I found an interesting privacy issue while analyzing PDF files. This bug
occurs when you are using Internet Explorer to print locally saved web pages
as PDF and affects all IE versions including IE8. It does not matter which
PDF generation software you are using like Adobe Acrobat Professional,
CutePDF, PrimoPDF, etc as long as you are invoking it from inside the IE
print function. In Windows, even when your default browser is not IE and if
you right click a file to select the PRINT from the context menu, then by
default it invokes the IE print handler. So, you will still see this issue
in the generated PDF.

This bug is NOT ABOUT the local disk path appearing in the FOOTER of your
pdf since it is clearly visible and already known by most people. This is
easy enough to hide by just going File -> Page Setup -> Change the Footer
value from “URL” to “-Empty-”. After doing that, you will not expect your
... Read more »

Hello Bugtraq!

I want to warn you about security vulnerabilities in plugin WP-Cumulus for
WordPress.

These are Full path disclosure and Cross-Site Scripting vulnerabilities.

Full path disclosure:

http://site/wp-content/plugins/wp-cumulus/wp-cumulus.php

XSS:

http://site/wp-content/plugins/wp-cumulus/tagcloud.swf?mode=tags&tagcloud=%3Ctags%3E%3Ca+href='javascript:alert(document.cookie)'+style='font-size:+40pt'%3EClick%20me%3C/a%3E%3C/tags%3E

Code will execute after click. It's strictly social XSS.

Vulnerable are WP-Cumulus 1.20 and previous versions.

I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/3665/).

P.S.

This is one of that 20 plugins for WordPress where I found 135 different
vulnerabilities (during 2006-2009), which I wrote about in my summary of
vulnerabilities in plugins for WordPress (http://websecurity.com.ua/3397/).

Best wishes & regards,
MustLive
Administra ... Read more »