Monthly Archive: July 2014

Timbre SketchUp (formerly Google SketchUp) before 8 Maintenance 2 allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers a stack-based buffer overflow. Date...

Directory traversal vulnerability in BIRT-Report Viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.x and 7.2.x before 7.2.1.5 allows remote authenticated users to read arbitrary files via unspecified vectors. Date published : 2014-07-01...

The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password. Date published :...

Multiple cross-site scripting (XSS) vulnerabilities in xencarousel-admin.js.php in the XEN Carousel plugin 0.12.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) path or (2) ajaxpath...

Cross-site scripting (XSS) vulnerability in the WP-FaceThumb plugin possibly 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the ajax_url parameter to index.php. Date published : 2014-07-01...

Cross-site scripting (XSS) vulnerability in admin/editFacility.php in the wp-easybooking plugin 1.0.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the fID parameter. Date published : 2014-07-01 http://codevigilant.com/disclosure/wp-plugin-wp-easybooking-a3-cross-site-scripting-xss

Multiple cross-site scripting (XSS) vulnerabilities in forms/messages.php in the WP-Contact (wp-contact-sidebar-widget) plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) edit, (2) order_direction, (3)...

Cross-site scripting (XSS) vulnerability in js/window.php in the Wikipop plugin 2.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. Date published : 2014-07-01 http://codevigilant.com/disclosure/wp-plugin-wikipop-a3-cross-site-scripting-xss

Cross-site scripting (XSS) vulnerability in ls/vv_login.php in the VideoWhisper Live Streaming Integration plugin 4.27.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the room_name parameter. Date published...

Cross-site scripting (XSS) vulnerability in check.php in the Validated plugin 1.0.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter. Date published : 2014-07-01 http://codevigilant.com/disclosure/wp-plugin-validated-a3-cross-site-scripting-xss

Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swipe Checkout for eShop plugin 3.7.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url parameter. Date published...

Multiple cross-site scripting (XSS) vulnerabilities in pq_dialog.php in the Pro Quoter plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) leftorright or (2) author...

Cross-site scripting (XSS) vulnerability in process.php in the Malware Finder plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the query parameter. Date published : 2014-07-01...

Cross-site scripting (XSS) vulnerability in ajax_functions.php in the GEO Redirector plugin 1.0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the hid_id parameter. Date published : 2014-07-01...