MidnightBSD

Advisories for moxiecode

CVE-2005-4599 MEDIUM

Cross-site scripting (XSS) vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to inject arbitrary web script or HTML via the index parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
moxiecode tinymce_compressor_php *
CVE-2005-4600 MEDIUM

Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to read or include arbitrary files via a trailing null byte (%00) in the (1) theme, (2) language, (3) plugins, or (4) lang parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
moxiecode tinymce_compressor_php *
CVE-2012-2401 MEDIUM

Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
wordpress wordpress 2.3.2
wordpress wordpress 1.2.5
wordpress wordpress 2.8.2
wordpress wordpress 2.0.2
wordpress wordpress 2.0.11
moxiecode plupload 1.4.1
wordpress wordpress 3.0.4
wordpress wordpress 0.71
moxiecode plupload 1.5.0
wordpress wordpress 2.3
wordpress wordpress 1.5.1.1
wordpress wordpress 2.0.10
moxiecode plupload 1.4.0
wordpress wordpress 2.9
wordpress wordpress 2.9.1.1
moxiecode plupload 1.4.3
wordpress wordpress 2.1.1
wordpress wordpress 2.0.8
wordpress wordpress 2.9.1
wordpress wordpress 2.0.4
wordpress wordpress 2.3.1
wordpress wordpress 2.8.1
wordpress wordpress 3.1.2
wordpress wordpress 3.1.3
wordpress wordpress 2.0
wordpress wordpress 1.0.2
wordpress wordpress 3.0
wordpress wordpress 2.2.3
wordpress wordpress 1.5.2
wordpress wordpress 2.8.6
wordpress wordpress 2.2.2
wordpress wordpress 2.1
wordpress wordpress 3.0.2
wordpress wordpress 2.8.5
wordpress wordpress 2.0.7
wordpress wordpress 2.6
wordpress wordpress 2.7.1
wordpress wordpress 3.3
wordpress wordpress 1.1.1
wordpress wordpress 1.2.4
wordpress wordpress 2.0.5
wordpress wordpress 1.2.1
wordpress wordpress 2.2
wordpress wordpress 1.0.1
wordpress wordpress 2.1.3
wordpress wordpress 3.1
wordpress wordpress 1.5.1.3
wordpress wordpress 2.5
wordpress wordpress 1.2.3
wordpress wordpress 2.6.3
wordpress wordpress 1.0
wordpress wordpress 2.7
wordpress wordpress 1.5.1.2
wordpress wordpress 2.5.1
wordpress wordpress 1.3.2
moxiecode plupload 1.5.1
wordpress wordpress 3.0.6
wordpress wordpress 1.3.3
wordpress wordpress 2.0.1
wordpress wordpress 1.2.2
wordpress wordpress 2.0.9
wordpress wordpress 2.9.2
wordpress wordpress 1.5
wordpress wordpress 1.5.1
wordpress wordpress 2.8
wordpress wordpress 2.8.3
moxiecode plupload 1.5.2
wordpress wordpress 2.8.5.2
wordpress wordpress *
wordpress wordpress 3.0.5
wordpress wordpress 3.0.1
wordpress wordpress 3.0.3
wordpress wordpress 2.8.4
wordpress wordpress 2.0.6
wordpress wordpress 2.1.2
wordpress wordpress 2.3.3
wordpress wordpress 2.6.2
wordpress wordpress 1.2
wordpress wordpress 1.3
moxiecode plupload 1.4.2
wordpress wordpress 2.6.1
wordpress wordpress 2.2.1
moxiecode plupload *
wordpress wordpress 2.6.5
wordpress wordpress 2.8.5.1
wordpress wordpress 3.1.1
CVE-2013-0237 MEDIUM

Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
wordpress wordpress 2.3.2
wordpress wordpress 1.2.5
wordpress wordpress 2.8.2
wordpress wordpress 2.0.2
fedoraproject fedora 16
wordpress wordpress 2.0.11
moxiecode plupload 1.4.1
wordpress wordpress 0.71
moxiecode plupload 1.5.0
wordpress wordpress 2.3
wordpress wordpress 1.5.1.1
wordpress wordpress 2.0.10
moxiecode plupload 1.4.0
wordpress wordpress 2.9
wordpress wordpress 2.9.1.1
moxiecode plupload 1.4.3
wordpress wordpress 2.1.1
wordpress wordpress 2.0.8
wordpress wordpress 2.9.1
wordpress wordpress 2.0.4
wordpress wordpress 2.3.1
wordpress wordpress 2.8.1
wordpress wordpress 2.0
wordpress wordpress 1.0.2
wordpress wordpress 2.2.3
fedoraproject fedora 18
wordpress wordpress 1.5.2
wordpress wordpress 2.8.6
wordpress wordpress 2.2.2
wordpress wordpress 2.1
wordpress wordpress 2.8.5
wordpress wordpress 2.0.7
wordpress wordpress 2.6
wordpress wordpress 2.7.1
wordpress wordpress 3.3
wordpress wordpress 1.1.1
wordpress wordpress 1.2.4
wordpress wordpress 2.0.5
wordpress wordpress 1.2.1
wordpress wordpress 2.2
wordpress wordpress 3.4.0
wordpress wordpress 1.0.1
wordpress wordpress 2.1.3
wordpress wordpress 3.3.1
wordpress wordpress 1.5.1.3
wordpress wordpress 2.5
wordpress wordpress 1.2.3
wordpress wordpress 3.4.1
wordpress wordpress 2.6.3
wordpress wordpress 1.0
wordpress wordpress 2.7
wordpress wordpress 1.5.1.2
wordpress wordpress 2.5.1
wordpress wordpress 1.3.2
moxiecode plupload 1.5.1
wordpress wordpress 1.3.3
fedoraproject fedora 17
wordpress wordpress 2.0.1
wordpress wordpress 1.2.2
wordpress wordpress 2.0.9
wordpress wordpress 2.9.2
wordpress wordpress 1.5
wordpress wordpress 1.5.1
wordpress wordpress 2.8
wordpress wordpress 3.3.2
wordpress wordpress 1.6.2
wordpress wordpress 2.8.3
moxiecode plupload 1.5.2
wordpress wordpress 2.8.5.2
wordpress wordpress *
wordpress wordpress 3.4.2
wordpress wordpress 2.8.4
moxiecode plupload 1.5.3
wordpress wordpress 2.0.6
wordpress wordpress 2.1.2
wordpress wordpress 3.3.3
wordpress wordpress 2.3.3
wordpress wordpress 2.6.2
wordpress wordpress 1.2
wordpress wordpress 1.3
moxiecode plupload 1.4.2
wordpress wordpress 2.6.1
wordpress wordpress 2.2.1
moxiecode plupload *
wordpress wordpress 2.6.5
wordpress wordpress 2.8.5.1