mp3-player 2.5 Cross Site Scripting / Content Spoofing

Hello list! These are Cross-Site Scripting and Content Spoofing vulnerabilities in mp3-player. ------------------------- Affected products: ------------------------- Vulnerable are mp3-player 2.5 and previous versions. ------------------------- Affected vendors: ------------------------- U-Studio...

Multiple vulnerabilities in mp3-player

Hello 3APA3A! These are Cross-Site Scripting and Content Spoofing vulnerabilities in mp3-player. ------------------------- Affected products: ------------------------- Vulnerable are mp3-player 2.5 and previous versions. ------------------------- Affected vendors: ------------------------- U-Stud...

XSS and CS vulnerabilities in aCMS

Hello 3APA3A! After previous Cross-Site Scripting, Content Spoofing, Information Leakage, Insufficient Authorization and Arbitrary File Uploading vulnerabilities in aCMS, here are new ones. These are Cross-Site Scripting and Content Spoofing vulnerabilities in aCMS. This is commercial CMS...

CS, XSS and FPD vulnerabilities in MCImageManager for TinyMCE

Hello 3APA3A! I want to warn you about vulnerabilities in Moxiecode Image Manager MCImageManager. This is commercial plugin for TinyMCE. It concerns as MCImageManager, as all web applications which have MCImageManager in their bundle. These are Content Spoofing, Cross-Site Scripting and Full Path...

GDD FLVPlayer 3.635 Cross Site Scripting / Content Spoofing

Hello list! These are Content Spoofing and Cross-Site Scripting vulnerabilities in GDD FLVPlayer. ------------------------- Affected products: ------------------------- Vulnerable are GDD FLVPlayer v3.635 and previous versions. ------------------------- Affected vendors: -------------------------...

CS, XSS and FPD vulnerabilities in WordPress

Hello 3APA3A! These are Content Spoofing, Cross-Site Scripting and Full path disclosure vulnerabilities in WordPress. At WordPress 3.5.2 release the same at 3.5.1 release, WP developers mentioned about multiple fixed holes, but not about all - to make it looks like there were less fixed holes. So...

XSS and CS vulnerabilities in Dotclear

Hello 3APA3A! These are Cross-Site Scripting and Content Spoofing vulnerabilities in Dotclear. CMS Dotclear has three vulnerable flash-files: swfupload.swf, playerflv.swf and playermp3.swf. File swfupload.swf it's Swfupload. I've wrote about vulnerabilities in Swfupload in November 2012...

CS и XSS уязвимости в Zeema CMS

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Content Spoofing и Cross-Site Scripting уязвимостях в системе Zeema CMS. Это украинская коммерческая CMS. Content Spoofing WASC-12: В связи с возможностью прямого обращения к скрипту http://site/counter/counter.php с подделкой параметра ref и...

Уязвимости в FLV Player

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Content Spoofing и Cross-Site Scripting уязвимостях в флеш видео плеере FLV Player. Content Spoofing WASC-12: Флешки плеера FLV Player принимают произвольные адреса в параметре configxml, что позволяет подделать содержимое флешки - например, указа...