute arbitrary code via a URL containing a white-listed domain in the src parameter, then accessing it via a direct request to the file in the cache...
Multiple vulnerabilities in RokNewsPager for WordPress
Hello 3APA3A! I want to warn you about multiple vulnerabilities in plugin RokNewsPager for WordPress. In August 2012 I wrote about multiple vulnerabilities in RokBox for WordPress http://securityvulns.ru/docs28871.html. These vulnerabilities are similar, since the same developers put the same...
Multiple vulnerabilities in RokMicroNews for WordPress
Hello 3APA3A! I want to warn you about multiple vulnerabilities in plugin RokMicroNews for WordPress. In August 2012 I wrote about multiple vulnerabilities in RokBox for WordPress http://securityvulns.ru/docs28871.html. These vulnerabilities are similar, since the same developers put the same...
Multiple vulnerabilities in RokStories for WordPress
Hello 3APA3A! I want to warn you about multiple vulnerabilities in plugin RokStories for WordPress. In August 2012 I wrote about multiple vulnerabilities in RokBox for WordPress http://securityvulns.ru/docs28871.html. These vulnerabilities are similar, since the same developers put the same...
Multiple vulnerabilities in RokMicroNews for WordPress
Hello 3APA3A! I want to warn you about multiple vulnerabilities in plugin RokMicroNews for WordPress. In August 2012 I wrote about multiple vulnerabilities in RokBox for WordPress http://securityvulns.ru/docs28871.html. These vulnerabilities are similar, since the same developers put the same...
Multiple vulnerabilities in RokIntroScroller for WordPress
Hello 3APA3A! I want to warn you about multiple vulnerabilities in plugin RokIntroScroller for WordPress. In August 2012 I wrote about multiple vulnerabilities in RokBox for WordPress http://securityvulns.ru/docs28871.html. These vulnerabilities are similar, since the same developers put the same...
WordPress RokMicroNews 1.5 XSS / DoS / Shell Upload
Hello list! I want to warn you about multiple vulnerabilities in plugin RokMicroNews for WordPress. In August 2012 I wrote about multiple vulnerabilities in RokBox for WordPress http://securityvulns.ru/docs28871.html. These vulnerabilities are similar, since the same developers put the same...
WordPress RokIntroScroller 1.8 XSS / DoS / Disclosure / Upload
Hello list! I want to warn you about multiple vulnerabilities in plugin RokIntroScroller for WordPress. In August 2012 I wrote about multiple vulnerabilities in RokBox for WordPress http://securityvulns.ru/docs28871.html. These vulnerabilities are similar, since the same developers put the same...
WordPress RokNewsPager 1.17 Disclosure / Shell Upload / XSS / DoS
Hello list! I want to warn you about multiple vulnerabilities in plugin RokNewsPager for WordPress. In August 2012 I wrote about multiple vulnerabilities in RokBox for WordPress http://securityvulns.ru/docs28871.html. These vulnerabilities are similar, since the same developers put the same...
WordPress RokStories 1.25 Disclosure / Shell Upload / XSS / DoS
Hello list! I want to warn you about multiple vulnerabilities in plugin RokStories for WordPress. In August 2012 I wrote about multiple vulnerabilities in RokBox for WordPress http://securityvulns.ru/docs28871.html. These vulnerabilities are similar, since the same developers put the same...
WordPress Flash News theme Multiple Vulnerabilities
Exploit for php platform in category web applications I want to warn you about multiple vulnerabilities in Flash News theme for WordPress. This is commercial theme for WP from WooThemes. These are Cross-Site Scripting, Full path disclosure, Abuse of Functionality, Denial of Service, Arbitrary Fil...
WordPress Flash News XSS / DoS / Path Disclosure / Shell Upload
Hello list! I want to warn you about multiple vulnerabilities in Flash News theme for WordPress. This is commercial theme for WP from WooThemes. These are Cross-Site Scripting, Full path disclosure, Abuse of Functionality, Denial of Service, Arbitrary File Upload and Information Leakage...
WordPress Chocolate WP Theme Multiple vulnerabilities
These are Cross-Site Scripting, Full path disclosure, Abuse of Functionality, Denial of Service and Arbitrary File Upload vulnerabilities. Hello list! I want to warn you about multiple vulnerabilities in Chocolate WP theme for WordPress. This is commercial theme for WP. These are Cross-Site...
WordPress Chocolate Theme XSS / Denial Of Service / Shell Upload
Hello list! I want to warn you about multiple vulnerabilities in Chocolate WP theme for WordPress. This is commercial theme for WP. These are Cross-Site Scripting, Full path disclosure, Abuse of Functionality, Denial of Service and Arbitrary File Upload vulnerabilities. In 2011 I wrote about...
WordPress Dailyedition-mouss Multiple Vulnerabilities
WordPress Dailyedition-mouss theme suffers from a remote SQL injection vulnerability, XSS, FPD, AoF, DoS, AFU vulnerabilities. Note that this finding houses site-specific data. I want to warn you about multiple vulnerabilities in Daily Edition Mouss theme for WordPress. In 2011 when I wrote about...
IL, XSS, FPD, AoF, DoS, AFU vulnerabilities in Daily Edition Mouss theme for WordPress
Hello 3APA3A! I want to warn you about multiple vulnerabilities in Daily Edition Mouss theme for WordPress. In 2011 when I wrote about Cross-Site Scripting WASC-08, Full path disclosure WASC-13, Abuse of Functionality WASC-42 and Denial of Service WASC-10 vulnerabilities in TimThumb and multiple...