WordPress Squirrel Theme version 1.6.4 suffers from a remote file inclusion vulnerability.
86c56b7e4874d7528b43160cb98e7dd014fc64e5f89c14c40edacd196b5285d4WordPress with Buddypress and Blogs Mu Theme suffers from a cross site scripting vulnerability.
cdc514f2e390d0fb253eaff6f745da7c608e34926bb03c0bcb321ab265c56eacThis Metasploit module exploits a buffer overflow vulnerability found in Freeamp 2.0.7. The overflow occurs when an overly long string is parsed in the FAT file. This Metasploit module creates a txt file that has to be used in the creation of a FAT file. The FAT file then has to be imported as a theme. To create the FAT file you need to first decompress the basic theme template, MakeTheme -d freeamp.fat. Next create the new FAT file MakeTheme crash.fat theme.xml title.txt *.bmp.
6dfcaf1f8aff9ad6e428e3ae8e6f8b05df47336a37bbdba3dccbb68f5018292eSecunia Security Advisory - A vulnerability has been reported in the iWebkit theme for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
1d9c28c643797a139fc13d2bf15f040c13abdb58d5f55745e68d1b7e926360e0Secunia Security Advisory - A vulnerability has been reported in the Facebook Simple Clean theme for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
20189da09b4effcc1f1eb189193d3e724fa8da5afdf96273e9029f2878763e95Ubuntu Security Notice 1157-2 - USN-1157-1 fixed vulnerabilities in Firefox. This update provides updated packages for use with Firefox 5. Bob Clary, Kevin Brosnan, Gary Kwong, Jesse Ruderman, Christian Biesinger, Bas Schouten, Igor Bukanov, Bill McCloskey, Olli Pettay, Daniel Veditz and Marcia Knous discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could possibly execute arbitrary code with the privileges of the user invoking Firefox. Martin Barbella discovered that under certain conditions, viewing a XUL document while JavaScript was disabled caused deleted memory to be accessed. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Jordi Chancel discovered a vulnerability on multipart/x-mixed-replace images due to memory corruption. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Chris Rohlf and Yan Ivnitskiy discovered an integer overflow vulnerability in JavaScript Arrays. An attacker could potentially use this to execute arbitrary code with the privileges of the user invoking Firefox. It was discovered that Firefox's WebGL textures did not honor same-origin policy. If a user were tricked into viewing a malicious site, an attacker could potentially view image data from a different site. Christoph Diehl discovered an out-of-bounds read vulnerability in WebGL code. An attacker could potentially read data that other processes had stored in the GPU. Christoph Diehl discovered an invalid write vulnerability in WebGL code. An attacker could potentially use this to execute arbitrary code with the privileges of the user invoking Firefox. It was discovered that an unauthorized site could trigger an installation dialog for addons and themes. If a user were tricked into viewing a malicious site, an attacker could possibly trick the user into installing a malicious addon or theme. Mario Heiderich discovered a vulnerability in displaying decoded HTML-encoded entities inside SVG elements. An attacker could utilize this to perform cross-site scripting attacks. Various other issues were also addressed.
ab0de8b218db560872113e115b67dd7d3a8d9bab94d781b359d06958c84f7b71Multiple WordPress themes suffer from cross site scripting and information disclosure vulnerabilities. Themes affected include Live Wire (all three themes from Live Wire series), Gotham News, Typebased, Blogtheme, VibrantCMS, Fresh News, The Gazette Edition, NewsPress, The Station, The Original Premium News, Flash News, Busy Bee, and Geometric.
1a955659244778d9058139f1fa6493227ce6506d22be3379a1d102a1fa381170Magazeen theme version 1.0 for WordPress and Dotclear suffers from a cross site scripting vulnerability.
9e1279300ac5f76d0b6725e54d3abd554b6b664d9dd441e1e078f9adebdb376fSecunia Security Advisory - Two security issues and two vulnerabilities have been discovered in the Magazeen theme for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).
aadef2cbe2bf6bc033df7bac91e74c1699291db7f57b4817d8ab06d6ec104094Multiple Joomla themes suffer from cross site scripting, denial of service, disclosure, and abuse of functionality vulnerabilities.
8148583b8ad762681628eac607ff239001cef718fb344300b322e5c939626ba1Secunia Security Advisory - Two security issues and two vulnerabilities have been reported in WooThemes Bueno, City Guide, Coffee Break, Daily Edition, Delegate, Fresh News, Headlines, Inspire, Optimize, Over Easy, and The Station ExpressionEngine themes, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).
56adfd5fea63167983051b1869f7693780828dcbb7e2a6893b95bf628381f594Secunia Security Advisory - Two security issues and two vulnerabilities have been reported in the Mimbo Pro theme for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).
0364300f70a2b40fd120c325e694068e5b7e359f3a97dc2c64d0337ea7b7a46dMultiple Drupal themes suffer from cross site scripting and denial of service vulnerabilities. Affected themes include Fresh News, Inspire, Spectrum, Delegate, Optimize, Bueno, Headlines, Daily Edition, Coffee Break, The Gazette Edition.
165887f15d9354eaf9b8d1bb945cb0dc9da0684b19cf44be05684f5b05d60ae6Secunia Security Advisory - Two security issues and two vulnerabilities have been reported in WooThemes Live Wire and Gazette Edition WordPress themes, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).
72057db40a756fe535209523780c1e7c91f7b97dec73c31f0a2b8d6ddaa52b2aThe Gazette Edition (theme for WordPress) versions 2.9.4 and below suffer from cross site scripting, denial of service, path disclosure and abuse of functionality vulnerabilities.
554e2b12eb7acbe0808897d2e279223beeade9555f821b00b156e5c83a058674Live Wire Edition theme version 2.3.1 for WordPress suffers from cross site scripting, denial of service, path disclosure and abuse of functionality vulnerabilities.
79b89bb2c36ba7e839e6894861693e23d1bfac75cb85db1f03d2104a7ce96832Secunia Security Advisory - A vulnerability has been discovered in the SimpleDark theme for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
38a3f881dc643cfe82c0db71e55c5788c2ea5bed737e0ed9856cbd40cd763f36Zero Day Initiative Advisory 10-290 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP NetWeaver Business Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Load and LoadTheme methods of the SapThemeRepository ActiveX control (sapwdpcd.dll) implemented by SAP NetWeaver Business Client. Due to a failure in bounds checking, a user-supplied parameter supplied to the vulnerable methods can overflow a stack buffer resulting in arbitrary code execution under the context of the user running the browser.
3ff07756f5b8556d59a4b7213aa9a522b1fbb579894c4abd3efccb174e669381Secunia Security Advisory - A vulnerability has been reported in Ubuntu Drupal Theme - Brown theme for Drupal, which can be exploited by malicious people to disclose potentially sensitive information.
fef4fc5938921b422ac42399f8642583a8be8896de913baf369695e4574891cfSecunia Security Advisory - A vulnerability has been reported in the Studio Theme Pack module for Drupal, which can be exploited by malicious people to conduct cross-site scripting attacks.
aadb060e282a30867bd7a117c61e5b329c3372743751593a9ae21f636612d376VUPEN Web Vulnerability Research Team discovered multiple vulnerabilities in eFront. These issues are caused by input validation errors when processing the "remote_theme", "name", "system_email", "password_length", "math_server", "site_motto" and "site_name" parameters, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected Web site. Versions prior to 3.6.3 build 7400 are affected.
1104801d6660f352341d2255e224ec704f33018e832b6a8a32964aa0a77e692eThe Joomla YOOOtheme component suffers from cross site scripting vulnerabilities.
97eae37014fc2225afedb44591561a89fbbae53eae8be987ffeb7be18f5800e6Secunia Security Advisory - andresg888 has reported a vulnerability in the YOOtheme template for Joomla, which can be exploited by malicious people to conduct cross-site scripting attacks.
35eeb59760d44a6af1c17ef3e1606eacbd294de3d5f33c2b3f22ce9fb8179e6cSecunia Security Advisory - A vulnerability has been reported in the RootCandy theme for Drupal, which can be exploited by malicious people to conduct cross-site scripting attacks.
35ee6ce9fa65d470ce6809a7b2b8c067d391aab33227cd021c903dafb323012bSecunia Security Advisory - Justin C. Klein Keane has discovered a vulnerability in the Taxonomy Theme module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
ead1ad43993c0d93f291ead88037371f7eee738851c2e3397555fc2a49aa9a81The Drupal Taxonomy Theme version 5.x-1.1 suffers from a cross site scripting vulnerability.
910abd62192a62f24e88bd8e0a24cfaaf8cb8214622ef3b378fdbaa2fffeb0a0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed