371 matches found
XSS and CS vulnerabilities in aCMS
Hello 3APA3A! After previous Cross-Site Scripting, Content Spoofing, Information Leakage, Insufficient Authorization and Arbitrary File Uploading vulnerabilities in aCMS, here are new ones. These are Cross-Site Scripting and Content Spoofing vulnerabilities in aCMS. This is commercial CMS...
XSS and CS vulnerability in Soltech.CMS
Hello 3APA3A! Earlier I wrote about SQL Injection vulnerability and these are new holes in Soltech.CMS. There are Cross-Site Scripting and Content Spoofing vulnerabilities in Soltech.CMS. This is commercial CMS. ------------------------- Affected products: ------------------------- Vulnerable are...
Vulnerabilities in Avaya IP Office Customer Call Reporter
Hello 3APA3A! I want to warn you about vulnerabilities in Avaya IP Office Customer Call Reporter. These are Remote HTML Include and Remote XSS Include Cross-Site Scripting vulnerabilities. After I found multiple vulnerabilities in Avaya IP Office Customer Call Reporter in December, I informed ZDI...
XSS and FPD vulnerabilities in WPtouch and WPtouch Pro for WordPress
Hello 3APA3A! I want to inform you about vulnerabilities in WPtouch and WPtouch Pro plugins for WordPress. These are Cross-Site Scripting and Full path disclosure vulnerabilities. These XSS holes are in ZeroClipboard.swf, which is used in the plugin. In February I wrote about Cross-Site Scripting...
CS and XSS vulnerabilities in GDD FLVPlayer
Hello 3APA3A! These are Content Spoofing and Cross-Site Scripting vulnerabilities in GDD FLVPlayer. ------------------------- Affected products: ------------------------- Vulnerable are GDD FLVPlayer v3.635 and previous versions. ------------------------- Affected vendors: -----------------------...
SQL Injection vulnerability in Soltech.CMS
Hello 3APA3A! There is SQL Injection vulnerability in Soltech.CMS. This is commercial CMS. ------------------------- Affected products: ------------------------- Vulnerable are Soltech.CMS v 0.4 and previous versions. ------------------------- Affected vendors: ------------------------- Soltech...
XSS and CS vulnerability in Soltech.CMS
Hello 3APA3A! Earlier I wrote about SQL Injection vulnerability and these are new holes in Soltech.CMS. There are Cross-Site Scripting and Content Spoofing vulnerabilities in Soltech.CMS. This is commercial CMS. ------------------------- Affected products: ------------------------- Vulnerable are...
Vulnerabilities in multiple web applications with GDD FLVPlayer
Hello 3APA3A! These are Content Spoofing and Cross-Site Scripting vulnerabilities in multiple web applications with GDD FLVPlayer. Earlier I've wrote about vulnerabilities in GDD FLVPlayer http://seclists.org/fulldisclosure/2013/Aug/247. This is video and audio player, which is used at thousands...
Soltech.CMS 0.4 Cross Site Scripting / Content Spoofing
Hello list! Earlier I wrote about SQL Injection vulnerability and these are new holes in Soltech.CMS. There are Cross-Site Scripting and Content Spoofing vulnerabilities in Soltech.CMS. This is commercial CMS. ------------------------- Affected products: ------------------------- Vulnerable are...
GDD FLVPlayer 3.635 Cross Site Scripting / Content Spoofing
Hello list! These are Content Spoofing and Cross-Site Scripting vulnerabilities in GDD FLVPlayer. ------------------------- Affected products: ------------------------- Vulnerable are GDD FLVPlayer v3.635 and previous versions. ------------------------- Affected vendors: -------------------------...
Moxiecode Image Manager 3.1.5 XSS / Content Spoofing / Disclosure
Hello list! I want to warn you about vulnerabilities in Moxiecode Image Manager MCImageManager. This is commercial plugin for TinyMCE. It concerns as MCImageManager, as all web applications which have MCImageManager in their bundle. These are Content Spoofing, Cross-Site Scripting and Full Path...
Soltech CMS 0.4 SQL Injection
Hello list! There is SQL Injection vulnerability in Soltech.CMS. This is commercial CMS. ------------------------- Affected products: ------------------------- Vulnerable are Soltech.CMS v 0.4 and previous versions. ------------------------- Affected vendors: ------------------------- Soltech...
WPtouch / WPtouch Pro XSS / Path Disclosure
Hello list! I want to inform you about vulnerabilities in WPtouch and WPtouch Pro plugins for WordPress. These are Cross-Site Scripting and Full path disclosure vulnerabilities. These XSS holes are in ZeroClipboard.swf, which is used in the plugin. In February I wrote about Cross-Site Scripting...
DoS and XSS vulnerabilities in Googlemaps plugin for Joomla
Hello 3APA3A! Earlier I wrote about multiple vulnerabilities in Googlemaps plugin for Joomla http://securityvulns.ru/docs29645.html. After my informing, the developer fixed these vulnerabilities in versions 2.19 and 3.1 of the plugin - by removing proxy functionality. And in version 3.2 of the...
Joomla Googlemaps 3.2 Cross Site Scripting / Denial Of Service
Hello list! Earlier I wrote about multiple vulnerabilities in Googlemaps plugin for Joomla http://securityvulns.ru/docs29645.html. After my informing, the developer fixed these vulnerabilities in versions 2.19 and 3.1 of the plugin - by removing proxy functionality. And in version 3.2 of the plug...
TinyMCE Image Manager 1.1 XSS / File Upload
Hello list! These are Arbitrary File Uploading and Cross-Site Scripting vulnerabilities in TinyMCE Image Manager plugin for TinyMCE. ------------------------- Affected products: ------------------------- Vulnerable are TinyMCE Image Manager 1.1 and previous versions. -------------------------...
AFU and XSS vulnerabilities in TinyMCE Image Manager
Hello 3APA3A! These are Arbitrary File Uploading and Cross-Site Scripting vulnerabilities in TinyMCE Image Manager plugin for TinyMCE. ------------------------- Affected products: ------------------------- Vulnerable are TinyMCE Image Manager 1.1 and previous versions. -------------------------...
Joomla Googlemaps XSS / XML Injection / Path Disclosure / DoS
Hello list! These are Denial of Service, XML Injection, Cross-Site Scripting and Full path disclosure vulnerabilities in Googlemaps plugin for Joomla. ------------------------- Affected products: ------------------------- Vulnerable are Googlemaps plugin for Joomla versions 2.x and 3.x and...
XSS and CS vulnerabilities in TinyMCE Image Manager
Hello 3APA3A! These are Cross-Site Scripting and Content Spoofing vulnerabilities in TinyMCE Image Manager plugin for TinyMCE. ------------------------- Affected products: ------------------------- Vulnerable are TinyMCE Image Manager 1.1 and previous versions. ------------------------- Affected...
IA and AFU vulnerabilities in aCMS
Hello 3APA3A! These are Insufficient Authorization and Arbitrary File Uploading vulnerabilities in aCMS. This is commercial CMS. There are multiple vulnerabilities in aCMS and it's the second part of them. ------------------------- Affected products: ------------------------- Vulnerable are aCMS...