MidnightBSD

Advisories for tinymce

CVE-2011-4825 HIGH

Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
phpmyfaq phpmyfaq 2.7.0
phpletter ajax_file_and_image_manager 0.8
phpmyfaq phpmyfaq 2.6.14
phpmyfaq phpmyfaq 2.6.13
phpmyfaq phpmyfaq 2.6.6
phpmyfaq phpmyfaq 2.6.12
phpmyfaq phpmyfaq 2.6.2
phpmyfaq phpmyfaq 2.6.11
phpmyfaq phpmyfaq 2.6.9
phpletter ajax_file_and_image_manager 0.8.24
phpmyfaq phpmyfaq 2.6.8
phpletter ajax_file_and_image_manager 0.9
phpletter ajax_file_and_image_manager 0.6.12
phpmyfaq phpmyfaq 2.6.3
phpletter ajax_file_and_image_manager 1.0
phpmyfaq phpmyfaq 2.6.17
phpletter ajax_file_and_image_manager 0.7.10
phpletter ajax_file_and_image_manager 0.6
phpmyfaq phpmyfaq 2.6.0
phpmyfaq phpmyfaq 2.6.4
phpmyfaq phpmyfaq 2.6.16
phpmyfaq phpmyfaq 2.6.15
phpletter ajax_file_and_image_manager 0.8.8
phpmyfaq phpmyfaq 2.6.5
phpmyfaq phpmyfaq 2.6.7
phpletter ajax_file_and_image_manager 0.7.8
phpletter ajax_file_and_image_manager 0.5
phpletter ajax_file_and_image_manager 0.5.7
phpmyfaq phpmyfaq 2.6.1
phpletter ajax_file_and_image_manager 0.8.9
phpletter ajax_file_and_image_manager *
tinymce tinymce *
phpmyfaq phpmyfaq 2.6.18
phpletter ajax_file_and_image_manager 0.5.5
phpmyfaq phpmyfaq 2.6.10
CVE-2012-6112 MEDIUM

classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
moodle moodle 2.2.0
moodle moodle 2.1.8
moodle moodle 2.2.5
tinymce spellchecker_php 2.0.1
tinymce spellchecker_php 2.0.2
moodle moodle 2.1.0
moodle moodle 2.1.6
tinymce spellchecker_php 2.0
moodle moodle 2.2.3
moodle moodle 2.3.2
tinymce spellchecker_php 2.0.6
moodle moodle 2.1.9
moodle moodle 2.1.5
moodle moodle 2.4.0
moodle moodle 2.1.3
moodle moodle 2.2.1
moodle moodle 2.2.6
moodle moodle 2.1.1
moodle moodle 2.1.7
tinymce spellchecker_php 2.0.3
moodle moodle 2.1.2
moodle moodle 2.2.2
moodle moodle 2.3.0
moodle moodle 2.3.1
moodle moodle 2.3.3
moodle moodle 2.1.4
moodle moodle 2.2.4
CVE-2013-2204 MEDIUM

moxieplayer.as in Moxiecode moxieplayer, as used in the TinyMCE Media plugin in WordPress before 3.5.2 and other products, does not consider the presence of a # (pound sign) character during extraction of the QUERY_STRING, which allows remote attackers to pass arbitrary parameters to a Flash application, and conduct content-spoofing attacks, via a crafted string after a ? (question mark) character.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
wordpress wordpress 2.8.3
wordpress wordpress 1.2.5
tinymce media -
wordpress wordpress 1.5.1.3
wordpress wordpress 2.8.2
wordpress wordpress 2.9.2
wordpress wordpress 2.1.1
wordpress wordpress 1.5.1.1
wordpress wordpress 2.9
wordpress wordpress 3.4.2
wordpress wordpress 3.3.3
wordpress wordpress 3.5.0
wordpress wordpress 1.0.2
wordpress wordpress 2.2.2
wordpress wordpress 2.6.3
wordpress wordpress 2.5
wordpress wordpress 2.0.6
wordpress wordpress 2.0.8
wordpress wordpress 1.3
wordpress wordpress 2.9.1.1
wordpress wordpress 2.8.4
wordpress wordpress 2.3
wordpress wordpress 2.3.2
wordpress wordpress 2.0
wordpress wordpress 2.1.2
wordpress wordpress 3.4.1
wordpress wordpress 2.0.2
wordpress wordpress 1.2.2
wordpress wordpress 1.3.2
wordpress wordpress 2.3.1
wordpress wordpress 1.2.3
wordpress wordpress 2.7
wordpress wordpress 2.8
wordpress wordpress 2.0.4
wordpress wordpress 2.8.5
wordpress wordpress 2.8.1
wordpress wordpress 1.2.4
wordpress wordpress 3.4.0
wordpress wordpress 1.2.1
wordpress wordpress 2.1.3
wordpress wordpress 2.2
wordpress wordpress 1.5
wordpress wordpress 3.3.2
wordpress wordpress 2.5.1
wordpress wordpress 2.0.1
wordpress wordpress 1.5.1.2
wordpress wordpress 2.0.11
wordpress wordpress 2.3.3
wordpress wordpress 2.8.6
wordpress wordpress 1.1.1
wordpress wordpress 2.6.1
wordpress wordpress 2.6
wordpress wordpress 2.0.5
wordpress wordpress 1.0.1
wordpress wordpress 2.8.5.2
wordpress wordpress 1.5.2
wordpress wordpress 2.7.1
wordpress wordpress 2.2.1
wordpress wordpress *
wordpress wordpress 1.6.2
wordpress wordpress 1.2
wordpress wordpress 2.6.5
wordpress wordpress 0.71
wordpress wordpress 2.2.3
wordpress wordpress 2.0.10
wordpress wordpress 2.0.9
wordpress wordpress 2.9.1
wordpress wordpress 1.3.3
wordpress wordpress 2.1
wordpress wordpress 1.0
wordpress wordpress 3.3
wordpress wordpress 2.8.5.1
wordpress wordpress 1.5.1
wordpress wordpress 2.6.2
wordpress wordpress 3.3.1
wordpress wordpress 2.0.7
CVE-2014-3844 MEDIUM

The TinyMCE Color Picker plugin before 1.2 for WordPress does not properly check permissions, which allows remote attackers to modify plugin settings via unspecified vectors. NOTE: some of these details are obtained from third party information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
tinymce color_picker *
CVE-2014-3845 MEDIUM

Cross-site request forgery (CSRF) vulnerability in the TinyMCE Color Picker plugin before 1.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that change plugin settings via unknown vectors. NOTE: some of these details are obtained from third party information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
tinymce color_picker *