Code injection

Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted...

CVE-2011-4825

CVE-2011-4825 describes a static code injection vulnerability in the file inc/function.base.php of the Ajax File and Image Manager (used in various products). The flaw allows remote attackers to inject arbitrary PHP code into the file data.php via crafted parameters. Affected versions include Aja...

Multiple vulnerabilities in RoundCube

Hello 3APA3A! I want to warn you about multiple vulnerabilities in RoundCube. These are Brute Force, Content Spoofing, Cross-Site Scripting and Clickjacking vulnerabilities. CS and XSS are in TinyMCE, which is included with RoundCube. ------------------------- Affected products:...

RoundCube 0.6 Content Spoofing / Cross Site Scripting

Hello list! I want to warn you about multiple vulnerabilities in RoundCube. These are Brute Force, Content Spoofing, Cross-Site Scripting and Clickjacking vulnerabilities. CS and XSS are in TinyMCE, which is included with RoundCube. ------------------------- Affected products:...

CVE-2011-4563

Cross-site scripting XSS vulnerability in index.php in JAKCMS 2.0.4.1, and possibly other versions before 2.2.6 2011-09-23, allows remote attackers to inject arbitrary web script or HTML via the userpost parameter in a PM request, related to tinymce. NOTE: some of these details are obtained from...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in JAKCMS 2.0.4.1, and possibly other versions before 2.2.6 2011-09-23, allows remote attackers to inject arbitrary web script or HTML via the userpost parameter in a PM request, related to tinymce. NOTE: some of these details are obtained from...

CVE-2011-4563

Cross-site scripting XSS vulnerability in index.php in JAKCMS 2.0.4.1, and possibly other versions before 2.2.6 2011-09-23, allows remote attackers to inject arbitrary web script or HTML via the userpost parameter in a PM request, related to tinymce. NOTE: some of these details are obtained from...

TinyMCE / flvPlayer Cross Site Scripting / Disclosure

No description provided by source. I want to warn you about multiple vulnerabilities in TinyMCE and flvPlayer and hundreds of web applications and tens millions of web sites. These are Full path disclosure, Content Spoofing and Cross-Site Scripting vulnerabilities in TinyMCE CS and XSS are in...

PT-2011-4991 · Jakcms +1 · Jakcms +1

Name of the Vulnerable Software and Affected Versions: JAKCMS versions prior to 2.2.6 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the userpost parameter in a PM request, related to tinymce. Recommendations: For versions prior to...

Multiple vulnerabilities in TinyMCE and flvPlayer and hundreds of web applications

Hello 3APA3A! I want to warn you about multiple vulnerabilities in TinyMCE and flvPlayer and hundreds of web applications and tens millions of web sites. These are Full path disclosure, Content Spoofing and Cross-Site Scripting vulnerabilities in TinyMCE CS and XSS are in flvPlayer, which is...

TinyMCE / flvPlayer Cross Site Scripting / Disclosure

Hello list! I want to warn you about multiple vulnerabilities in TinyMCE and flvPlayer and hundreds of web applications and tens millions of web sites. These are Full path disclosure, Content Spoofing and Cross-Site Scripting vulnerabilities in TinyMCE CS and XSS are in flvPlayer, which is includ...

WordPress Zingiri 2.2.3 Code Execution

get; 41. ifremoveTrailingSlash$sessionAction-getFolder == getParentPath$POST'id' && sizeof$selectedDocuments 42. 43. if$key = arraysearchbasename$POST'id', $selectedDocuments !== false 44. 45. $selectedDocuments$key = $POST'value'; 46. $sessionAction-set$selectedDocuments; 47. 48. 49. echo...

Code Execution and FPD vulnerabilities in Simple:Press Forum for WordPress

Hello 3APA3A! I want to warn you about multiple security vulnerabilities in plugin Simple:Press Forum for WordPress. These are Code Execution and Full path disclosure vulnerabilities. Code Execution WASC-31: Execution of arbitrary code is possible via TinyBrowser. As I already told concerning...

CVE-2011-3718

CMS Made Simple CMSMS 1.9.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/TinyMCE/TinyMCE.module.php and certain other files. NOTE: this might overlap CVE-2007-5444...

Information disclosure

CMS Made Simple CMSMS 1.9.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/TinyMCE/TinyMCE.module.php and certain other files. NOTE: this might overlap CVE-2007-5444...

iManager Plugin 1.2.8 Arbitrary File Deletion

iManager Plugin v1.2.8 d Remote Arbitrary File Deletion Vulnerability Vendor: net4visions.com Product web page: http://www.net4visions.com Affected version: = 1.2.8 Build 02012008 Summary: With iManager you can manage your files/images on your webserver, and it provides user interface to most of...

XSS и BF уязвимости в Drupal

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting и Brute Force уязвимостях в Drupal. XSS WASC-08: На страницах с формами например на странице комментария http://site/comment/reply/1, как формах добавления, так и редактирования данных, которые защищены токеном от CSRF, возмож...

Drupal 6.22 Cross Site Scripting

------------------------- Affected products: ------------------------- Vulnerable are Drupal 6.22 and previous versions. Taking into account that developers didn't fixed these holes, then versions 7.x also must be vulnerable. ---------- Details: ---------- XSS WASC-08: At pages with forms i.e. at...

XSS и AoF уязвимости в Drupal

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting и Abuse of Functionality уязвимостях в Drupal. XSS WASC-08: При добавлении или изменении данных в любых внутренних формах добавление/изменение поста и т.д. можно провести persistent XSS атаку. XSS код выполнится при посещении...

FestOS <= 2.3c TinyBrowser File Upload Code Execution

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...