Tags archives: php

 

0

pfSense Arbitrary file deletion and multiple XSS

Advisory ID: HTB23251 Product: pfSense Vendor: Electric Sheep Fencing LLC Vulnerable Version(s): 2.2 and probably prior Tested Version: 2.2 Advisory Publication: March 4, 2015 [without technical details] Vendor Notification: March 4, 2015 Vendor Patch: March 5, 2015 Public Disclosure: March 25, 2015 Vulnerability Type: Cross-Site Scripting [CWE-79], Cross-Site Request Forgery [CWE-352] CVE References: CVE-2015-2294, CVE-2015-2295 [...]

 

0

GoAhead Web Server heap overflow and directory traversal

Affected software: GoAhead Web Server Affected versions: 3.0.0 – 3.4.1 (3.x.x series before 3.4.2) CVE ID: CVE-2014-9707 Description: The server incorrectly normalizes HTTP request URIs that contain path segments that start with a “.” but are not entirely equal to “.” or “..” (eg. “.x”). By sending a request with a URI that contains these [...]

 

0

Appweb Web Server remotely-triggerable DoS

Affected software: Appweb Web Server CVE ID: CVE-2014-9708   Description: An HTTP request with a Range header of the form “Range: x=,” (ie. with an empty range value) will cause a null pointer dereference, leading to a remotely-triggerable DoS.   Fixed versions: 4.6.6, 5.2.1 Bug entry: https://github.com/embedthis/appweb/issues/413 Fix: https://github.com/embedthis/appweb/commit/7e6a925f5e86a19a7934a94bbd6959101d0b84eb#diff-7ca4d62c70220e0e226e7beac90c95d9L17348 Reported by: Matthew Daley   – [...]

 

0

WordPress InBoundio Marketing Shell Upload

<?php ########################################### #—————————————–# #[ 0-DAY Aint DIE | No Priv8 | KedAns-Dz ]# #—————————————–# # *—————————-* # # K |….##…##..####…####….| . # # h |….#…#……..#..#…#…| A # # a |….#..#………#..#….#..| N # # l |….###……..##…#…..#.| S # # E |….#.#……….#..#….#..| e # # D |….#..#………#..#…#…| u # # . |….##..##…####…####….| r # # *—————————-* # [...]

 

0

WordPress MP3-Jplayer 2.1 Local File Disclosure

<?php ########################################### #—————————————–# #[ 0-DAY Aint DIE | No Priv8 | KedAns-Dz ]# #—————————————–# # *—————————-* # # K |….##…##..####…####….| . # # h |….#…#……..#..#…#…| A # # a |….#..#………#..#….#..| N # # l |….###……..##…#…..#.| S # # E |….#.#……….#..#….#..| e # # D |….#..#………#..#…#…| u # # . |….##..##…####…####….| r # # *—————————-* # [...]

 

0

WordPress AB Google Map Travel CSRF / XSS

=============================================================================== CSRF/Stored XSS Vulnerability in AB Google Map Travel (AB-MAP) Wordpress Plugin ===============================================================================   . contents:: Table Of Content   Overview ========   * Title :Stored XSS Vulnerability in AB Google Map Travel (AB-MAP) Wordpress Plugin * Author: Kaustubh G. Padwad * Plugin Homepage: https://wordpress.org/plugins/ab-google-map-travel/ * Severity: HIGH * Version Affected: Version 3.4 and mostly [...]

 

0

WordPress Ajax Search Pro Remote Code Execution

—————————————————————————— WordPress ajax-search-pro Plugin Remote Code Execution ——————————————————————————   [-] Plugin Link:   http://codecanyon.net/item/ajax-search-pro-for-wordpress-live-search-plugin/3357410   also affected: https://wordpress.org/plugins/ajax-search-lite/ https://wordpress.org/plugins/related-posts-lite/   [-] Vulnerability Description:   This vulnerability allows any registered user to execute arbitrary functions vulnerability code:   add_action(‘wp_ajax_wpdreams-ajaxinput’, “wpdreams_ajaxinputcallback”); if (!function_exists(“wpdreams_ajaxinputcallback”)) { function wpdreams_ajaxinputcallback() { $param = $_POST; echo call_user_func($_POST['wpdreams_callback'], $param); exit; } }   [...]

 

0

WordPress Reflex Gallery 3.1.3 Shell Upload

<?php   /* # Exploit Title: Wordpress Plugin Reflex Gallery – Arbitrary File Upload # TIPE: Arbitrary File Upload # Google DORK: inurl:”wp-content/plugins/reflex-gallery/” # Vendor: https://wordpress.org/plugins/reflex-gallery/ # Tested on: Linux # Version: 3.1.3 (Last) # EXECUTE: php exploit.php www.alvo.com.br shell.php # OUTPUT: Exploit_AFU.txt # POC http://i.imgur.com/mpjXaZ9.png # REF COD http://1337day.com/exploit/23369   ——————————————————————————– <form method = [...]

 

0

WordPress Daily Edition Theme 1.6.2 Cross Site Scripting

*WordPress Daily Edition Theme v1.6.2 XSS (Cross-site Scripting) Security Vulnerabilities* Exploit Title: WordPress Daily Edition Theme /fiche-disque.php id Parameters XSS Security Vulnerabilities Product: WordPress Daily Edition Theme Vendor: WooThemes Vulnerable Versions: v1.6.* v1.5.* v1.4.* v1.3.* v1.2.* v1.1.* v.1.0.* Tested Version: v1.6.2 Advisory Publication: March 10, 2015 Latest Update: March 10, 2015 Vulnerability Type: Cross-Site Scripting [...]

 

0

WordPress Huge IT Slider 2.6.8 SQL Injection

Advisory ID: HTB23250 Product: Huge IT Slider WordPress Plugin Vendor: Huge-IT Vulnerable Version(s): 2.6.8 and probably prior Tested Version: 2.6.8 Advisory Publication: February 19, 2015 [without technical details] Vendor Notification: February 19, 2015 Vendor Patch: March 11, 2015 Public Disclosure: March 12, 2015 Vulnerability Type: SQL Injection [CWE-89] CVE Reference: CVE-2015-2062 Risk Level: Medium CVSSv2 [...]