Real Name | Yorick Koster |
---|---|
Email address | private |
Website | nl.linkedin.com/in/yorickkoster |
First Active | 2009-07-17 |
Last Active | 2024-08-31 |
Multiple DLL side loading vulnerabilities were found in various COM components. These issues can be exploited by loading various these components as an embedded OLE object. When instantiating a vulnerable object Windows will try to load one or more DLLs from the current working directory. If an attacker convinces the victim to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.
54a85ca989c4eaff178f934a3bf1f889b5563dba98e78c59197f8309e65b7406
WordPress Quotes Collection plugin version 2.0.5 suffers from a cross site scripting vulnerability.
3e714101167947eb893acf037ef84d9ed96b9fc784119af58b4e11c5506a768a
WordPress YITH WooCommerce Compare plugin version 2.0.9 suffers from a PHP object injection vulnerability.
0db04c264f42b23b55cb4613767ded49fab18d10ff1bb03155469fb2bb5d9b85
WordPress version 4.5.3 suffers from a path traversal vulnerability in the core ajax handlers.
78a9e8298d6dbe41d508c8f450f6b57d41e9ba8bdefa0dd06867e661676810ca
WordPress Peter's Login Redirect plugin version 2.9.0 suffers from cross site scripting and cross site request forgery vulnerabilities.
d923d75814f53455678a49a2ea9a573214a261b554bc26017e3d32911f08e0ae
A DLL side loading vulnerability was found in the VMware Host Guest Client Redirector, a component of VMware Tools. This issue can be exploited by luring a victim into opening a document from the attacker's share. An attacker can exploit this issue to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system. If the WebDAV Mini-Redirector is enabled, it is possible to exploit this issue over the internet.
77b0507ce09c87acf67f7f51e1ec6e8edf574e2564f337de61f2167599efd712
Microsoft Internet Explorer suffers from an iframe sandbox local file name disclosure vulnerability.
c9e6501898d6e4e506e28508a7c9fcb53f7ac24f8c867ab0e2dad6adc79d96b5
WordPress Ecwid Ecommerce Shopping Cart plugin versions 4.4 and 4.4.3 suffer from a PHP object injection vulnerability.
eea5dc338145f133ef2c948a11161b48b9195ae993992148222504ead33426e2
WordPress Store Locator Plus plugin version 4.5.09 suffers from a cross site scripting vulnerability.
43b65d3af62ae6aa76f632546f4154184dffe47668db8ba7c2c6611719d67b43
A DLL side loading vulnerability was found in the VMware Host Guest Client Redirector, a component of VMware Tools. This issue can be exploited by luring a victim into opening a document from the attacker's share. An attacker can exploit this issue to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system. If the WebDAV Mini-Redirector is enabled, it is possible to exploit this issue over the internet.
a9ebf159096d5d370785b483c89286e459f55701477990b573fb428d268cfcc8
WordPress Count Per Day plugin version 3.5.4 suffers from a cross site scripting vulnerability.
d69f6409f9285b4b341d81988998df80a9629b3685c4fee05a3057a084dfc9e1
WordPress Activity Log plugin version 2.3.2 suffers from a cross site scripting vulnerability in the administrator functionality.
21667bded8d0d3482c6b534d3ebe3039accf5360a112babf71727c592ae859f9
WordPress WangGuard plugin version 1.7.1 suffers from a cross site scripting vulnerability.
3051456cf2c889f689308508ff4c2b710884818fc46e3bee93704407dccdf0c6
WordPress Uji Countdown plugin version 2.0.6 suffers from a cross site scripting vulnerability.
2eb875254f090d907a59a28a55943e84566f3430544df03b57979f23ad8ced80
WordPress ALO EasyMail Newsletter plugin version 2.9.2 suffers from a cross site request forgery vulnerability.
ae00196b511cb748d0d23fe742e953b03adfd2422a853721694ecebb3ed4dd8a
WordPress Contact Bank plugin version 2.1.21 suffers from a cross site scripting vulnerability.
acbccf7b1d40eb6d4dfb239eb471cc8f3e28e90de4dc1cdfa31b452a903f31fa
WordPress ColorWay theme version 3.4.1 suffers from a cross site scripting vulnerability.
3bcf6e430117f011bfa6bd3a2b25554032fd79f8c9f5f3d375c6a42284fe8437
WordPress Video Player plugin version 1.5.16 suffers from multiple remote SQL injection vulnerabilities.
e466846931ce435c89ed6a17e672eaf0b4818880fd543e1016bd3f3bc4de6f26
WordPress Icegram plugin version 1.9.18 suffers from a cross site request forgery vulnerability.
34497fd583aa9c4a2d176e260fdb464996bceb614b526b50b668962c1bc2887a
WordPress Top 10 Popular Posts plugin version 2.3.0 suffers from a cross site scripting vulnerability.
2ef13b9046be953e681d2fe0e87def1da4ba275c47d315b48c71767de2390123
WordPress Simple Membership plugin version 3.2.8 suffers from a cross site scripting vulnerability.
3e8992560e17c27925537a0aace108c6ef22f9b536239abaf910f9e8ea96163e
WordPress WP No External Links plugin version 3.5.15 suffers from a cross site scripting vulnerability.
708a16d3086d6d4fbf54c12feb7c24010807b262e8b4085980426fd79cdb8538
WordPress Google Forms plugin version 0.84 suffers from a cross site scripting vulnerability.
8fb3153cc86d1f165cf198ec1a8cceeefd1b6e4eae41b148c5f367fda60005dd
WordPress Easy Forms for MailChimp plugin version 6.0.5.5 suffers from a local file inclusion vulnerability.
f9cad639aaef7cf5440fda2fd29535f1cb187e2e5bf1688b5d20fa6b3111e0d5
WordPress WP Fastest Cache plugin version 0.8.5.9 suffers from a local file inclusion vulnerability.
0054cb275ef233d49c094070fb79510dc684f361c4da8889694dc76faaa05c30