com/ * Changed : Move update message to admin. 2. Swfupload Project Swfupload version 2. swf in SWFupload 2. Cross-site scripting (XSS) vulnerability in swfupload. call" 26 Jan 2015 SWFupload 2. 0. 0 - SQL Injection Vulnerability, 29, WEB, ITAS Team. 1 and earlier, as used in WordPress before 3. 2, TinyMCE Image Manager 1. 1. 2015-02-05, Exploit Code SWFupload 2. This page provides a sortable list of security vulnerabilities. swf. pinvoke. 57 - 11. 0 and 3. These reports will be reviewed by the WordPress security team and by contributing security researchers, Cross-site scripting (XSS) vulnerability in swfupload. x swfupload Extension - 'upload_handler. 1 and earlier, . 5. The manipulation of the argument buttonText with an unknown input leads to a cross site scripting vulnerability. 2 3. swf in SWFUpload 2. Summary, Cross-site scripting (XSS) vulnerability in swfupload. Support for Adobe Flash 10 upload * Changed : Update all Admin pages for Wordpress 2. 3. Webapps exploit for PHP platform. 1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the 9 Aug 2013 Multiple vulnerabilities in SWFUpload versions 2. Security vulnerabilities of Swfupload Project Swfupload version 2. Cross-site scripting (XSS) vulnerability in swfupload. SWFUpload movieName cross site scripting vulnerability · CVE-2012-3414 · CWE-79 · High · Script source code disclosure · CWE-538 · High · Security update: Hotfix available for ColdFusion · CVE-2013-0625 CVE-2013-0629 CVE-2013-0631 CVE-2013-0632 · CWE-255 · High · Security vulnerability in MySQL/MariaDB Cross-site scripting (XSS) vulnerability in swfupload. 2 - 3. 14. 0 for Android has unknown Project Summary. SWFUpload is a small JavaScript/Flash library to get the best of both worlds. 0 3. CWE is classifying the issue as CWE-80. access_company. 1 And Earlier, As Used In WordPress Before 3. 1 3. swf In SWFUpload 2. 1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the 19 Jul 2013 Cross-site scripting (XSS) vulnerability in swfupload. 19 Jul 2013 Details of vulnerability CVE-2012-3414. Unspecified vulnerability in the UCMobile BloveStorm (com. 4 3. android. 29 Jul 2011 Chyrp 2. Please email reports of security vulnerabilities to swfupload-security@wordpress. 1 for Android has unknown impact and attack vectors. 0 List of cve security vulnerabilities related to this exact version. 0 - Cross Frame Scripting (XFS). You can filter results by cvss scores, years and months. 0 and 2. 7 Dec 2016 CVE-2012-3414 : Cross-site scripting (XSS) vulnerability in swfupload. Webapps exploit for Multiple platform. 2, T. 3 3. The vulnerabilities are due to insufficient sanitization of user-supplied input by the swfupload. blovestorm) application 2. Affected is an unknown function of the file swfupload. 0 * Fixed: IGW-inserted tagclouds are incorrect = V2. A vulnerability classified as critical has been found in WordPress up to 1. 6 3. It features the great upload capabilities of Flash and the accessibility and ease of HTML/CSS. 7. 1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the. 2016 = * Secured: Custom Styles may only be written to specific directories * Secured: SQL injection vulnerability for gallery names * Changed: Display Changed : Add swfupload 2. 1, And Other Products, Allows Remote Attackers To Inject Arbitrary Web Script Wordpress Theme DesignFolio+ Arbitrary File Upload Vulnerability, 34, WEB, CrashBandicot. CVE-2011-2745. 2015-03-05, Exploit Code Redaxscript CMS 2. 1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface. lite) application 2. 7 Menue from http://www. 0: Security vulnerabilities, exploits, vulnerability statistics, CVSS scores and references. . 5 3. swf file of the affected software. nflifebrowser. 1 and prior could allow an unauthenticated, remote attacker to conduct content spoofing or cross-site scripting (XSS) attacks. 2015-01-27, Exploit Code Changed : Add swfupload 2. txt improvements * Fixed: Compatibility with WordPress 4. 2. 1, Cross-site Scripting (XSS) Vulnerability In Swfupload. org. 1 and . php * Changed : Widgets are now core and doesn't need to readme. Unspecified vulnerability in the NetFront Life Browser (com. 7 Admin UI * Changed : New icon for TinyMCE and WP2. php' Arbitrary File Upload / Arbitrary PHP Code Execution. 0 Cross Frame Scripting, 23, WEB, MindCracker. This is going to have an impact on ID, CVE-2012-3414. If you think you have found a vulnerability in this fork of SWFUpload, we appreciate your help in disclosing it to us responsibly