Tags archives: php

 

0

Joomla Docman Path Disclosure / Local File Inclusion

# Joomla docman Component ‘com_docman’ Full Path Disclosure(FPD) & Local File Disclosure/Include(LFD/LFI) # CWE: CWE-200(FPD) CWE-98(LFI/LFD) # Risk: High # Author: Hugo Santiago dos Santos # Contact: hugo.s@linuxmail.org # Date: 13/07/2015 # Vendor Homepage: http://extensions.joomla.org/extension/directory-a-documentation/downloads/docman # Google Dork: inurl:”/components/com_docman/dl2.php”   # Xploit (FPD):   Get one target and just download with blank parameter: http://www.site.com/components/com_docman/dl2.php?archive=0&file=   […]

 

0

WordPress Image Export 1.1 Arbitrary File Download

Title: Remote file download vulnerability in Wordpress Plugin image-export v1.1 Author: Larry W. Cashdollar, @_larry0 Date: 2015-07-01 Download Site: https://wordpress.org/plugins/image-export Vendor: www.1efthander.com Vendor Notified: 2015-07-05 Vendor Contact: https://twitter.com/1eftHander Description: Image Export plugin can help you selectively download images uploaded by an administrator . Vulnerability: The code in file download.php doesn’t do any checking that the […]

 

0

WordPress Plotly 1.0.2 Cross Site Scripting

Details ================ Software: Plotly Version: 1.0.2 Homepage: http://wordpress.org/plugins/wp-plotly/ Advisory report: https://security.dxw.com/advisories/stored-xss-in-plotly-allows-less-privileged-users-to-insert-arbitrary-javascript-into-posts/ CVE: CVE-2015-5484 CVSS: 6.5 (Medium; AV:N/AC:L/Au:S/C:P/I:P/A:P)   Description ================ Stored XSS in Plotly allows less privileged users to insert arbitrary JavaScript into posts   Vulnerability ================ This plugin allows users who do not have the unfiltered_html capability to insert JavaScript into posts/pages which gets […]

 

0

WordPress WP-PowerPlayGallery 3.3 File Upload / SQL Injection

Title: Remote file upload vulnerability & SQLi in wordpress plugin wp-powerplaygallery v3.3 Author: Larry W. Cashdollar, @_larry0 Date: 2015-06-27 Download Site: https://wordpress.org/plugins/wp-powerplaygallery Vendor: WP SlideShow Vendor Notified: 2015-06-29 Advisory: http://www.vapid.dhs.org/advisory.php?v=132 Vendor Contact: plugins@wordpress.org Description: This is the best gallery for touch screens. It is fully touch enabled with great features. This gallery is compatible wiht […]

 

0

WordPress Floating Social Bar 1.1.5 Cross Site Scripting

# Exploit Title: Floating Social Bar 1.1.5 XSS # Date: 09-01-2015 # Software Link: https://wordpress.org/plugins/floating-social-bar/ # Exploit Author: Kacper Szurek # Contact: http://twitter.com/KacperSzurek # Website: http://security.szurek.pl/ # Category: webapps   1. Description   Everyone can access save_order().   File: floating-social-barclass-floating-social-bar.php   add_action( ‘wp_ajax_nopriv_fsb_save_order’, array( $this, ‘save_order’ ) );   $_REQUEST[‘items’] is not escaped.   http://security.szurek.pl/floating-social-bar-115-xss.html […]

 

0

WordPress Twenty Fifteen 4.2.1 Cross Site Scripting

Information ——————– Advisory by Netsparker. Name: DOM XSS Vulnerability in Twenty Fifteen WordPress Theme Affected Software : WordPress Affected Versions: 4.2.1 and probably below Vendor Homepage : https://wordpress.org/ and https://wordpress.org/themes/twentyfifteen/ Vulnerability Type : DOM based Cross-site Scripting Severity : Important CVE-ID: CVE-2015-3429 Netsparker Advisory Reference : NS-15-007   Description ——————– By exploiting a Cross-site scripting […]

 

0

WordPress PictoBrowser 0.3.1 CSRF / XSS

************************************************************************************** # Title: CSRF / Stored XSS Vulnerability in PictoBrowser Wordpress Plugin # Author: Manideep K # CVE-ID: CVE-2014-9392 # Plugin Homepage: https://wordpress.org/plugins/pictobrowser-gallery/ # Version Affected: 0.3.1 (probably lower versions) # Severity: High   # Description: Vulnerable Parameter: all text boxes, to name one – pictoBrowserFlickrUser Vulnerability Class: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29 Cross Site Scripting (https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS))   # […]

 

0

WordPress WP-SwimTeam 1.44.10777 Arbitrary File Download

Title: Remote file download vulnerability in Wordpress Plugin wp-swimteam v1.44.10777 Author: Larry W. Cashdollar, @_larry0 Date: 2015-07-02 Download Site: https://wordpress.org/plugins/wp-swimteam Vendor: Mike Walsh www.MichaelWalsh.org Vendor Notified: 2015-07-02, fixed in v1.45beta3 Vendor Contact: Through website Advisory: http://www.vapid.dhs.org/advisory.php?v=134 Description: Swim Team (aka wp-SwimTeam) is a comprehensive WordPress plugin to run a swim team including registration, volunteer assignments, […]

 

0

Joomla J2Store 3.1.6 SQL Injection

J2Store v3.1.6, a Joomla! extension that adds basic store functionality to a Joomla! instance, suffered from two unauthenticated boolean-blind and error-based SQL injection vulnerabilities. Since February 2015, J2Store has had about 16,000 downloads as of this writing.     The first vulnerability was in the sortby parameter within a request made while searching for products. […]

 

0

Joomla Simple Image Upload 1.0 Shell Upload

# Exploit Title: Joomla Simple Image Upload – Arbitrary File Upload # Google Dork: inurl:option=com_simpleimageupload # Date: 23.06.2015 # Exploit Author: CrashBandicot @DosPerl # Vendor Homepage: http://tuts4you.de/ # Software Link: http://tuts4you.de/96-development/156-simpleimageupload # Version: 1.0 # Tested on: MsWin32   # Vuln Same to Com_Media Vulnerability   # Live Request :   POST /index.php?option=com_simpleimageupload&view=upload&tmpl=component&e_name=desc HTTP/1.1   […]