WordPress Photo Gallery plugin versions 1.5.69 and below suffer from multiple reflective cross site scripting vulnerabilities.
f5cee129a211aee4e8107180c84597f0d60b54808dacf0f7a05afefadeaa5233
Zero Day Initiative Advisory 12-137 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Mac OSX. Authentication is not required to exploit this vulnerability. The flaw exists within the libsecurity_cdsa_plugin which implements routines defined in libsecurity_cssm. The library defines an allocation routine as having an argument type uint32. The implemented methods in the cdsa_plugin accept parameter having type size_t, this value is truncated from 64 bits to 32 bits when being passed to the library routine. This can lead to an underallocated memory region and ultimately a write out of bounds. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.
46ab23dd80c0f29f56b1529836ab00f816dadca849f9f53aba67524769c8cb32
Secunia Security Advisory - A vulnerability has been reported in the RSVPMaker plugin for WordPress, which can be exploited by malicious people to conduct script insertion attacks.
1308c5365a8a6322182004b702e1cffdb5aa396feec096ae18a853239f2a9478
Secunia Security Advisory - Red Hat has issued an update for flash-plugin. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
e49512d4b1183a2b7f7d1e89472e2bc893629bbfad4358cdbeb4e99198996262
Mandriva Linux Security Advisory 2012-132 - Multiple cross-site request forgery and cross-site scripting flaws has been found and corrected in GLPI. This advisory provides the latest version of GLPI which are not vulnerable to these issues. Additionally the latest versions of the corresponding plugins are also being provided.
278fcab2d1ab2e4d4ef8819f221aff25448777d5df0d2fe452abe0b3a7049fea
Red Hat Security Advisory 2012-1173-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed on the Adobe security page APSB12-18, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.238.
c10d85f5137cb075e49ec0b6380b902d41df64cf1042cece8b3a15b524552b6a
Secunia Security Advisory - SUSE has issued an update for icedtea-web. This fixes two vulnerabilities, which can be exploited by malicious people to potentially compromise an application using the plugin.
d2498827fbc60ac4f93763aa590a4f48b39ae08094bcfc93dd5231c7f75f3820
Secunia Security Advisory - A vulnerability has been discovered in the Mz-jajak plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks.
ce183014f7a7034ef08b820c44de5dba4b085aa24a0e0ecc694575a83631fcac
WordPress third party plugin Mz-jajak versions 2.1 and below suffer from a remote SQL injection vulnerability.
51b5a3e5fbb049ef9ed0a0da87e3242197a6526dbb1c51c5fa9bb3f9b7d8d988
Secunia Security Advisory - loneferret has reported a vulnerability in the Postie plugin for WordPress, which can be exploited by malicious people to conduct script insertion attacks.
9104eb2fe16306c11ec227c41c5d34b5455bd5076fcbee6902d7b238037f7853
Secunia Security Advisory - loneferret has reported some vulnerabilities in the SimpleMail plugin for WordPress, which can be exploited by malicious people to conduct script insertion attacks.
f83e5e65043670becdc42a9b437540aa6f27a980121590167a6dcb2bdef541bf
AOL products downloadUpdater2 plugin suffers from a remote code execution vulnerability. Proof of concept included.
5dd419850203744eecbd83ce5e621ac6ad8521036c7ff6ea92f36ad34d871c9d
Secunia Security Advisory - Two vulnerabilities have been discovered in the Vitamin plugin for WordPress, which can be exploited by malicious people to disclose sensitive information.
1e6925f6212da54846413366e7e3b4d07d6ebfec345eb2ac14ed9d043180c5dd
Secunia Security Advisory - A vulnerability has been discovered in the AOL downloadUpdater2 plugin for Firefox, which can be exploited by malicious people to compromise a user's system.
34d39d1cffd7365c1f403a934dc593cd61940b634fb29827fb014db038bf0b94
Secunia Security Advisory - A vulnerability with an unknown impact has been reported in the Featured Post with thumbnail plugin for WordPress.
8fe95c8e80b2cecde85a6e3478176cfe6c1c0058ba329781caa0c0e302963b58
Secunia Security Advisory - Multiple vulnerabilities have been discovered in the WP Lead Management plugin for WordPress, which can be exploited by malicious people to conduct script insertion attacks.
621e4d11e8f52beb3c8001b1ec8daf4dad03ba1d03e991be2502975091df60c9
Secunia Security Advisory - Some vulnerabilities have been reported in the XVE Various Embed plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
f4d5fecdc356557b2890cf99029ffce4c3d7a8bb6bcb3bee9c7476681af88c42
Mandriva Linux Security Advisory 2012-122 - Multiple vulnerabilities has been discovered and corrected in icedtea-web. An uninitialized pointer use flaw was found in IcedTea-Web web browser plugin. A malicious web page could use this flaw make IcedTea-Web browser plugin pass invalid pointer to a web browser. Depending on the browser used, it may cause the browser to crash or possibly execute arbitrary code. It was discovered that the IcedTea-Web web browser plugin incorrectly assumed that all strings provided by browser are NUL terminated, which is not guaranteed by the NPAPI (Netscape Plugin Application Programming Interface. When used in a browser that does not NUL terminate NPVariant NPStrings, this could lead to buffer over-read or over-write, resulting in possible information leak, crash, or code execution. The updated packages have been upgraded to the 1.1.6 version which is not affected by these issues.
e54255ca79425edaf6f80ec86b150446915000646da9fc75bb873211676e0a94
Secunia Security Advisory - Two vulnerabilities have been discovered in the G-Lock Double Opt-in Manager plugin for WordPress, which can be exploited by malicious users to bypass certain security restrictions.
e942775fee1c967f7a52b6df52468b0b3e0a60e953c7e6f0244b37ad318712ee
WordPress G-Lock Double Opt-in Manager plugin versions 2.6.2 and below suffer from a remote SQL injection vulnerability.
9b809a742da2c1d3b8cbdd4435983f048a1f070e4be8d8392cfd842d006b75ac
Secunia Security Advisory - Red Hat has issued an update for icedtea-web. This fixes two vulnerabilities, which can be exploited by malicious people to potentially compromise an application using the plugin.
4f6b55a417d5a49358b50c60d81fdff58dda155a69260ce63b323a982ae9bfd5
Secunia Security Advisory - Ubuntu has issued an update for icedtea-web. This fixes two vulnerabilities, which can be exploited by malicious people to potentially compromise an application using the plugin.
8dee92a9db2efd34dc96d4cc062a43090f8ea0460543cd84330f8235b6031a6d
Ubuntu Security Notice 1521-1 - Chamal De Silva discovered that the IcedTea-Web Java web browser plugin could dereference an uninitialized pointer. A remote attacker could use this to craft a malicious web page that could cause a denial of service by crashing the web browser or possibly execute arbitrary code. Steven Bergom and others discovered that the IcedTea-Web Java web browser plugin assumed that all strings provided by browsers are NULL terminated, which is not guaranteed by the NPAPI (Netscape Plugin Application Programming Interface). A remote attacker could use this to craft a malicious Java applet that could cause a denial of service by crashing the web browser, expose sensitive information or possibly execute arbitrary code. Various other issues were also addressed.
501fee417fe6ba2b16a422f5cde669441ffad8611bba304f314fbdf49e7846e3
Secunia Security Advisory - Two vulnerabilities have been reported in the PoodLL plugins for Moodle, which can be exploited by malicious people to conduct cross-site scripting attacks.
7f928e1ef9d46da2dadab131054e85fcc473662c2453689b842054730301fedd
Secunia Security Advisory - Some vulnerabilities have been reported in the Backend Localization plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
77a4086ca6f20e915785181730d0675252f56b8f6f763f25404ec336d2103498
This Metasploit module exploits a stack-based buffer overflow in Photodex ProShow Producer version 5.0.3256 in the handling of the plugins load list file. An attacker must send the crafted "load" file to victim, who must store it in the installation directory. The vulnerability will be triggered the next time ProShow is opened. The module has been tested successfully on Windows XP SP3 and Windows 7 SP1.
bf2514d474a7b08d3b8119c8f11509c92a1414014f2de791e9a5e94b2b9e0c03