2013-07-08 22:55:01 2013-08-13 19:21:44

moxieplayer.as in Moxiecode moxieplayer, as used in the TinyMCE Media plugin in WordPress before 3.5.2 and other products, does not consider the presence of a # (pound sign) character during extraction of the QUERY_STRING, which allows remote attackers to pass arbitrary parameters to a Flash application, and conduct content-spoofing attacks, via a crafted string after a ? (question mark) character.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE
Open-Xchange AppSuite 7.0.2 Open-Xchange AppSuite 7.2.0 Open-Xchange AppSuite 7.0.1 ontariosystems Artiva Healthcare 5.2 Maintenance Release 5 Omron NS Series System Program Firmware 8.69 Omeka 2.2 onesolutionapps Aloha Bail Bonds (aka com.onesolutionapps.alohabailbondsandroid) for android 1.1 Omeka 2.2.1 onesolutionapps Bail Bonds (aka com.onesolutionapps.chadlewisbailbondsandroid) for android 1.1 Omron NS12 HMI Terminal Omeka 2.1.3 Omron NS5 HMI Terminal onesolutionapps AJD Bail Bonds (aka com.onesolutionapps.ajdbailbondsandroid) for android 1.1 Omron NS15 HMI Terminal One You Fitness project One You Fitness (aka com.app_oneyou.layout) for android 1.399 Omron NS8 HMI Terminal onefile OneFile Ignite (aka uk.co.onefile.ignite) for android 1.19 onelouder FriendCaster Chat (aka com.handmark.friendcaster.chat) for Android 2.0 onesolutionapps Woodward Bail (aka com.onesolutionapps.woodwardbailandroid) for android 1.1 onesolutionapps Reds Anytime Bail (aka com.onesolutionapps.redsanytimebailandroid) for android 1.1 op5 Monitor 5.4.2 Online Solutions Online Solutions Security Suite (OSSS) 1.5.14905.0 op5 Monitor 5.3.5 Omron NS Series System Program Firmware 8.70 Omron NS10 HMI Terminal OPAC Project Opac for Drupal 7.x-2.0 OneorZero Action and Information Management System (AIMS) 2.7.0 Trial Edition OneorZero Action and Information Management System (AIMS) 2.7.0 op5 Monitor 6.3.1 op5 system-op5config 2.0.2 op5 system-op5config 2.0.3 op5 Monitor 5.5.3 op5 Monitor 6.3.0 OneorZero Action and Information Management System (AIMS) 2.8.0 Build 231211 Trial Edition opalvoip Portable Tool Library (aka PTLib) 2.10.2 Open-Xchange AppSuite 7.4.0 Open-Xchange AppSuite 7.2.2 Open-Xchange AppSuite 7.2.1 ontariosystems Artiva Architect 3.2 Maintenance Release 5 onesolutionapps AAAA Discount Bail (aka com.onesolutionapps.aaaadiscountbailandroid) for android 1.1 onesolutionapps Bust Out Bail (aka com.onesolutionapps.bustoutbailandroid) for android 1.1 op5 Monitor 5.5.0 opalvoip Portable Tool Library (aka PTLib) 2.10.1 Open-Xchange AppSuite 7.4.1 ontariosystems Artiva RM 3.1 Maintenance Release 7 Open-Xchange AppSuite 7.4.2 op5 Monitor 5.4.0 opalvoip Portable Tool Library (aka PTLib) 2.10.7 opalvoip Portable Tool Library (aka PTLib) 2.10.10 Open-Xchange AppSuite 6.22.1 Omron NS Series System Program Firmware 8.68 OneorZero Action and Information Management System (AIMS) 2.6.0 Members Edition Linux Omnikey Cardman 4040 Omni Group OmniWeb 5.1 563.34 Linux Omnikey Cardman Omeka 2.0.1 Tinymce Media - (not an official CPE) Omeka 2.1.4 omnistaretools OmniStar Recruiting Omeka 2.2.2 ontariosystems Artiva Workstation 1.3.9 OMFG Mobile plugin for WordPress 1.1.26 Ooorl plugin for WordPress Omeka 1.5.2 Omeka 2.0.2 Omeka 2.0.3 Omeka 2.0.4 op5 Monitor 5.5.1 Omeka 1.5.1 Omeka 2.1.2 Omeka 2.1 Omeka 2.1.1 ontariosystems Artiva Workstation 1.3.0 Omron NS Series System Program Firmware 8.1 Omeka 1.5.3 Omeka 2.0 op5 system-portal 1.6.2 op5 system-portal 1.6.1

Improper Input Validation (ID 20)

Related CAPEC 58 Buffer Overflow via Environment Variables (CAPEC-ID 10) Server Side Include (SSI) Injection (CAPEC-ID 101) Cross Zone Scripting (CAPEC-ID 104) Cross Site Scripting through Log Files (CAPEC-ID 106) Command Line Execution through SQL Injection (CAPEC-ID 108) Object Relational Mapping Injection (CAPEC-ID 109) SQL Injection through SOAP Parameter Tampering (CAPEC-ID 110) Subverting Environment Variable Values (CAPEC-ID 13) Format String Injection (CAPEC-ID 135) LDAP Injection (CAPEC-ID 136) Relative Path Traversal (CAPEC-ID 139) Client-side Injection-induced Buffer Overflow (CAPEC-ID 14) Variable Manipulation (CAPEC-ID 171) Embedding Scripts in Non-Script Elements (CAPEC-ID 18) Flash Injection (CAPEC-ID 182) Cross-Site Scripting Using Alternate Syntax (CAPEC-ID 199) Exploiting Trust in Client (aka Make the Client Invisible) (CAPEC-ID 22) XML Nested Payloads (CAPEC-ID 230) XML Oversized Payloads (CAPEC-ID 231) Filter Failure through Buffer Overflow (CAPEC-ID 24) Cross-Site Scripting via Encoded URI Schemes (CAPEC-ID 244) XML Injection (CAPEC-ID 250) Environment Variable Manipulation (CAPEC-ID 264) Global variable manipulation (CAPEC-ID 265) Leverage Alternate Encoding (CAPEC-ID 267) Fuzzing (CAPEC-ID 28) Using Leading 'Ghost' Character Sequences to Bypass Input Filters (CAPEC-ID 3) Accessing/Intercepting/Modifying HTTP Cookies (CAPEC-ID 31) Embedding Scripts in HTTP Query Strings (CAPEC-ID 32) MIME Conversion (CAPEC-ID 42) Exploiting Multiple Input Interpretation Layers (CAPEC-ID 43) Buffer Overflow via Symbolic Links (CAPEC-ID 45) Overflow Variables and Tags (CAPEC-ID 46) Buffer Overflow via Parameter Expansion (CAPEC-ID 47) Signature Spoof (CAPEC-ID 473) XML Client-Side Attack (CAPEC-ID 484) Embedding NULL Bytes (CAPEC-ID 52) Postfix, Null Terminate, and Backslash (CAPEC-ID 53) Simple Script Injection (CAPEC-ID 63) Using Slashes and URL Encoding Combined to Bypass Validation Logic (CAPEC-ID 64) SQL Injection (CAPEC-ID 66) String Format Overflow in syslog() (CAPEC-ID 67) Blind SQL Injection (CAPEC-ID 7) Using Unicode Encoding to Bypass Validation Logic (CAPEC-ID 71) URL Encoding (CAPEC-ID 72) User-Controlled Filename (CAPEC-ID 73) Using Escaped Slashes in Alternate Encoding (CAPEC-ID 78) Using Slashes in Alternate Encoding (CAPEC-ID 79) Buffer Overflow in an API Call (CAPEC-ID 8) Using UTF-8 Encoding to Bypass Validation Logic (CAPEC-ID 80) Web Logs Tampering (CAPEC-ID 81) XPath Injection (CAPEC-ID 83) AJAX Fingerprinting (CAPEC-ID 85) Embedding Script (XSS) in HTTP Headers (CAPEC-ID 86) OS Command Injection (CAPEC-ID 88) Buffer Overflow in Local Command-Line Utilities (CAPEC-ID 9) XSS in IMG Tags (CAPEC-ID 91) XML Parser Attack (CAPEC-ID 99)