WordPress ALO EasyMail Newsletter plugin version 2.6 suffers from cross site request forgery and cross site scripting vulnerabilities.
628f45f98d4906b0043d836c1f0551d2cdbdd07a8f25c25fa382bfc7a8c259fe
Secunia Security Advisory - Charlie Eriksen has discovered a security issue in the GD Star Rating plugin for WordPress, which can be exploited by malicious people to bypass certain security restrictions.
ee85ab9808ff9f110f7871dc8fcc87890303cd35d29ee50ef17ca622dfd77a15
Secunia Security Advisory - Charlie Eriksen has discovered multiple vulnerabilities in the Mac Photo Gallery plugin for WordPress, which can be exploited by malicious people to conduct script insertion attacks.
802cc29a6d4e72d9adb2f2a200ce553a10f1f6f7b6698a4de480540cb73529da
Secunia Security Advisory - A vulnerability has been reported in the Backup plugin for WordPress, which can be exploited by malicious people to disclose sensitive information.
6b4a37496d31b5c1b7f3cee1e92d985a1f93ecad92957af11b3a066fcba37f53
Secunia Security Advisory - Charlie Eriksen has discovered two vulnerabilities in the Flexi Quote Rotator plugin for WordPress, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site request forgery attacks.
b3a33d7a2cfe464e0574d8b11ded1c1b8f6e5f56433410e90352abda7b04d775
Secunia Security Advisory - A vulnerability has been reported in the Get Off Malicious Scripts plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
bff7aabe687e0cd90cf7b016a5527d1a78a20fd2db5c6e1a20540dc25d43d8a7
WordPress ChenPress plugin suffers from a remote shell upload vulnerability via a FCKEditor.
87588ece4e4b307e709c22fc6b0a03904e7c6d41b7c446f2bbe71bdd5b1344e2
Secunia Security Advisory - A vulnerability has been discovered in the Nmedia Users File Uploader plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
352ac9d5874cd7d9e487f3510547e2fcc0adba46ecca6b6506c21d8313bfb850
Ubuntu Security Notice 1512-1 - It was discovered that KDE PIM html renderer incorrectly enabled JavaScript, Java and Plugins. A remote attacker could use this flaw to send an email with embedded JavaScript that possibly executes when opened.
0eb443866af01d8f0bed2a8e0d40c11f7d181c581505d2a58166201be1c354b9
Secunia Security Advisory - A vulnerability has been discovered in the Cimy User Extra Fields Plugin for WordPress, which can be exploited by malicious users and malicious people to compromise a vulnerable system.
595e6138108521a250490612ded8ada0cad84ce429893e2b70312544eeea0a0c
WordPress Cimy User Extra Fields plugin version 2.3.7 suffers from a remote shell upload vulnerability.
3f1cf0c011392b255cd32e6cfb0a2527d78eaaba00b4a507ae004527751b8cc7
metaSSH is a session plugin for Metasploit that gives you a meterpreter-like interface over an ssh connection. The author original wrote this code so they could cleanly reverse pivot over ssh from within metasploit. Features include multi-channel, pivoting, post-exploitation module use, and more.
cb2904017bd8381379f534d13af9da18283b5ba0d4dca0d7ece74f329056ef4e
Secunia Security Advisory - Multiple vulnerabilities have been discovered in the LeagueManager plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
fae682b16c4fbc8c4a25e9be32b3c204b9bf272256aba18a459d92d35269f1a6
WordPress plugin Count Per Day version 3.1.1 suffers from multiple cross site scripting vulnerabilities.
28361cdd395c57304d759e3a7c3969bfc5d760b11accedd798ecce30a9dacbee
Metasploit plugin 'pcap_log' is vulnerable to an arbitrary file overwrite bug which can further be leveraged to insert user-controlled data resulting in potential escalation of privileges. Metasploit module included.
a3608689ff5f6a56679189ea8149e0e805de1c706fb7d3fedff592abe11d622b
Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in the Post Recommendations plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
ca90b4ce831d56fc770f90865d0617bed25a593ba55ef043a73cd6249a2fc6cf
Secunia Security Advisory - A vulnerability has been discovered in the Resume Submissions & Job Postings plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
0d50d44a1244301017a1a9a8edfae0f73a36e58487abdfc53c1b891bc51e00b6
WordPress Resume Submissions and Job Postings plugin version 2.5.1 suffers from a remote shell upload vulnerability.
abb9002f357afe4cc499af58b4cec029b8eafcb2610d8311454bcd553f75f567
Zero Day Initiative Advisory 12-125 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Quicktime.qts. The stack buffer overflow occurs as a result of an unbounded string copy function in Quicktime.qts, reachable through the IQTPluginControl::SetLanguage COM method exposed by the COM object QTPlugin.ocx. This vulnerability can be leveraged to execute code under the context of the user.
fb13d8978ea5650ce09b46a706f138fc4b9467b174680a4bae8416e52d19ff04
Secunia Security Advisory - Charlie Eriksen has discovered a vulnerability in the Paid Memberships Pro plugin for WordPress, which can be exploited by malicious people to disclose sensitive information.
c8b65d266f849f90b0cbe4024ec817f695b2914b4aeb3a510284629b0fd6245a
This Metasploit module exploits an arbitrary PHP File Upload and Code Execution flaw in some WordPress blog software plugins. The vulnerability allows for arbitrary file upload and remote code execution POST Data to Vulnerable Script/File in the plugin.
b0f467c2f9513aea9fd89d25f94d00be23be09c42cfc54f3bbc14d023bf918cf
Secunia Security Advisory - Charlie Eriksen has discovered multiple vulnerabilities in the Global Content Blocks plugin for WordPress, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to disclose potentially sensitive information.
4b85ce76f9ea63e16f35c4a36bba9105c2e57e3d6020baf2a3911b09e8b84a5f
Ubuntu Security Notice 1503-1 - Hans Spaans discovered that the Context plugin in Rhythmbox created a temporary directory in an insecure manner. A local attacker could exploit this to execute arbitrary code as the user invoking the program. The Context plugin is disabled by default in Ubuntu.
df547307b999909e8ad311c8eb23837293bda1c1769f52bf417f2bfd35e2b199
Secunia Security Advisory - A vulnerability has been reported in The Guardian News Feed plugin for WordPress, which can be exploited by malicious people to conduct cross-site request forgery attacks.
a3a0907404c377dc43d2a8565b1cd9056874c29c0db06ced3f9fff51bb8518c2
Secunia Security Advisory - Charlie Eriksen has discovered a vulnerability in the Sendit plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks.
919f0ae3f693ebc58e41538c359302602670217a9386d39910c75a2fc175b359
Secunia Security Advisory - Charlie Eriksen has discovered a vulnerability in the A Page Flip Book plugin for WordPress, which can be exploited by malicious people to disclose sensitive information.
4193a8a122feb736782d5e8a1c9f53eeaa35302b94f8c1797da9be4c5dfc49d1