| Real Name | Yorick Koster |
|---|---|
| Email address | private |
| Website | nl.linkedin.com/in/yorickkoster |
| First Active | 2009-07-17 |
| Last Active | 2024-08-31 |
Multiple DLL side loading vulnerabilities were found in various COM components. These issues can be exploited by loading various these components as an embedded OLE object. When instantiating a vulnerable object Windows will try to load one or more DLLs from the current working directory. If an attacker convinces the victim to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.
54a85ca989c4eaff178f934a3bf1f889b5563dba98e78c59197f8309e65b7406WordPress Quotes Collection plugin version 2.0.5 suffers from a cross site scripting vulnerability.
3e714101167947eb893acf037ef84d9ed96b9fc784119af58b4e11c5506a768aWordPress YITH WooCommerce Compare plugin version 2.0.9 suffers from a PHP object injection vulnerability.
0db04c264f42b23b55cb4613767ded49fab18d10ff1bb03155469fb2bb5d9b85WordPress version 4.5.3 suffers from a path traversal vulnerability in the core ajax handlers.
78a9e8298d6dbe41d508c8f450f6b57d41e9ba8bdefa0dd06867e661676810caWordPress Peter's Login Redirect plugin version 2.9.0 suffers from cross site scripting and cross site request forgery vulnerabilities.
d923d75814f53455678a49a2ea9a573214a261b554bc26017e3d32911f08e0aeA DLL side loading vulnerability was found in the VMware Host Guest Client Redirector, a component of VMware Tools. This issue can be exploited by luring a victim into opening a document from the attacker's share. An attacker can exploit this issue to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system. If the WebDAV Mini-Redirector is enabled, it is possible to exploit this issue over the internet.
77b0507ce09c87acf67f7f51e1ec6e8edf574e2564f337de61f2167599efd712Microsoft Internet Explorer suffers from an iframe sandbox local file name disclosure vulnerability.
c9e6501898d6e4e506e28508a7c9fcb53f7ac24f8c867ab0e2dad6adc79d96b5WordPress Ecwid Ecommerce Shopping Cart plugin versions 4.4 and 4.4.3 suffer from a PHP object injection vulnerability.
eea5dc338145f133ef2c948a11161b48b9195ae993992148222504ead33426e2WordPress Store Locator Plus plugin version 4.5.09 suffers from a cross site scripting vulnerability.
43b65d3af62ae6aa76f632546f4154184dffe47668db8ba7c2c6611719d67b43A DLL side loading vulnerability was found in the VMware Host Guest Client Redirector, a component of VMware Tools. This issue can be exploited by luring a victim into opening a document from the attacker's share. An attacker can exploit this issue to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system. If the WebDAV Mini-Redirector is enabled, it is possible to exploit this issue over the internet.
a9ebf159096d5d370785b483c89286e459f55701477990b573fb428d268cfcc8WordPress Count Per Day plugin version 3.5.4 suffers from a cross site scripting vulnerability.
d69f6409f9285b4b341d81988998df80a9629b3685c4fee05a3057a084dfc9e1WordPress Activity Log plugin version 2.3.2 suffers from a cross site scripting vulnerability in the administrator functionality.
21667bded8d0d3482c6b534d3ebe3039accf5360a112babf71727c592ae859f9WordPress WangGuard plugin version 1.7.1 suffers from a cross site scripting vulnerability.
3051456cf2c889f689308508ff4c2b710884818fc46e3bee93704407dccdf0c6WordPress Uji Countdown plugin version 2.0.6 suffers from a cross site scripting vulnerability.
2eb875254f090d907a59a28a55943e84566f3430544df03b57979f23ad8ced80WordPress ALO EasyMail Newsletter plugin version 2.9.2 suffers from a cross site request forgery vulnerability.
ae00196b511cb748d0d23fe742e953b03adfd2422a853721694ecebb3ed4dd8aWordPress Contact Bank plugin version 2.1.21 suffers from a cross site scripting vulnerability.
acbccf7b1d40eb6d4dfb239eb471cc8f3e28e90de4dc1cdfa31b452a903f31faWordPress ColorWay theme version 3.4.1 suffers from a cross site scripting vulnerability.
3bcf6e430117f011bfa6bd3a2b25554032fd79f8c9f5f3d375c6a42284fe8437WordPress Video Player plugin version 1.5.16 suffers from multiple remote SQL injection vulnerabilities.
e466846931ce435c89ed6a17e672eaf0b4818880fd543e1016bd3f3bc4de6f26WordPress Icegram plugin version 1.9.18 suffers from a cross site request forgery vulnerability.
34497fd583aa9c4a2d176e260fdb464996bceb614b526b50b668962c1bc2887aWordPress Top 10 Popular Posts plugin version 2.3.0 suffers from a cross site scripting vulnerability.
2ef13b9046be953e681d2fe0e87def1da4ba275c47d315b48c71767de2390123WordPress Simple Membership plugin version 3.2.8 suffers from a cross site scripting vulnerability.
3e8992560e17c27925537a0aace108c6ef22f9b536239abaf910f9e8ea96163eWordPress WP No External Links plugin version 3.5.15 suffers from a cross site scripting vulnerability.
708a16d3086d6d4fbf54c12feb7c24010807b262e8b4085980426fd79cdb8538WordPress Google Forms plugin version 0.84 suffers from a cross site scripting vulnerability.
8fb3153cc86d1f165cf198ec1a8cceeefd1b6e4eae41b148c5f367fda60005ddWordPress Easy Forms for MailChimp plugin version 6.0.5.5 suffers from a local file inclusion vulnerability.
f9cad639aaef7cf5440fda2fd29535f1cb187e2e5bf1688b5d20fa6b3111e0d5WordPress WP Fastest Cache plugin version 0.8.5.9 suffers from a local file inclusion vulnerability.
0054cb275ef233d49c094070fb79510dc684f361c4da8889694dc76faaa05c30
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed