913 matches found
AFU vulnerabilities in MCImageManager for TinyMCE
Hello 3APA3A! I want to warn you about vulnerabilities in Moxiecode Image Manager MCImageManager. This is commercial plugin for TinyMCE. It concerns as MCImageManager, as all web applications which have MCImageManager in their bundle. These are Arbitrary File Uploading vulnerabilities, which lead...
Mandriva Linux Security Advisory : wordpress (MDVSA-2013:189)
Updated wordpress package fixes security vulnerabilities : A denial of service flaw was found in the way Wordpress, a blog tool and publishing platform, performed hash computation when checking password for password protected blog posts. A remote attacker could provide a specially- crafted input...
Moxieplayer Content Spoofing
Hello list! This are Content Spoofing vulnerabilities in TinyMCE and WordPress. Which I've disclosed on Wednesday. In 2011 I already wrote about Content Spoofing in Moxieplayer, when I wrote concerning multiple vulnerabilities in TinyMCE http://securityvulns.ru/docs27349.html, which is a componen...
wordpress -- multiple vulnerabilities
The wordpress development team reports: Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site Disallow contributors from improperly publishing posts An update to the SWFUpload external library to fix cross-site scripting vulnerabilities...
WordPress 3.5.1 - TinyMCE Plugin Flash Applet Unspecified Spoofing Weakness
...
aCMS 1.0 Shell Upload / Insufficient Authorization
Hello list! These are Insufficient Authorization and Arbitrary File Uploading vulnerabilities in aCMS. This is commercial CMS. There are multiple vulnerabilities in aCMS and it's the second part of them. ------------------------- Affected products: ------------------------- Vulnerable are aCMS 1....
WordPress < 3.5.2 Multiple Vulnerabilities
Binary data 6883.prm...
Moxiecode File Manager 3.1.5 Shell Upload
Hello list! I want to warn you about vulnerabilities in Moxiecode File Manager MCFileManager. This is commercial plugin for TinyMCE. It concerns as MCFileManager, as all web applications which have MCFileManager in their bundle. These are Arbitrary File Uploading vulnerabilities, which lead to Co...
Several XSS flaws in the /rest/tinymce/1
I've found several XSS in the urls and parameters listed below. The criticality of the issues is moderated since only browsers that perform content sniffing would be affected e.g. IE7. This limitation comes from the response's Content Type header being set as text/plain. The classical payload...
TinyMCE Ajax File Manager Remote Code Execution
/ | / \ / / \ / /\ \ / / \ | \ / \ \ | | | | /\ /\ / /|| /\ | | || \ \ / / / / / Exploit Title : timynce Ajax File Manager Remote Code Author : By onestree Software Link : http://www.phpletter.com/Demo/Tinymce-Ajax-File-Manager/ tested : windows 7 Dork : inurl:"/plugins/filemanager/" or...
TinyMCE 3.5.8 Cross Site Scripting
Vulnerability Report Author: Justin C. Klein Keane Date: 5 March, 2013 CVE-2012-4230 Description of Vulnerability: ----------------------------- "TinyMCE in itself can not be insecure" http://www.tinymce.com/wiki.php/Security "TinyMCE is a platform independent web based Javascript HTML WYSIWYG...
WordPress TinyMCE Media Plugin <= 3.5.1 - Content Spoofing
A moxieplayer.as does not consider the presence of a character during extraction of the QUERYSTRING. In that way the attackers can pass arbitrary parameters to a Flash application and conduct content-spoofing attacks. Solution Update the plugin...
Fedora Update for tinymce-spellchecker FEDORA-2013-1341
Check for the Version of tinymce-spellchecker OpenVAS Vulnerability Test Fedora Update for tinymce-spellchecker FEDORA-2013-1341 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...
Fedora 18 : tinymce-spellchecker-2.0.5-8.fc18 (2013-1371)
backport security fix Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...
Fedora Update for tinymce-spellchecker FEDORA-2013-1371
Check for the Version of tinymce-spellchecker OpenVAS Vulnerability Test Fedora Update for tinymce-spellchecker FEDORA-2013-1371 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...
Fedora Update for tinymce-spellchecker FEDORA-2013-1341
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora Update for tinymce-spellchecker FEDORA-2013-1371
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora 17 : tinymce-spellchecker-2.0.5-8.fc17 (2013-1341)
backport security fix Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...
[SECURITY] Fedora 17 Update: tinymce-spellchecker-2.0.5-8.fc17
This plugin adds spellchecker functionality to TinyMCE by providing a new button that performs a AJAX call to a back-end PHP page that uses PSpell/ASpell or Google spellchecker...
[SECURITY] Fedora 18 Update: tinymce-spellchecker-2.0.5-8.fc18
This plugin adds spellchecker functionality to TinyMCE by providing a new button that performs a AJAX call to a back-end PHP page that uses PSpell/ASpell or Google spellchecker...