jetlib.sec » Tags » plugin

Feeds

133445 items (0 unread) in 27 feeds

• 1337day (was: Inj3ct0r, 1337db)
• OSVDB Vulnerabilities
• Exploit-DB
• SecurityFocus Vulnerabilities
• Bugtraq
• Full Disclosure
• XSSed
• Packet Storm Security Headlines
• Packet Storm Security Advisories
• Packet Storm Security Exploits
• Packet Storm Security Recent Files
• Packet Storm Security Tools
• Packet Storm Security Misc. Files
• Sophos security news
• Sophos product advisories
• Penetration Testing
• SecuriTeam
• BackTrack Linux Forums
• Threatpost
• SecDocs
• carnal0wnage.attackresearch.com
• Carnal0wnage
• Kernel Fun
• Darknet
• The Exploitant
• Hack a Day
• Wirevolution

210 items tagged "plugin"

Related tags: imanager [+], file upload [+], sql injection [+], mandriva linux [+], vulnerabilities [+], timthumb [+], manager wordpress [+], cache directory [+], webapps [+], universal [+], post [+], inclusion [+], disclosure [+], backwpup [+], arbitrary html [+], uninstall [+], script code [+], protocol [+], proof of concept [+], openjdk [+], mysql [+], icedtea [+], code execution [+], winamp [+], video [+], spamassassin [+], sap [+], recaptcha [+], protocol analysis [+], poc [+], plugin v1 [+], plugin dll [+], packet analyzer [+], nagios [+], milter [+], local buffer overflow [+], irfanview [+], ikiwiki [+], ibrowser [+], htmlscrubber [+], forum [+], flashpix [+], file deletion [+], exploits [+], diag [+], cve [+], command execution [+], based buffer overflow [+], album gallery [+], Related [+], wp starsratebox [+], utf 8 [+], txt [+], stack overflow [+], stack based [+], socialgrid [+], social [+], shell [+], sermonbrowser [+], recip [+], random php [+], plugin check [+], netbeans [+], mod [+], mlfi [+], memory function [+], mandriva [+], linux security [+], lanoba [+], jira [+], igallery [+], human [+], https certificates [+], gimp plugin [+], gimp [+], firefox [+], file [+], contact [+], check ups [+], check [+], buffer overflow vulnerabilities [+], arbitrary command [+], zero day [+], wpsc mijnpress [+], wp cumulus [+], window handle [+], version [+], transmission [+], trackback [+], tar gz [+], system monitor [+], sim im [+], sieve [+], serendipity [+], safer use [+], remote script [+], reader plugin [+], oscar [+], myldlinker [+], msn protocol [+], msn [+], joomla [+], information disclosure vulnerability [+], hijacking [+], gkrellm [+], freetag [+], execution [+], dovecot [+], directory traversal vulnerability [+], cumulus [+], core design [+], core [+], buffer overflow vulnerability [+], appointment [+], application [+], adrotate [+], adobe reader [+], activex plugin [+], day [+], wordpress plugin [+], z vote [+], z category [+], xss [+], xinha [+], wpsc [+], wp recaptcha [+], whatweb [+], webcam [+], web plugin [+], web application [+], vote [+], viewer plugin [+], viewer [+], users [+], ups [+], twitter [+], thecartpress [+], text widget [+], tagninja [+], stack buffer [+], sql [+], spyeye [+], socialengine [+], server plugin [+], server [+], security advisory [+], search plugin [+], search [+], remote file include vulnerability [+], remote [+], relevanssi [+], registration [+], query field [+], privacy [+], polls [+], plugin development [+], player plugin [+], php sql [+], photo gallery [+], penetration [+], page parameter [+], origin [+], nucleus [+], novell iprint [+], new [+], music [+], mupdf [+], munkyscripts [+], multiple buffer overflow [+], modul [+], microphone [+], mcfilemanager [+], manager ezpmutils [+], manager ez [+], malicious attacker [+], macgurublog [+], listing [+], jquery [+], jetty web [+], jetty [+], icedtea web [+], heap [+], global search [+], global [+], geeklog [+], forgery [+], flv player [+], flowplayer [+], flagshow [+], firefox plugin [+], eventify [+], event registration [+], event id [+], event [+], email [+], eclipse [+], downloads [+], donation [+], document [+], destination buffer [+], contus [+], content management systems [+], configuration [+], commerce [+], code [+], bugtraq [+], browser [+], blog [+], adobe viewer [+], adobe [+], adminimize [+], absolute privacy [+], Skype [+], plugin version [+], cross site scripting [+], site [+], cross [+], vulnerability [+], wordpress [+]

• May 24, 2012
• 7:36

  New SpyEye Plugin Takes Control Of Webcam And Microphone

   » ‎ Packet Storm Security Headlines
  New SpyEye Plugin Takes Control Of Webcam And Microphone

  Tags:  spyeye plugin new microphone webcam  

• May 02, 2012
• 9:05

  Bugtraq: Re: Wordpress WPsc-MijnPress plugin Cross-Site Scripting Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  Re: Wordpress WPsc-MijnPress plugin Cross-Site Scripting Vulnerabilities

  Tags:  plugin wordpress wpsc-mijnpress  

• April 30, 2012
• 9:00

  Bugtraq: Wordpress WPsc-MijnPress plugin Cross-Site Scripting Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  Wordpress WPsc-MijnPress plugin Cross-Site Scripting Vulnerabilities

  Tags:  plugin wordpress wpsc-mijnpress wpsc  

• April 16, 2012
• 0:00

  Vuln: IrfanView FlashPix PlugIn CVE-2012-0278 Heap Based Buffer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  IrfanView FlashPix PlugIn CVE-2012-0278 Heap Based Buffer Overflow Vulnerability

  Tags:  irfanview flashpix plugin buffer-overflow-vulnerability based-buffer-overflow heap  

• April 13, 2012
• 14:00

  [webapps / 0day] - Wordpress Plugin Email Before Download

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Wordpress Plugin Email Before Download

  Tags:  day wordpress plugin email  

• April 09, 2012
• 14:00

  [webapps / 0day] - WordPress annonces plugin LFI Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - WordPress annonces plugin LFI Vulnerability

  Tags:  plugin day wordpress vulnerability  

• 14:00

  [webapps / 0day] - WordPress thecartpress plugin LFI Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - WordPress thecartpress plugin LFI Vulnerability

  Tags:  plugin day wordpress vulnerability  

• 14:00

  [webapps / 0day] - WordPress thecartpress plugin LFI Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - WordPress thecartpress plugin LFI Vulnerability

  Tags:  plugin day wordpress vulnerability  

• February 20, 2012
• 0:00

  Vuln: WordPress Absolute Privacy Plugin 'abpr_authenticateUser()' Security Bypass Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  WordPress Absolute Privacy Plugin 'abpr_authenticateUser()' Security Bypass Vulnerability

  Tags:  plugin privacy wordpress absolute-privacy vulnerability  

• February 08, 2012
• 8:16

  Netbeans Jira Plugin SSL Certificate Fail

   » ‎ Packet Storm Security Advisories
  The Netbeans Jira plugin does not validate HTTPS certificates and is quietly vulnerable to man in the middle attacks.

  Tags:  netbeans plugin jira https-certificates  

• 8:16

  Netbeans Jira Plugin SSL Certificate Fail

   » ‎ Packet Storm Security Recent Files
  The Netbeans Jira plugin does not validate HTTPS certificates and is quietly vulnerable to man in the middle attacks.

  Tags:  netbeans plugin jira https-certificates  

• 8:16

  Netbeans Jira Plugin SSL Certificate Fail

   » ‎ Packet Storm Security Misc. Files
  The Netbeans Jira plugin does not validate HTTPS certificates and is quietly vulnerable to man in the middle attacks.

  Tags:  netbeans plugin jira https-certificates  

• January 12, 2012
• 14:00

  [webapps / 0day] - WordPress wp-autoyoutube plugin Blind SQL Injection Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - WordPress wp-autoyoutube plugin Blind SQL Injection Vulnerability

  Tags:  plugin day wordpress sql-injection vulnerability  

• January 09, 2012
• 0:00

  Vuln: WordPress Adminimize Plugin 'page' Parameter Cross Site Scripting Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  WordPress Adminimize Plugin 'page' Parameter Cross Site Scripting Vulnerability

  Tags:  plugin adminimize wordpress page-parameter cross-site-scripting vulnerability  

• December 31, 2011
• 0:00

  Vuln: WordPress TheCartPress Plugin 'OptionsPostsList.php' Cross Site Scripting Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  WordPress TheCartPress Plugin 'OptionsPostsList.php' Cross Site Scripting Vulnerability

  Tags:  plugin wordpress thecartpress vulnerability  

• December 29, 2011
• 10:00

  Bugtraq: Re: Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  Re: Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities

  Tags:  plugin wordpress site album-gallery  

• December 26, 2011
• 14:00

  [dos / poc] - Nagios Plugin check_ups Local Buffer Overflow PoC

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [dos / poc] - Nagios Plugin check_ups Local Buffer Overflow PoC

  Tags:  poc plugin nagios local-buffer-overflow ups  

• 7:27

  Nagios Plugin check_ups Buffer Overflow

   » ‎ Packet Storm Security Exploits
  Nagios Plugin check_ups local buffer overflow proof of concept exploit.

  Tags:  plugin check nagios local-buffer-overflow check-ups plugin-check  

• 7:27

  Nagios Plugin check_ups Buffer Overflow

   » ‎ Packet Storm Security Recent Files
  Nagios Plugin check_ups local buffer overflow proof of concept exploit.

  Tags:  plugin check nagios local-buffer-overflow check-ups plugin-check  

• 7:27

  Nagios Plugin check_ups Buffer Overflow

   » ‎ Packet Storm Security Misc. Files
  Nagios Plugin check_ups local buffer overflow proof of concept exploit.

  Tags:  plugin check nagios local-buffer-overflow check-ups plugin-check  

• December 21, 2011
• 13:43

  IrfanView FlashPix Plugin Double-Free

   » ‎ Packet Storm Security Exploits
  A vulnerability in the IrfanView FlashPix plugin exists due to the "Free_All_Memory()" function not properly setting certain decoder elements to NULL after freeing them, which can be exploited to cause a double-free condition via specially crafted FPX images. Proof of concept exploit included.

  Tags:  irfanview plugin flashpix memory-function proof-of-concept  

• 13:43

  IrfanView FlashPix Plugin Double-Free

   » ‎ Packet Storm Security Recent Files
  A vulnerability in the IrfanView FlashPix plugin exists due to the "Free_All_Memory()" function not properly setting certain decoder elements to NULL after freeing them, which can be exploited to cause a double-free condition via specially crafted FPX images. Proof of concept exploit included.

  Tags:  irfanview plugin flashpix memory-function proof-of-concept  

• 13:43

  IrfanView FlashPix Plugin Double-Free

   » ‎ Packet Storm Security Misc. Files
  A vulnerability in the IrfanView FlashPix plugin exists due to the "Free_All_Memory()" function not properly setting certain decoder elements to NULL after freeing them, which can be exploited to cause a double-free condition via specially crafted FPX images. Proof of concept exploit included.

  Tags:  irfanview plugin flashpix memory-function proof-of-concept  

• December 14, 2011
• 8:03

  Bugtraq: Re: Wordpress skysa-official plugin Cross-Site Scripting Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  Re: Wordpress skysa-official plugin Cross-Site Scripting Vulnerabilities

  Tags:  plugin wordpress site  

• December 13, 2011
• 10:00

  Bugtraq: Wordpress the-welcomizer plugin Cross-Site Scripting Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  Wordpress the-welcomizer plugin Cross-Site Scripting Vulnerabilities

  Tags:  plugin wordpress site vulnerabilities  

• December 12, 2011
• 10:00

  Bugtraq: WordPress flash-album-gallery Plugin 'flagshow.php' Cross Site Scripting Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  WordPress flash-album-gallery Plugin 'flagshow.php' Cross Site Scripting Vulnerability

  Tags:  plugin wordpress flagshow vulnerability album-gallery  

• December 11, 2011
• 15:24

  Mandriva Linux Security Advisory 2011-183

   » ‎ Packet Storm Security Advisories
  Mandriva Linux Security Advisory 2011-183 - When receiving various stanzas related to voice and video chat, the XMPP protocol plugin failed to ensure that the incoming message contained all required fields, and would crash if certain fields were missing. When receiving various messages related to requesting or receiving authorization for adding a buddy to a buddy list, the oscar protocol plugin failed to validate that a piece of text was UTF-8. In some cases invalid UTF-8 data would lead to a crash. When receiving various incoming messages, the SILC protocol plugin failed to validate that a piece of text was UTF-8. In some cases invalid UTF-8 data would lead to a crash. This update provides pidgin 2.10.1, which is not vulnerable to these issues.

  Tags:  plugin mandriva protocol mandriva-linux linux-security utf-8  

• 15:24

  Mandriva Linux Security Advisory 2011-183

   » ‎ Packet Storm Security Recent Files
  Mandriva Linux Security Advisory 2011-183 - When receiving various stanzas related to voice and video chat, the XMPP protocol plugin failed to ensure that the incoming message contained all required fields, and would crash if certain fields were missing. When receiving various messages related to requesting or receiving authorization for adding a buddy to a buddy list, the oscar protocol plugin failed to validate that a piece of text was UTF-8. In some cases invalid UTF-8 data would lead to a crash. When receiving various incoming messages, the SILC protocol plugin failed to validate that a piece of text was UTF-8. In some cases invalid UTF-8 data would lead to a crash. This update provides pidgin 2.10.1, which is not vulnerable to these issues.

  Tags:  plugin mandriva protocol mandriva-linux linux-security utf-8  

• 15:24

  Mandriva Linux Security Advisory 2011-183

   » ‎ Packet Storm Security Misc. Files
  Mandriva Linux Security Advisory 2011-183 - When receiving various stanzas related to voice and video chat, the XMPP protocol plugin failed to ensure that the incoming message contained all required fields, and would crash if certain fields were missing. When receiving various messages related to requesting or receiving authorization for adding a buddy to a buddy list, the oscar protocol plugin failed to validate that a piece of text was UTF-8. In some cases invalid UTF-8 data would lead to a crash. When receiving various incoming messages, the SILC protocol plugin failed to validate that a piece of text was UTF-8. In some cases invalid UTF-8 data would lead to a crash. This update provides pidgin 2.10.1, which is not vulnerable to these issues.

  Tags:  plugin mandriva protocol mandriva-linux linux-security utf-8  

• 14:00

  [webapps / 0day] - Wordpress plugin 1.0.4 UPM-POLLS blind SQL Injection

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Wordpress plugin 1.0.4 UPM-POLLS blind SQL Injection

  Tags:  plugin day wordpress sql-injection wordpress-plugin polls  

• December 08, 2011
• 9:01

  Bugtraq: Re: Wordpress pretty-link.1.5.2 plugin Cross-Site Scripting Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  Re: Wordpress pretty-link.1.5.2 plugin Cross-Site Scripting Vulnerabilities

  Tags:  plugin wordpress site  

• 9:01

  Bugtraq: Re: Wordpress pretty-link.1.5.2 plugin Cross-Site Scripting Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  Re: Wordpress pretty-link.1.5.2 plugin Cross-Site Scripting Vulnerabilities

  Tags:  plugin wordpress site  

• December 06, 2011
• 0:00

  Vuln: WordPress Users Plugin "uid" Parameter SQL Injection Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  WordPress Users Plugin "uid" Parameter SQL Injection Vulnerability

  Tags:  plugin wordpress users vulnerability  

• 0:00

  Vuln: WordPress AdRotate Plugin 'adrotate-out.php' SQL Injection Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  WordPress AdRotate Plugin 'adrotate-out.php' SQL Injection Vulnerability

  Tags:  plugin wordpress adrotate sql-injection vulnerability  

• December 01, 2011
• 13:00

  Bugtraq: Re: Serendipity freetag plugin 'serendipity[tagview]' Cross-Site Scripting vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Re: Serendipity freetag plugin 'serendipity[tagview]' Cross-Site Scripting vulnerability

  Tags:  plugin serendipity freetag vulnerability  

• 11:00

  Bugtraq: Re: Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  Re: Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities

  Tags:  plugin wordpress site album-gallery  

• 11:00

  Bugtraq: Re: Wordpress plugin BackWPup Remote and Local Code Execution Vulnerability - SOS-11-003

   » ‎ SecurityFocus Vulnerabilities
  Re: Wordpress plugin BackWPup Remote and Local Code Execution Vulnerability - SOS-11-003

  Tags:  plugin wordpress backwpup code-execution vulnerability  

• November 30, 2011
• 10:01

  Bugtraq: Wordpress 1-jquery-photo-gallery-slideshow-flash plugin Cross-Site Scripting Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  Wordpress 1-jquery-photo-gallery-slideshow-flash plugin Cross-Site Scripting Vulnerabilities

  Tags:  plugin wordpress site vulnerabilities photo-gallery jquery  

• 10:01

  Bugtraq: Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities

  Tags:  plugin wordpress site album-gallery  

• November 29, 2011
• 10:00

  Bugtraq: Re: Re: wordpress Lanoba Social Plugin Xss Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  Re: Re: wordpress Lanoba Social Plugin Xss Vulnerabilities

  Tags:  social plugin lanoba  

• November 28, 2011
• 10:00

  Bugtraq: Wordpress skysa-official plugin Cross-Site Scripting Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  Wordpress skysa-official plugin Cross-Site Scripting Vulnerabilities

  Tags:  plugin wordpress site  

• November 21, 2011
• 14:03

  Bugtraq: Re: wordpress Lanoba Social Plugin Xss Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  Re: wordpress Lanoba Social Plugin Xss Vulnerabilities

  Tags:  social plugin lanoba  

• 13:00

  Bugtraq: Wordpress adminimize Plugin Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  Wordpress adminimize Plugin Vulnerabilities

  Tags:  vulnerabilities wordpress plugin  

• 12:00

  Bugtraq: Wordpress advanced-text-widget Plugin Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  Wordpress advanced-text-widget Plugin Vulnerabilities

  Tags:  vulnerabilities wordpress plugin text-widget  

• 12:00

  Bugtraq: Wordpress alert-before-your-post Plugin Cross-Site Scripting Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  Wordpress alert-before-your-post Plugin Cross-Site Scripting Vulnerabilities

  Tags:  wordpress plugin site  

• 10:00

  Bugtraq: wordpress Lanoba Social Plugin Xss Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  wordpress Lanoba Social Plugin Xss Vulnerabilities

  Tags:  social plugin lanoba wordpress  

• November 16, 2011
• 0:00

  Vuln: IcedTea-Web Plugin CVE-2011-3377 Same Origin Policy Bypass Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  IcedTea-Web Plugin CVE-2011-3377 Same Origin Policy Bypass Vulnerability

  Tags:  icedtea-web origin plugin web-plugin cve vulnerability  

• November 02, 2011
• 21:00

  [webapps / 0day] - Wordpress plugin FBConnect SQL Injection Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Wordpress plugin FBConnect SQL Injection Vulnerability

  Tags:  plugin day wordpress sql-injection vulnerability wordpress-plugin  

• October 28, 2011
• 0:00

  Vuln: Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities

  Tags:  dovecot sieve plugin buffer-overflow-vulnerabilities  

• October 17, 2011
• 14:41

  AP DIAG Decompress Plugin For Wireshark 0.1b

   » ‎ Packet Storm Security Recent Files
  SAP DIAG Plugin extends the basic functionality of the WireShark network packet analyzer and provides additional features of SAP DIAG protocol analysis. This extension allows one to collect and decompress SAP DIAG packets in the course of interaction between SAP Front-end client software and SAP application servers. To install you must copy plugin pt_sap_diag_wireshark_plugin.dll in folder %WiresharkInstallDir%/plugins/%version%.

  Tags:  diag plugin sap plugin-dll protocol-analysis packet-analyzer  

• 14:41

  AP DIAG Decompress Plugin For Wireshark 0.1b

   » ‎ Packet Storm Security Recent Files
  SAP DIAG Plugin extends the basic functionality of the WireShark network packet analyzer and provides additional features of SAP DIAG protocol analysis. This extension allows one to collect and decompress SAP DIAG packets in the course of interaction between SAP Front-end client software and SAP application servers. To install you must copy plugin pt_sap_diag_wireshark_plugin.dll in folder %WiresharkInstallDir%/plugins/%version%.

  Tags:  diag plugin sap plugin-dll protocol-analysis packet-analyzer  

• 14:41

  AP DIAG Decompress Plugin For Wireshark 0.1b

   » ‎ Packet Storm Security Misc. Files
  SAP DIAG Plugin extends the basic functionality of the WireShark network packet analyzer and provides additional features of SAP DIAG protocol analysis. This extension allows one to collect and decompress SAP DIAG packets in the course of interaction between SAP Front-end client software and SAP application servers. To install you must copy plugin pt_sap_diag_wireshark_plugin.dll in folder %WiresharkInstallDir%/plugins/%version%.

  Tags:  diag plugin sap plugin-dll protocol-analysis packet-analyzer  

• 14:41

  AP DIAG Decompress Plugin For Wireshark 0.1b

   » ‎ Packet Storm Security Misc. Files
  SAP DIAG Plugin extends the basic functionality of the WireShark network packet analyzer and provides additional features of SAP DIAG protocol analysis. This extension allows one to collect and decompress SAP DIAG packets in the course of interaction between SAP Front-end client software and SAP application servers. To install you must copy plugin pt_sap_diag_wireshark_plugin.dll in folder %WiresharkInstallDir%/plugins/%version%.

  Tags:  diag plugin sap plugin-dll protocol-analysis packet-analyzer  

• 10:00

  Bugtraq: WordPress Plugin BackWPUp 2.1.4 - Security Advisory - SOS-11-012

   » ‎ SecurityFocus Vulnerabilities
  WordPress Plugin BackWPUp 2.1.4 - Security Advisory - SOS-11-012

  Tags:  backwpup plugin wordpress security-advisory  

• October 16, 2011
• 21:00

  [dos / poc] - WordPress Plugin member-random DoS

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [dos / poc] - WordPress Plugin member-random DoS

  Tags:  poc plugin wordpress wordpress-plugin  

• October 15, 2011
• 21:00

  [webapps / 0day] - WordPress wpsf-js plugin SQL Injection

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - WordPress wpsf-js plugin SQL Injection

  Tags:  plugin day wordpress  

• October 13, 2011
• 14:00

  [webapps / 0day] - WordPress Contact Form plugin

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - WordPress Contact Form plugin

  Tags:  plugin day webapps  

• October 12, 2011
• 21:00

  [webapps / 0day] - WordPress Contact Form plugin

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - WordPress Contact Form plugin

  Tags:  plugin day webapps  

• October 07, 2011
• 0:00

  Vuln: WordPress Flowplayer Plugin Cross Site Scripting Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  WordPress Flowplayer Plugin Cross Site Scripting Vulnerability

  Tags:  flowplayer plugin wordpress vulnerability  

• 0:00

  Vuln: WordPress Eventify Plugin 'npath' Parameter Remote File Include Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  WordPress Eventify Plugin 'npath' Parameter Remote File Include Vulnerability

  Tags:  plugin wordpress eventify remote-file-include-vulnerability  

• October 04, 2011
• 0:00

  Vuln: WordPress Timthumb Plugin 'timthumb' Cache Directory Arbitrary File Upload Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  WordPress Timthumb Plugin 'timthumb' Cache Directory Arbitrary File Upload Vulnerability

  Tags:  plugin wordpress timthumb cache-directory file-upload vulnerability  

• September 29, 2011
• 0:00

  Vuln: WordPress Timthumb Plugin 'timthumb' Cache Directory Arbitrary File Upload Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  WordPress Timthumb Plugin 'timthumb' Cache Directory Arbitrary File Upload Vulnerability

  Tags:  plugin wordpress timthumb cache-directory file-upload vulnerability  

• September 28, 2011
• 0:00

  Vuln: WordPress Timthumb Plugin 'timthumb' Cache Directory Arbitrary File Upload Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  WordPress Timthumb Plugin 'timthumb' Cache Directory Arbitrary File Upload Vulnerability

  Tags:  plugin wordpress timthumb cache-directory file-upload vulnerability  

• 0:00

  Vuln: Multisite Global Search Plugin 'mssearch' Parameter Cross Site Scripting Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multisite Global Search Plugin 'mssearch' Parameter Cross Site Scripting Vulnerability

  Tags:  global plugin search global-search search-plugin cross-site-scripting  

• September 26, 2011
• 10:06

  Bugtraq: Serendipity freetag plugin 'serendipity[tagview]' Cross-Site Scripting vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Serendipity freetag plugin 'serendipity[tagview]' Cross-Site Scripting vulnerability

  Tags:  plugin serendipity freetag vulnerability  

• September 24, 2011
• 0:00

  Vuln: WordPress AdRotate Plugin 'track' Parameter SQL Injection Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  WordPress AdRotate Plugin 'track' Parameter SQL Injection Vulnerability

  Tags:  plugin wordpress adrotate vulnerability  

• September 23, 2011
• 0:00

  Vuln: WordPress Timthumb Plugin 'timthumb' Cache Directory Arbitrary File Upload Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  WordPress Timthumb Plugin 'timthumb' Cache Directory Arbitrary File Upload Vulnerability

  Tags:  plugin wordpress timthumb cache-directory file-upload vulnerability  

• September 21, 2011
• 0:00

  Vuln: WordPress Timthumb Plugin 'timthumb' Cache Directory Arbitrary File Upload Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  WordPress Timthumb Plugin 'timthumb' Cache Directory Arbitrary File Upload Vulnerability

  Tags:  plugin wordpress timthumb cache-directory file-upload vulnerability  

• September 18, 2011
• 0:00

  Vuln: WordPress Count per Day Plugin 'month' Parameter SQL Injection Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  WordPress Count per Day Plugin 'month' Parameter SQL Injection Vulnerability

  Tags:  day plugin wordpress vulnerability  

• September 17, 2011
• 21:00

  [webapps / 0day] - WordPress Count per Day plugin

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - WordPress Count per Day plugin

  Tags:  plugin day wordpress  

• 18:00

  iGallery Plugin 1.0.0 Cross Site Scripting

   » ‎ Packet Storm Security Exploits
  iGallery plugin version 1.0.0 suffers from a cross site scripting vulnerability when parsing user input to the 'dir' parameter via GET method in '/scripts/pthumb/demo/phpThumb.demo.random.php'. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.

  Tags:  cross plugin igallery arbitrary-html plugin-version script-code  

• 18:00

  iGallery Plugin 1.0.0 Cross Site Scripting

   » ‎ Packet Storm Security Recent Files
  iGallery plugin version 1.0.0 suffers from a cross site scripting vulnerability when parsing user input to the 'dir' parameter via GET method in '/scripts/pthumb/demo/phpThumb.demo.random.php'. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.

  Tags:  cross plugin igallery arbitrary-html plugin-version script-code  

• 18:00

  iGallery Plugin 1.0.0 Cross Site Scripting

   » ‎ Packet Storm Security Misc. Files
  iGallery plugin version 1.0.0 suffers from a cross site scripting vulnerability when parsing user input to the 'dir' parameter via GET method in '/scripts/pthumb/demo/phpThumb.demo.random.php'. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.

  Tags:  cross plugin igallery arbitrary-html plugin-version script-code  

• 17:56

  iManager Plugin 1.2.8 Cross Site Scripting

   » ‎ Packet Storm Security Exploits
  iManager plugin versions 1.2.8 build 02012008 and below suffer from a cross site scripting vulnerability when parsing user input to the 'dir' parameter via GET method in 'random.php' and 'phpThumb.demo.random.php'. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.

  Tags:  imanager cross plugin arbitrary-html random-php  

• 17:56

  iManager Plugin 1.2.8 Cross Site Scripting

   » ‎ Packet Storm Security Recent Files
  iManager plugin versions 1.2.8 build 02012008 and below suffer from a cross site scripting vulnerability when parsing user input to the 'dir' parameter via GET method in 'random.php' and 'phpThumb.demo.random.php'. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.

  Tags:  imanager cross plugin arbitrary-html random-php  

• 17:56

  iManager Plugin 1.2.8 Cross Site Scripting

   » ‎ Packet Storm Security Misc. Files
  iManager plugin versions 1.2.8 build 02012008 and below suffer from a cross site scripting vulnerability when parsing user input to the 'dir' parameter via GET method in 'random.php' and 'phpThumb.demo.random.php'. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.

  Tags:  imanager cross plugin arbitrary-html random-php  

• 17:46

  iBrowser Plugin 1.4.1 Cross Site Scripting

   » ‎ Packet Storm Security Exploits
  iBrowser plugin versions 1.4.1 and below suffer from a cross site scripting vulnerability.

  Tags:  cross plugin ibrowser vulnerability  

• 17:46

  iBrowser Plugin 1.4.1 Cross Site Scripting

   » ‎ Packet Storm Security Recent Files
  iBrowser plugin versions 1.4.1 and below suffer from a cross site scripting vulnerability.

  Tags:  cross plugin ibrowser vulnerability  

• 17:46

  iBrowser Plugin 1.4.1 Cross Site Scripting

   » ‎ Packet Storm Security Misc. Files
  iBrowser plugin versions 1.4.1 and below suffer from a cross site scripting vulnerability.

  Tags:  cross plugin ibrowser vulnerability  

• 17:38

  iManager Plugin 1.2.8 Arbitrary File Deletion

   » ‎ Packet Storm Security Exploits
  iManager plugin version 1.2.8 suffers from an arbitrary file deletion vulnerability.

  Tags:  imanager plugin file file-deletion vulnerability  

• 17:38

  iManager Plugin 1.2.8 Arbitrary File Deletion

   » ‎ Packet Storm Security Recent Files
  iManager plugin version 1.2.8 suffers from an arbitrary file deletion vulnerability.

  Tags:  imanager plugin file file-deletion vulnerability  

• 17:38

  iManager Plugin 1.2.8 Arbitrary File Deletion

   » ‎ Packet Storm Security Misc. Files
  iManager plugin version 1.2.8 suffers from an arbitrary file deletion vulnerability.

  Tags:  imanager plugin file file-deletion vulnerability  

• 14:00

  [webapps / 0day] - WordPress Count per Day plugin

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - WordPress Count per Day plugin

  Tags:  plugin day wordpress  

• September 16, 2011
• 21:00

  [webapps / 0day] - iManager Plugin v1.2.8 (d) Remote Arbitrary File Deletion Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - iManager Plugin v1.2.8 (d) Remote Arbitrary File Deletion Vulnerability

  Tags:  imanager day plugin plugin-v1 file-deletion vulnerability  

• 21:00

  [webapps / 0day] - iManager Plugin v1.2.8 (lang) Local File Inclusion Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - iManager Plugin v1.2.8 (lang) Local File Inclusion Vulnerability

  Tags:  imanager day plugin plugin-v1 vulnerability inclusion  

• 14:00

  [webapps / 0day] - iManager Plugin v1.2.8 (lang) Local File Inclusion Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - iManager Plugin v1.2.8 (lang) Local File Inclusion Vulnerability

  Tags:  imanager day plugin plugin-v1 vulnerability inclusion  

• 14:00

  [webapps / 0day] - iBrowser Plugin v1.4.1 (lang) Local File Inclusion Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - iBrowser Plugin v1.4.1 (lang) Local File Inclusion Vulnerability

  Tags:  day plugin ibrowser plugin-v1 vulnerability inclusion  

• September 15, 2011
• 0:00

  Vuln: Event Registration Plugin for WordPress 'event_id' Parameter SQL Injection Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Event Registration Plugin for WordPress 'event_id' Parameter SQL Injection Vulnerability

  Tags:  plugin event registration event-id event-registration vulnerability  

• September 14, 2011
• 0:00

  Vuln: WordPress WP e-Commerce Plugin 'cs1' Parameter SQL Injection Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  WordPress WP e-Commerce Plugin 'cs1' Parameter SQL Injection Vulnerability

  Tags:  commerce plugin wordpress vulnerability  

• 0:00

  Vuln: WordPress WP-Cumulus Plugin 'tagcloud.swf' Cross-Site Scripting Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  WordPress WP-Cumulus Plugin 'tagcloud.swf' Cross-Site Scripting Vulnerability

  Tags:  plugin wordpress wp-cumulus cumulus vulnerability  

• September 09, 2011
• 0:00

  Vuln: WordPress A to Z Category Listing Plugin 'R' Parameter SQL Injection Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  WordPress A to Z Category Listing Plugin 'R' Parameter SQL Injection Vulnerability

  Tags:  plugin wordpress listing z-category vulnerability  

• September 08, 2011
• 0:00

  Vuln: WordPress Paid Downloads Plugin 'download_key' Parameter SQL Injection Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  WordPress Paid Downloads Plugin 'download_key' Parameter SQL Injection Vulnerability

  Tags:  plugin wordpress downloads vulnerability  

• September 06, 2011
• 0:00

  Vuln: WordPress Timthumb Plugin 'timthumb' Cache Directory Arbitrary File Upload Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  WordPress Timthumb Plugin 'timthumb' Cache Directory Arbitrary File Upload Vulnerability

  Tags:  plugin wordpress timthumb cache-directory file-upload vulnerability  

• September 01, 2011
• 0:00

  Vuln: WordPress Donation Plugin 'exporttocsv.php' SQL Injection Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  WordPress Donation Plugin 'exporttocsv.php' SQL Injection Vulnerability

  Tags:  plugin wordpress donation php-sql vulnerability  

• August 25, 2011
• 21:00

  [webapps / 0day] - WordPress Js-appointment plugin

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - WordPress Js-appointment plugin

  Tags:  plugin day webapps appointment  

• 18:00

  [webapps / 0day] - WordPress Js-appointment plugin

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - WordPress Js-appointment plugin

  Tags:  plugin day webapps appointment  

• August 16, 2011
• 21:00

  [webapps / 0day] - WordPress Contus HD FLV Player plugin

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - WordPress Contus HD FLV Player plugin

  Tags:  plugin day webapps flv-player contus player-plugin  

• August 04, 2011
• 21:00

  [webapps / 0day] - ProPlayer plugin

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - ProPlayer plugin

  Tags:  plugin day webapps  

• August 03, 2011
• 0:00

  Vuln: WordPress Timthumb Plugin 'timthumb' Cache Directory Arbitrary File Upload Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  WordPress Timthumb Plugin 'timthumb' Cache Directory Arbitrary File Upload Vulnerability

  Tags:  plugin wordpress timthumb cache-directory file-upload vulnerability  

• July 06, 2011
• 21:00

  [webapps / 0day] - WordPress Plugin (FCKeditor) File Upload Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - WordPress Plugin (FCKeditor) File Upload Vulnerability

  Tags:  day plugin wordpress vulnerability  

• 14:29

  Related Posts WordPress Plugin Cross Site Scripting Vulnerability

   » ‎ SecuriTeam
  The Related Posts WordPress Plugin contains a Cross Site Scripting Vulnerability.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  Related plugin wordpress safer-use vulnerability penetration  

• 14:29

  Recaptcha WordPress Plugin Cross Site Scripting Vulnerability

   » ‎ SecuriTeam
  The WordPress Recaptcha Plugin contains a Cross Site Scripting Vulnerability.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  recaptcha plugin wordpress safer-use vulnerability wordpress-plugin  

• June 08, 2011
• 21:00

  [webapps / 0day] - WordPress plugin photoracer SQL injection Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - WordPress plugin photoracer SQL injection Vulnerability

  Tags:  plugin day wordpress sql-injection vulnerability wordpress-plugin  

• May 29, 2011
• 15:22

  Mandriva Linux Security Advisory 2011-103

   » ‎ Packet Storm Security Advisories
  Mandriva Linux Security Advisory 2011-103 - Stack-based buffer overflow in the "LIGHTING EFFECTS > LIGHT" plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. Stack-based buffer overflow in the SPHERE DESIGNER plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. Stack-based buffer overflow in the GFIG plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a long Foreground field in a plugin configuration file.

  Tags:  plugin stack-based gimp based-buffer-overflow mandriva-linux gimp-plugin  

• 15:22

  Mandriva Linux Security Advisory 2011-103

   » ‎ Packet Storm Security Recent Files
  Mandriva Linux Security Advisory 2011-103 - Stack-based buffer overflow in the "LIGHTING EFFECTS > LIGHT" plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. Stack-based buffer overflow in the SPHERE DESIGNER plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. Stack-based buffer overflow in the GFIG plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a long Foreground field in a plugin configuration file.

  Tags:  plugin stack-based gimp based-buffer-overflow mandriva-linux gimp-plugin  

• 15:22

  Mandriva Linux Security Advisory 2011-103

   » ‎ Packet Storm Security Misc. Files
  Mandriva Linux Security Advisory 2011-103 - Stack-based buffer overflow in the "LIGHTING EFFECTS > LIGHT" plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. Stack-based buffer overflow in the SPHERE DESIGNER plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. Stack-based buffer overflow in the GFIG plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a long Foreground field in a plugin configuration file.

  Tags:  plugin stack-based gimp based-buffer-overflow mandriva-linux gimp-plugin  

• May 21, 2011
• 7:38

  Easy Contact 0.1.2 WordPress Plugin Cross Site Scripting

   » ‎ Packet Storm Security Exploits
  Easy Contact WordPress Plugin version 0.1.2 suffers from cross site scripting and abuse of functionality vulnerabilities.

  Tags:  plugin wordpress contact vulnerabilities  

• 7:38

  Easy Contact 0.1.2 WordPress Plugin Cross Site Scripting

   » ‎ Packet Storm Security Recent Files
  Easy Contact WordPress Plugin version 0.1.2 suffers from cross site scripting and abuse of functionality vulnerabilities.

  Tags:  plugin wordpress contact vulnerabilities  

• 7:38

  Easy Contact 0.1.2 WordPress Plugin Cross Site Scripting

   » ‎ Packet Storm Security Misc. Files
  Easy Contact WordPress Plugin version 0.1.2 suffers from cross site scripting and abuse of functionality vulnerabilities.

  Tags:  plugin wordpress contact vulnerabilities  

• May 17, 2011
• 8:04

  Is-Human 1.4.2 WordPress Plugin Command Execution

   » ‎ Packet Storm Security Exploits
  Is-Human WordPress plugin versions 1.4.2 and below suffer from a remote command execution vulnerability.

  Tags:  plugin wordpress human command-execution vulnerability  

• 8:04

  Is-Human 1.4.2 WordPress Plugin Command Execution

   » ‎ Packet Storm Security Recent Files
  Is-Human WordPress plugin versions 1.4.2 and below suffer from a remote command execution vulnerability.

  Tags:  plugin wordpress human command-execution vulnerability  

• 8:04

  Is-Human 1.4.2 WordPress Plugin Command Execution

   » ‎ Packet Storm Security Misc. Files
  Is-Human WordPress plugin versions 1.4.2 and below suffer from a remote command execution vulnerability.

  Tags:  plugin wordpress human command-execution vulnerability  

• 0:00

  Vuln: Wordpress is_human() Plugin Remote Command Injection Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Wordpress is_human() Plugin Remote Command Injection Vulnerability

  Tags:  wordpress plugin remote vulnerability  

• May 16, 2011
• 21:00

  [webapps / 0day] - Wordpress Plugin Is-human

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Wordpress Plugin Is-human

  Tags:  day wordpress plugin  

• May 06, 2011
• 0:00

  Vuln: MuPDF Firefox Plugin 'pdfmoz_onmouse()' Function Stack Buffer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  MuPDF Firefox Plugin 'pdfmoz_onmouse()' Function Stack Buffer Overflow Vulnerability

  Tags:  mupdf plugin firefox buffer-overflow-vulnerability stack-buffer firefox-plugin  

• April 26, 2011
• 8:55

  WordPress SermonBrowser Plugin 0.43 XSS / SQL Injection

   » ‎ Packet Storm Security Exploits
  WordPress SermonBrowser plugin version 0.43 suffers from cross site scripting and remote SQL injection vulnerabilities.

  Tags:  sermonbrowser plugin wordpress cross-site-scripting plugin-version  

• 8:55

  WordPress SermonBrowser Plugin 0.43 XSS / SQL Injection

   » ‎ Packet Storm Security Recent Files
  WordPress SermonBrowser plugin version 0.43 suffers from cross site scripting and remote SQL injection vulnerabilities.

  Tags:  sermonbrowser plugin wordpress cross-site-scripting plugin-version  

• 8:55

  WordPress SermonBrowser Plugin 0.43 XSS / SQL Injection

   » ‎ Packet Storm Security Misc. Files
  WordPress SermonBrowser plugin version 0.43 suffers from cross site scripting and remote SQL injection vulnerabilities.

  Tags:  sermonbrowser plugin wordpress cross-site-scripting plugin-version  

• April 25, 2011
• 0:00

  Vuln: WordPress WP-reCAPTCHA Plugin HTML Injection and Cross Site Request Forgery Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  WordPress WP-reCAPTCHA Plugin HTML Injection and Cross Site Request Forgery Vulnerabilities

  Tags:  plugin wp-recaptcha wordpress forgery  

• April 21, 2011
• 0:00

  Vuln: ikiwiki 'htmlscrubber' Plugin Cross Site Scripting Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  ikiwiki 'htmlscrubber' Plugin Cross Site Scripting Vulnerability

  Tags:  ikiwiki plugin htmlscrubber vulnerability  

• April 19, 2011
• 16:36

  Universal Post Manager WordPress Plugin 1.0.9 XSS / Path Disclosure

   » ‎ Packet Storm Security Exploits
  Universal Post Manager WordPress plugin version 1.0.9 suffers from cross site scripting and path disclosure vulnerabilities.

  Tags:  plugin universal post manager-wordpress cross-site-scripting disclosure  

• 16:36

  Universal Post Manager WordPress Plugin 1.0.9 XSS / Path Disclosure

   » ‎ Packet Storm Security Recent Files
  Universal Post Manager WordPress plugin version 1.0.9 suffers from cross site scripting and path disclosure vulnerabilities.

  Tags:  plugin universal post manager-wordpress cross-site-scripting disclosure  

• 16:36

  Universal Post Manager WordPress Plugin 1.0.9 XSS / Path Disclosure

   » ‎ Packet Storm Security Misc. Files
  Universal Post Manager WordPress plugin version 1.0.9 suffers from cross site scripting and path disclosure vulnerabilities.

  Tags:  plugin universal post manager-wordpress cross-site-scripting disclosure  

• 10:49

  SocialGrid WordPress Plugin 2.3 Cross Site Scripting

   » ‎ Packet Storm Security Exploits
  SocialGrid WordPress plugin version 2.3 suffers from a cross site scripting vulnerability.

  Tags:  socialgrid plugin wordpress plugin-version wordpress-plugin  

• 10:49

  SocialGrid WordPress Plugin 2.3 Cross Site Scripting

   » ‎ Packet Storm Security Recent Files
  SocialGrid WordPress plugin version 2.3 suffers from a cross site scripting vulnerability.

  Tags:  socialgrid plugin wordpress plugin-version wordpress-plugin  

• 10:49

  SocialGrid WordPress Plugin 2.3 Cross Site Scripting

   » ‎ Packet Storm Security Misc. Files
  SocialGrid WordPress plugin version 2.3 suffers from a cross site scripting vulnerability.

  Tags:  socialgrid plugin wordpress plugin-version wordpress-plugin  

• 10:47

  WP-StarsRateBox WordPress Plugin 1.1 XSS / SQL Injection

   » ‎ Packet Storm Security Exploits
  WP-StarsRateBox WordPress plugin version 1.1 suffers from cross site scripting and remote SQL injection vulnerabilities.

  Tags:  wp-starsratebox plugin wordpress cross-site-scripting plugin-version wordpress-plugin  

• 10:47

  WP-StarsRateBox WordPress Plugin 1.1 XSS / SQL Injection

   » ‎ Packet Storm Security Recent Files
  WP-StarsRateBox WordPress plugin version 1.1 suffers from cross site scripting and remote SQL injection vulnerabilities.

  Tags:  wp-starsratebox plugin wordpress cross-site-scripting plugin-version wordpress-plugin  

• 10:47

  WP-StarsRateBox WordPress Plugin 1.1 XSS / SQL Injection

   » ‎ Packet Storm Security Misc. Files
  WP-StarsRateBox WordPress plugin version 1.1 suffers from cross site scripting and remote SQL injection vulnerabilities.

  Tags:  wp-starsratebox plugin wordpress cross-site-scripting plugin-version wordpress-plugin  

• 10:45

  Universal Post Manager WordPress Plugin 1.0.9 SQL Injection

   » ‎ Packet Storm Security Exploits
  Universal Post Manager WordPress plugin version 1.0.9 suffers from a remote SQL injection vulnerability.

  Tags:  plugin universal post manager-wordpress vulnerability  

• 10:45

  Universal Post Manager WordPress Plugin 1.0.9 SQL Injection

   » ‎ Packet Storm Security Recent Files
  Universal Post Manager WordPress plugin version 1.0.9 suffers from a remote SQL injection vulnerability.

  Tags:  plugin universal post manager-wordpress vulnerability  

• 10:45

  Universal Post Manager WordPress Plugin 1.0.9 SQL Injection

   » ‎ Packet Storm Security Misc. Files
  Universal Post Manager WordPress plugin version 1.0.9 suffers from a remote SQL injection vulnerability.

  Tags:  plugin universal post manager-wordpress vulnerability  

• April 18, 2011
• 0:00

  Vuln: ikiwiki 'htmlscrubber' Plugin Cross Site Scripting Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  ikiwiki 'htmlscrubber' Plugin Cross Site Scripting Vulnerability

  Tags:  ikiwiki plugin htmlscrubber vulnerability  

• March 28, 2011
• 7:00

  Bugtraq: Wordpress plugin BackWPup Remote and Local Code Execution Vulnerability - SOS-11-003

   » ‎ SecurityFocus Vulnerabilities
  Wordpress plugin BackWPup Remote and Local Code Execution Vulnerability - SOS-11-003

  Tags:  plugin wordpress backwpup code-execution vulnerability wordpress-plugin  

• March 18, 2011
• 15:43

  Recaptcha WordPress Plugin Cross Site Scripting

   » ‎ Packet Storm Security Advisories
  The Recaptcha WordPress plugin suffers from a cross site scripting vulnerability.

  Tags:  recaptcha plugin wordpress wordpress-plugin vulnerability  

• 15:43

  Recaptcha WordPress Plugin Cross Site Scripting

   » ‎ Packet Storm Security Recent Files
  The Recaptcha WordPress plugin suffers from a cross site scripting vulnerability.

  Tags:  recaptcha plugin wordpress wordpress-plugin vulnerability  

• 15:43

  Recaptcha WordPress Plugin Cross Site Scripting

   » ‎ Packet Storm Security Misc. Files
  The Recaptcha WordPress plugin suffers from a cross site scripting vulnerability.

  Tags:  recaptcha plugin wordpress wordpress-plugin vulnerability  

• 15:41

  Related Posts WordPress Plugin Cross Site Scripting

   » ‎ Packet Storm Security Advisories
  The Related Posts WordPress plugin suffers from a cross site scripting vulnerability.

  Tags:  Related plugin wordpress vulnerability  

• 15:41

  Related Posts WordPress Plugin Cross Site Scripting

   » ‎ Packet Storm Security Recent Files
  The Related Posts WordPress plugin suffers from a cross site scripting vulnerability.

  Tags:  Related plugin wordpress vulnerability  

• 15:41

  Related Posts WordPress Plugin Cross Site Scripting

   » ‎ Packet Storm Security Misc. Files
  The Related Posts WordPress plugin suffers from a cross site scripting vulnerability.

  Tags:  Related plugin wordpress vulnerability  

• March 14, 2011
• 15:00

  [webapps / 0day] - Wordpress plugin Comment Rating Execution Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Wordpress plugin Comment Rating Execution Vulnerability

  Tags:  plugin day wordpress vulnerability execution  

• March 13, 2011
• 15:00

  [webapps / 0day] - Wordpress plugin Comment Rating JavaScript Execution Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Wordpress plugin Comment Rating JavaScript Execution Vulnerability

  Tags:  plugin day wordpress vulnerability execution  

• March 04, 2011
• 14:00

  [webapps / 0day] - Wordpress Plugin PHP Speedy

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Wordpress Plugin PHP Speedy

  Tags:  day wordpress plugin wordpress-plugin  

• March 01, 2011
• 14:18

  WP Forum WordPress Plugin 1.7.8 SQL Injection

   » ‎ Packet Storm Security Exploits
  WP Forum WordPress plugin version 1.7.8 suffers from a remote SQL injection vulnerability.

  Tags:  plugin forum wordpress plugin-version vulnerability  

• 14:18

  WP Forum WordPress Plugin 1.7.8 SQL Injection

   » ‎ Packet Storm Security Recent Files
  WP Forum WordPress plugin version 1.7.8 suffers from a remote SQL injection vulnerability.

  Tags:  plugin forum wordpress plugin-version vulnerability  

• 14:18

  WP Forum WordPress Plugin 1.7.8 SQL Injection

   » ‎ Packet Storm Security Misc. Files
  WP Forum WordPress plugin version 1.7.8 suffers from a remote SQL injection vulnerability.

  Tags:  plugin forum wordpress plugin-version vulnerability  

• February 28, 2011
• 13:11

  BackWPup WordPress Plugin 1.4.0 File Content Disclosure

   » ‎ Packet Storm Security Exploits
  BackWPup WordPress plugin versions 1.4.0 and below suffer from a file content disclosure vulnerability.

  Tags:  plugin wordpress backwpup wordpress-plugin vulnerability disclosure  

• 13:11

  BackWPup WordPress Plugin 1.4.0 File Content Disclosure

   » ‎ Packet Storm Security Recent Files
  BackWPup WordPress plugin versions 1.4.0 and below suffer from a file content disclosure vulnerability.

  Tags:  plugin wordpress backwpup wordpress-plugin vulnerability disclosure  

• 13:11

  BackWPup WordPress Plugin 1.4.0 File Content Disclosure

   » ‎ Packet Storm Security Misc. Files
  BackWPup WordPress plugin versions 1.4.0 and below suffer from a file content disclosure vulnerability.

  Tags:  plugin wordpress backwpup wordpress-plugin vulnerability disclosure  

• February 24, 2011
• 0:00

  Vuln: Relevanssi WordPress Plugin 'Seach Query' Field HTML Injection Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Relevanssi WordPress Plugin 'Seach Query' Field HTML Injection Vulnerability

  Tags:  plugin wordpress relevanssi query-field vulnerability wordpress-plugin  

• February 23, 2011
• 0:00

  Vuln: WordPress Z-Vote Plugin 'zvote' Parameter SQL Injection Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  WordPress Z-Vote Plugin 'zvote' Parameter SQL Injection Vulnerability

  Tags:  plugin z-vote wordpress vulnerability vote  

• February 02, 2011
• 0:00

  Vuln: OpenJDK 'IcedTea' plugin JNLPSecurityManager Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  OpenJDK 'IcedTea' plugin JNLPSecurityManager Remote Code Execution Vulnerability

  Tags:  plugin icedtea openjdk code-execution vulnerability  

• February 01, 2011
• 0:00

  Vuln: WordPress TagNinja Plugin 'id' Parameter Cross Site Scripting Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  WordPress TagNinja Plugin 'id' Parameter Cross Site Scripting Vulnerability

  Tags:  plugin wordpress tagninja cross-site-scripting vulnerability  

• January 27, 2011
• 0:00

  Vuln: OpenJDK 'IcedTea' plugin JNLPSecurityManager Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  OpenJDK 'IcedTea' plugin JNLPSecurityManager Remote Code Execution Vulnerability

  Tags:  plugin icedtea openjdk code-execution vulnerability  

• January 24, 2011
• 22:41

  WordPress Recip.ly Plugin 1.1.7 Shell Upload

   » ‎ Packet Storm Security Exploits
  WordPress Recip.ly plugin version 1.1.7 suffers from a shell upload vulnerability.

  Tags:  plugin recip wordpress vulnerability shell  

• 22:41

  WordPress Recip.ly Plugin 1.1.7 Shell Upload

   » ‎ Packet Storm Security Recent Files
  WordPress Recip.ly plugin version 1.1.7 suffers from a shell upload vulnerability.

  Tags:  plugin recip wordpress vulnerability shell  

• 22:41

  WordPress Recip.ly Plugin 1.1.7 Shell Upload

   » ‎ Packet Storm Security Misc. Files
  WordPress Recip.ly plugin version 1.1.7 suffers from a shell upload vulnerability.

  Tags:  plugin recip wordpress vulnerability shell  

• January 19, 2011
• 0:00

  Vuln: OpenJDK 'IcedTea' plugin JNLPSecurityManager Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  OpenJDK 'IcedTea' plugin JNLPSecurityManager Remote Code Execution Vulnerability

  Tags:  plugin icedtea openjdk code-execution vulnerability  

• January 18, 2011
• 0:00

  Vuln: Geeklog Forum Plugin Unspecified HTML Injection Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Geeklog Forum Plugin Unspecified HTML Injection Vulnerability

  Tags:  geeklog plugin forum vulnerability  

• January 08, 2011
• 14:00

  [local exploits] - Winamp 5.5.8 (in_mod plugin) Stack Overflow Exploit (SEH)

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [local exploits] - Winamp 5.5.8 (in_mod plugin) Stack Overflow Exploit (SEH)

  Tags:  plugin mod winamp stack-overflow exploits  

• December 28, 2010
• 0:00

  Vuln: SocialEngine Music Sharing Plugin Arbitrary File Upload Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  SocialEngine Music Sharing Plugin Arbitrary File Upload Vulnerability

  Tags:  plugin music socialengine file-upload vulnerability  

• December 27, 2010
• 0:00

  Vuln: Jetty Web Server Plugin for Eclipse Multiple Cross Site Scripting Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  Jetty Web Server Plugin for Eclipse Multiple Cross Site Scripting Vulnerabilities

  Tags:  server plugin eclipse jetty-web server-plugin jetty  

• December 18, 2010
• 14:00

  [webapps / 0day] - MCFileManager Plugin for TinyMCE 3.2.2.3 Arbitrary File Upload

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - MCFileManager Plugin for TinyMCE 3.2.2.3 Arbitrary File Upload

  Tags:  day plugin mcfilemanager file-upload  

• December 17, 2010
• 13:35

  Embedded Video WordPress Plugin Cross Site Scripting

   » ‎ Packet Storm Security Exploits
  Embedded Video WordPress Plugin suffers from a cross site scripting vulnerability.

  Tags:  video plugin wordpress vulnerability  

• 13:35

  Embedded Video WordPress Plugin Cross Site Scripting

   » ‎ Packet Storm Security Recent Files
  Embedded Video WordPress Plugin suffers from a cross site scripting vulnerability.

  Tags:  video plugin wordpress vulnerability  

• 13:35

  Embedded Video WordPress Plugin Cross Site Scripting

   » ‎ Packet Storm Security Misc. Files
  Embedded Video WordPress Plugin suffers from a cross site scripting vulnerability.

  Tags:  video plugin wordpress vulnerability  

• 12:00

  Bugtraq: Embedded Video WordPress Plugin Cross Site Vulnerability (XSS) - CVE-2010-4277

   » ‎ SecurityFocus Vulnerabilities
  Embedded Video WordPress Plugin Cross Site Vulnerability (XSS) - CVE-2010-4277

  Tags:  video plugin wordpress cve vulnerability  

• December 08, 2010
• 0:00

  Vuln: OpenJDK 'IcedTea' plugin (CVE-2010-3860) Unspecified Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  OpenJDK 'IcedTea' plugin (CVE-2010-3860) Unspecified Information Disclosure Vulnerability

  Tags:  plugin icedtea openjdk information-disclosure-vulnerability cve  

• December 01, 2010
• 0:00

  Vuln: OpenJDK 'IcedTea' plugin (CVE-2010-3860) Unspecified Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  OpenJDK 'IcedTea' plugin (CVE-2010-3860) Unspecified Information Disclosure Vulnerability

  Tags:  plugin icedtea openjdk information-disclosure-vulnerability cve  

• November 01, 2010
• 23:00

  cforms-xss.txt

   » ‎ Packet Storm Security Exploits
  The cforms WordPress plugin suffers from a cross site scripting vulnerability. Version 11.5 is affected.

  Tags:  plugin txt wordpress xss vulnerability wordpress-plugin  

• 13:00

  Bugtraq: cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977

   » ‎ SecurityFocus Vulnerabilities
  cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977

  Tags:  cross plugin wordpress vulnerability  

• October 25, 2010
• 14:00

  [local exploits] - Winamp 5.5.8.2985 (in_mod plugin) Stack Overflow (Friendly Version)

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [local exploits] - Winamp 5.5.8.2985 (in_mod plugin) Stack Overflow (Friendly Version)

  Tags:  plugin mod winamp stack-overflow exploits  

• October 20, 2010
• 14:00

  [local exploits] - Winamp 5.5.8 (in_mod plugin) Stack Overflow Exploit

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [local exploits] - Winamp 5.5.8 (in_mod plugin) Stack Overflow Exploit

  Tags:  plugin mod winamp stack-overflow exploits  

• October 12, 2010
• 21:01

  ZDI-10-207.txt

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 10-207 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle's Java platform that utilize the ActiveX Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the plugin initializes objects. While the plugin is in a particular state, the application will fail to initialize a field that is used as a window handle. Exploitation can lead to code execution under the privileges of the application.

  Tags:  vulnerability plugin application activex-plugin window-handle zero-day  

• 21:00

  ZDI-10-207.txt

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 10-207 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle's Java platform that utilize the ActiveX Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the plugin initializes objects. While the plugin is in a particular state, the application will fail to initialize a field that is used as a window handle. Exploitation can lead to code execution under the privileges of the application.

  Tags:  vulnerability plugin application activex-plugin window-handle zero-day  

• October 04, 2010
• 0:00

  Vuln: Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities

  Tags:  dovecot sieve plugin buffer-overflow-vulnerabilities  

• September 27, 2010
• 14:00

  [remote exploits] - Skype 4.2 (Plugin Manager-ezPMUtils.dll) Remote BOF Exploit

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [remote exploits] - Skype 4.2 (Plugin Manager-ezPMUtils.dll) Remote BOF Exploit

  Tags:  plugin Skype manager-ez manager-ezpmutils exploits  

• September 08, 2010
• 0:00

  Vuln: Winamp Module Decoder Plugin Multiple Buffer Overflow Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  Winamp Module Decoder Plugin Multiple Buffer Overflow Vulnerabilities

  Tags:  plugin modul winamp multiple-buffer-overflow buffer-overflow-vulnerabilities  

• August 28, 2010
• 0:00

  firefox_plugin_DLLhijack.bat.txt

   » ‎ Packet Storm Security Recent Files
  Mozilla Firefox version 3.6.8 with Adobe Reader Plugin version 9.3.4.218 DLL hijacking exploit that leverages CoolType.dll.

  Tags:  version plugin firefox reader-plugin adobe-reader hijacking  

• 0:00

  firefox_plugin_DLLhijack.bat.txt

   » ‎ Packet Storm Security Exploits
  Mozilla Firefox version 3.6.8 with Adobe Reader Plugin version 9.3.4.218 DLL hijacking exploit that leverages CoolType.dll.

  Tags:  version plugin firefox reader-plugin adobe-reader hijacking  

• August 06, 2010
• 12:01

  ZDI-10-139.txt

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 10-139 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Novell iPrint Client browser plugin. User interaction is required in that a target must visit a malicious web page. The specific flaw exists within handling plugin parameters. The application does not properly verify the name of parameters passed via <embed> tags. If a malicious attacker provides a long enough value a destination buffer can be overflowed. Successful exploitation leads to execution of arbitrary code under the context of the user owning the browser process.

  Tags:  plugin code browser novell-iprint malicious-attacker destination-buffer  

• July 22, 2010
• 19:01

  wpmyldlinker-sql.txt

   » ‎ Packet Storm Security Exploits
  The myLDlinker plugin version 2.9.2 for WordPress suffers from a remote SQL injection vulnerability.

  Tags:  plugin txt myldlinker sql-injection vulnerability wordpress  

• 1:00

  WordPress Plugin myLDlinker SQL Injection Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  WordPress Plugin myLDlinker SQL Injection Vulnerability

  Tags:  myldlinker plugin wordpress vulnerability  

• July 19, 2010
• 19:03

  gkrellm2-plugin-PoC.tar.gz

   » ‎ Packet Storm Security Recent Files
  GKrellM2 System Monitor Plugin local proof of concept exploit that spawns a shell on tcp/6666.

  Tags:  plugin gkrellm poc proof-of-concept tar-gz system-monitor  

• 19:02

  gkrellm2-plugin-PoC.tar.gz

   » ‎ Packet Storm Security Exploits
  GKrellM2 System Monitor Plugin local proof of concept exploit that spawns a shell on tcp/6666.

  Tags:  plugin gkrellm poc proof-of-concept tar-gz system-monitor  

• June 09, 2010
• 0:00

  Vuln: MySQL UNINSTALL PLUGIN Security Bypass Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  MySQL UNINSTALL PLUGIN Security Bypass Vulnerability

  Tags:  uninstall plugin mysql vulnerability  

• June 04, 2010
• 0:00

  Vuln: MySQL UNINSTALL PLUGIN Security Bypass Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  MySQL UNINSTALL PLUGIN Security Bypass Vulnerability

  Tags:  uninstall plugin mysql vulnerability  

• May 29, 2010
• 1:00

  Nucleus Plugin Twitter Remote File Inclusion Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  Nucleus Plugin Twitter Remote File Inclusion Vulnerability

  Tags:  twitter nucleus plugin vulnerability inclusion  

• May 13, 2010
• 1:00

  migascms "Xinha" Plugin Configuration Injection Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  migascms "Xinha" Plugin Configuration Injection Vulnerability

  Tags:  xinha configuration plugin vulnerability  

• 0:00

  Vuln: WordPress WP-Cumulus Plugin 'tagcloud.swf' Cross-Site Scripting Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  WordPress WP-Cumulus Plugin 'tagcloud.swf' Cross-Site Scripting Vulnerability

  Tags:  plugin wordpress wp-cumulus cumulus vulnerability  

• 0:00

  Vuln: MySQL UNINSTALL PLUGIN Security Bypass Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  MySQL UNINSTALL PLUGIN Security Bypass Vulnerability

  Tags:  uninstall plugin mysql vulnerability  

• May 12, 2010
• 9:00

  eventsmanager-sql.txt

   » ‎ Packet Storm Security Exploits
  Events Manager Wordpress plugin versions 2.1 and below suffer from a remote blind SQL injection vulnerability.

  Tags:  plugin txt sql manager-wordpress sql-injection vulnerability  

• May 07, 2010
• 0:00

  Vuln: MySQL UNINSTALL PLUGIN Security Bypass Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  MySQL UNINSTALL PLUGIN Security Bypass Vulnerability

  Tags:  uninstall plugin mysql vulnerability  

• April 28, 2010
• 13:58

  MDVSA-2010-085.txt

   » ‎ Packet Storm Security Recent Files
  Mandriva Linux Security Advisory 2010-085 - The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for ICQ and possibly AIM, as demonstrated by the SIM IM client. Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. Other issues have also been identified.

  Tags:  plugin msn protocol oscar sim-im directory-traversal-vulnerability msn-protocol mandriva-linux  

• 13:58

  MDVSA-2010-085.txt

   » ‎ Packet Storm Security Advisories
  Mandriva Linux Security Advisory 2010-085 - The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for ICQ and possibly AIM, as demonstrated by the SIM IM client. Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. Other issues have also been identified.

  Tags:  plugin msn protocol oscar sim-im directory-traversal-vulnerability msn-protocol mandriva-linux  

• 8:00

  Bugtraq: Adobe viewer plugin can be made to crash IE or FF

   » ‎ SecurityFocus Vulnerabilities
  Adobe viewer plugin can be made to crash IE or FF

  Tags:  plugin viewer adobe adobe-viewer viewer-plugin bugtraq  

• April 27, 2010
• 0:00

  Vuln: SpamAssassin Milter Plugin 'mlfi_envrcpt()' Remote Arbitrary Command Injection Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  SpamAssassin Milter Plugin 'mlfi_envrcpt()' Remote Arbitrary Command Injection Vulnerability

  Tags:  milter plugin spamassassin mlfi arbitrary-command  

• April 19, 2010
• 0:00

  Vuln: MySQL UNINSTALL PLUGIN Security Bypass Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  MySQL UNINSTALL PLUGIN Security Bypass Vulnerability

  Tags:  uninstall plugin mysql vulnerability  

• April 04, 2010
• 1:00

  WordPress Plugin MunkyScripts Simple Gallery SQL Injection Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  WordPress Plugin MunkyScripts Simple Gallery SQL Injection Vulnerability

  Tags:  plugin wordpress munkyscripts vulnerability  

• April 03, 2010
• 1:00

  e107 Plugin Blog (macgurublog.php) Remote SQL Injection Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  e107 Plugin Blog (macgurublog.php) Remote SQL Injection Vulnerability

  Tags:  blog macgurublog plugin sql-injection vulnerability  

• April 01, 2010
• 0:00

  Vuln: ikiwiki 'htmlscrubber' Plugin Remote Script Code Injection Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  ikiwiki 'htmlscrubber' Plugin Remote Script Code Injection Vulnerability

  Tags:  ikiwiki plugin htmlscrubber remote-script script-code vulnerability  

• March 29, 2010
• 21:36

  How-to-develop-WhatWeb-plugins-1.1.txt

   » ‎ Packet Storm Security Misc. Files
  Document on how to research and develop plugins for WhatWeb to identify content management systems, web application frameworks, etc. As an example it includes how to research and write a plugin for the SilverStripe CMS. The document covers passive plugin development only and is accurate for WhatWeb version 0.4.

  Tags:  plugin whatweb document content-management-systems plugin-development web-application  

• March 24, 2010
• 0:00

  Vuln: tDiary TrackBack Transmission Plugin Cross-Site Scripting Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  tDiary TrackBack Transmission Plugin Cross-Site Scripting Vulnerability

  Tags:  plugin transmission trackback vulnerability  

• March 22, 2010
• 0:00

  Vuln: ikiwiki 'htmlscrubber' Plugin Remote Script Code Injection Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  ikiwiki 'htmlscrubber' Plugin Remote Script Code Injection Vulnerability

  Tags:  ikiwiki plugin htmlscrubber remote-script script-code vulnerability  

• 0:00

  Vuln: SpamAssassin Milter Plugin 'mlfi_envrcpt()' Remote Arbitrary Command Injection Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  SpamAssassin Milter Plugin 'mlfi_envrcpt()' Remote Arbitrary Command Injection Vulnerability

  Tags:  milter plugin spamassassin mlfi arbitrary-command  

• March 10, 2010
• 0:00

  Vuln: tDiary TrackBack Transmission Plugin Cross-Site Scripting Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  tDiary TrackBack Transmission Plugin Cross-Site Scripting Vulnerability

  Tags:  plugin transmission trackback vulnerability  

• March 08, 2010
• 15:00

  Spamassassin Milter Plugin Remote root command execution vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  Spamassassin Milter Plugin Remote root command execution vulnerability

  Tags:  milter plugin spamassassin command-execution vulnerability  

• March 07, 2010
• 0:00

  Vuln: SpamAssassin Milter Plugin 'mlfi_envrcpt()' Remote Arbitrary Command Injection Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  SpamAssassin Milter Plugin 'mlfi_envrcpt()' Remote Arbitrary Command Injection Vulnerability

  Tags:  milter plugin spamassassin mlfi arbitrary-command  

• February 18, 2010
• 13:00

  Joomla Plugin Core Design Scriptegrator Local File Inclusion Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  Joomla Plugin Core Design Scriptegrator Local File Inclusion Vulnerability

  Tags:  plugin core joomla core-design vulnerability inclusion  

• 11:00

  Joomla Plugin Core Design Scriptegrator Local File Inclusion Vulnerabil

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  Joomla Plugin Core Design Scriptegrator Local File Inclusion Vulnerabil

  Tags:  plugin core joomla core-design inclusion