EUVD-2009-4138

Malware in sbrugna...

EUVD-2009-4139

Malware in sbrugna...

CVE-2009-4169

Cross-site scripting XSS vulnerability in wp-cumulus.php in the WP-Cumulus Plug-in before 1.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

WordPress WP-Cumulus <= 1.20 - Vulnerabilities

No description provided by source. I want to warn you about security vulnerabilities in plugin WP-Cumulus for WordPress. These are Full path disclosure and Cross-Site Scripting vulnerabilities. Full path disclosure: http://server/wp-content/plugins/wp-cumulus/wp-cumulus.php XSS:...

WordPress WP-Cumulus Plugin 1.x 'tagcloud.swf' Cross-Site Scripting Vulnerability

No description provided by source. !/usr/bin/env python coding=utf-8 import md5 import urllib2 from pocsuite.api.request import req from pocsuite.api.poc import register from pocsuite.api.poc import Output, POCBase ''' 位置：...

New XSS vulnerability in WP-Cumulus for WordPress and multiple web applications and millions web sites

Hello 3APA3A! I want to warn you about new Cross-Site Scripting vulnerability in WP-Cumulus for WordPress and multiple web applications and millions web sites. Earlier I wrote about XSS vulnerability in WP-Cumulus, which I've disclosed in 2009 http://securityvulns.com/Wdocument842.html, and many...

WP-Cumulus - Cross Site Scripting Vulnerabily

The wp-cumulus WordPress plugin was affected by a Cross Site Scripting Vulnerabily security vulnerability...

Vulnerability in multiple themes for Drupal

Hello list! The endless saga continue. After informing about a lot of vulnerable plugins and widgets with this swf-file, here is information about multiple vulnerable themes ;-. I want to warn you about Cross-Site Scripting vulnerability in multiple themes for Drupal. And a lot of other themes fo...

WP-Cumulus Variants Cross Site Scripting

Hello list! I want to warn you about Cross-Site Scripting vulnerability in multiple plugins for different engines it's combinations of my two publications which I've made last week at my site. In plugins for RapidWeaver, Habari, DasBlo, eZ Publish, EE, Serendipity, Social Web CMS, PHP-Fusion,...

Уязвимость в b-cumulus

Здравствуйте 3APA3A! Сообщаю вам о Cross-Site Scripting уязвимости b-cumulus. Это виджет для Blogger, что также используется на отдельных сайтах. Данная XSS уязвимость идентична XSS уязвимости в WP-Cumulus, т.к. приложение использует модифицированную версию tagcloud.swf разработанную автором...

Cross-Site Scripting vulnerability in Blogumus

Hello 3APA3A! I want to warn you about Cross-Site Scripting vulnerability in Blogumus for Blogger It is similar to XSS vulnerability in WP-Cumulus http://websecurity.com.ua/3665/, because it's using tagcloud.swf made by author of WP-Cumulus. About millions of flash files tagcloud.swf which are...

Joomla JVClouds3D Cross Site Scripting / HTML Injection

Hello Bugtraq! I want to warn you about Cross-Site Scripting vulnerability in JVClouds3D modjvclouds3D plugin for Joomla. Which I found at 08.01.2010. It is similar to XSS vulnerability in Joomulus for Joomla http://websecurity.com.ua/3801/. About millions of flash files tagcloud.swf which are...

Joomulus Cross Site Scripting

Hello Bugtraq! I want to warn you about Cross-Site Scripting vulnerability in Joomulus modjoomulus plugin for Joomla. Which I found at 23.12.2009. It is similar to XSS vulnerability in WP-Cumulus http://websecurity.com.ua/3665/, because it's using tagcloud.swf made by author of WP-Cumulus. About...

CVE-2009-4170

WP-Cumulus Plug-in 1.20 for WordPress, and possibly other versions, allows remote attackers to obtain sensitive information via a crafted request to wp-cumulus.php, probably without parameters, which reveals the installation path in an error message...

Cross site scripting

Cross-site scripting XSS vulnerability in wp-cumulus.php in the WP-Cumulus Plug-in before 1.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2009-4168

Cross-site scripting XSS vulnerability in Roy Tanck tagcloud.swf, as used in the WP-Cumulus plugin before 1.23 for WordPress and the Joomulus module 2.0 and earlier for Joomla!, allows remote attackers to inject arbitrary web script or HTML via the tagcloud parameter in a tags action. Cross-site...

CVE-2009-4169

Cross-site scripting XSS vulnerability in wp-cumulus.php in the WP-Cumulus Plug-in before 1.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Design/Logic Flaw

WP-Cumulus Plug-in 1.20 for WordPress, and possibly other versions, allows remote attackers to obtain sensitive information via a crafted request to wp-cumulus.php, probably without parameters, which reveals the installation path in an error message...

Cross site scripting

Cross-site scripting XSS vulnerability in Roy Tanck tagcloud.swf, as used in the WP-Cumulus plugin before 1.23 for WordPress and the Joomulus module 2.0 and earlier for Joomla!, allows remote attackers to inject arbitrary web script or HTML via the tagcloud parameter in a tags action. Cross-site...

CVE-2009-4168

CVE-2009-4168 is an XSS in Roy Tanck tagcloud.swf used by WP-Cumulus plugin (WordPress) and Joomulus module; tagcloud parameter in a tags action enables remote script/HTML injection. Affected: WP-Cumulus before 1.23 and Joomulus 2.0 and earlier. Root cause: tagcloud.swf parameter handling allows ...