Tags archives: security

 

0

pfSense Arbitrary file deletion and multiple XSS

Advisory ID: HTB23251 Product: pfSense Vendor: Electric Sheep Fencing LLC Vulnerable Version(s): 2.2 and probably prior Tested Version: 2.2 Advisory Publication: March 4, 2015 [without technical details] Vendor Notification: March 4, 2015 Vendor Patch: March 5, 2015 Public Disclosure: March 25, 2015 Vulnerability Type: Cross-Site Scripting [CWE-79], Cross-Site Request Forgery [CWE-352] CVE References: CVE-2015-2294, CVE-2015-2295 [...]

 

0

GoAhead Web Server heap overflow and directory traversal

Affected software: GoAhead Web Server Affected versions: 3.0.0 – 3.4.1 (3.x.x series before 3.4.2) CVE ID: CVE-2014-9707 Description: The server incorrectly normalizes HTTP request URIs that contain path segments that start with a “.” but are not entirely equal to “.” or “..” (eg. “.x”). By sending a request with a URI that contains these [...]

 

0

Appweb Web Server remotely-triggerable DoS

Affected software: Appweb Web Server CVE ID: CVE-2014-9708   Description: An HTTP request with a Range header of the form “Range: x=,” (ie. with an empty range value) will cause a null pointer dereference, leading to a remotely-triggerable DoS.   Fixed versions: 4.6.6, 5.2.1 Bug entry: https://github.com/embedthis/appweb/issues/413 Fix: https://github.com/embedthis/appweb/commit/7e6a925f5e86a19a7934a94bbd6959101d0b84eb#diff-7ca4d62c70220e0e226e7beac90c95d9L17348 Reported by: Matthew Daley   – [...]

 

0

WordPress InBoundio Marketing Shell Upload

<?php ########################################### #—————————————–# #[ 0-DAY Aint DIE | No Priv8 | KedAns-Dz ]# #—————————————–# # *—————————-* # # K |….##…##..####…####….| . # # h |….#…#……..#..#…#…| A # # a |….#..#………#..#….#..| N # # l |….###……..##…#…..#.| S # # E |….#.#……….#..#….#..| e # # D |….#..#………#..#…#…| u # # . |….##..##…####…####….| r # # *—————————-* # [...]

 

0

WordPress MP3-Jplayer 2.1 Local File Disclosure

<?php ########################################### #—————————————–# #[ 0-DAY Aint DIE | No Priv8 | KedAns-Dz ]# #—————————————–# # *—————————-* # # K |….##…##..####…####….| . # # h |….#…#……..#..#…#…| A # # a |….#..#………#..#….#..| N # # l |….###……..##…#…..#.| S # # E |….#.#……….#..#….#..| e # # D |….#..#………#..#…#…| u # # . |….##..##…####…####….| r # # *—————————-* # [...]

 

0

WordPress AB Google Map Travel CSRF / XSS

=============================================================================== CSRF/Stored XSS Vulnerability in AB Google Map Travel (AB-MAP) Wordpress Plugin ===============================================================================   . contents:: Table Of Content   Overview ========   * Title :Stored XSS Vulnerability in AB Google Map Travel (AB-MAP) Wordpress Plugin * Author: Kaustubh G. Padwad * Plugin Homepage: https://wordpress.org/plugins/ab-google-map-travel/ * Severity: HIGH * Version Affected: Version 3.4 and mostly [...]

 

0

WordPress Ajax Search Pro Remote Code Execution

—————————————————————————— WordPress ajax-search-pro Plugin Remote Code Execution ——————————————————————————   [-] Plugin Link:   http://codecanyon.net/item/ajax-search-pro-for-wordpress-live-search-plugin/3357410   also affected: https://wordpress.org/plugins/ajax-search-lite/ https://wordpress.org/plugins/related-posts-lite/   [-] Vulnerability Description:   This vulnerability allows any registered user to execute arbitrary functions vulnerability code:   add_action(‘wp_ajax_wpdreams-ajaxinput’, “wpdreams_ajaxinputcallback”); if (!function_exists(“wpdreams_ajaxinputcallback”)) { function wpdreams_ajaxinputcallback() { $param = $_POST; echo call_user_func($_POST['wpdreams_callback'], $param); exit; } }   [...]

 

0

WordPress Reflex Gallery 3.1.3 Shell Upload

<?php   /* # Exploit Title: Wordpress Plugin Reflex Gallery – Arbitrary File Upload # TIPE: Arbitrary File Upload # Google DORK: inurl:”wp-content/plugins/reflex-gallery/” # Vendor: https://wordpress.org/plugins/reflex-gallery/ # Tested on: Linux # Version: 3.1.3 (Last) # EXECUTE: php exploit.php www.alvo.com.br shell.php # OUTPUT: Exploit_AFU.txt # POC http://i.imgur.com/mpjXaZ9.png # REF COD http://1337day.com/exploit/23369   ——————————————————————————– <form method = [...]

 

0

Adobe Flash Player PCRE Regex Logic Error

## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ##   require ‘msf/core’   class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking   CLASSID = ‘d27cdb6e-ae6d-11cf-96b8-444553540000′   include Msf::Exploit::Powershell include Msf::Exploit::Remote::BrowserExploitServer   def initialize(info={}) super(update_info(info, ‘Name’ => “Adobe Flash Player PCRE Regex Vulnerability”, ‘Description’ => %q{ This module exploits a vulnerability found in Adobe [...]

 

0

DNS Spider Multithreaded Bruteforcer 0.6

#!/usr/bin/env python2 # -*- coding: latin-1 -*- ###################################################### # ____ _ __ # # ___ __ __/ / /__ ___ ______ ______(_) /___ __ # # / _ / // / / (_-</ -_) __/ // / __/ / __/ // / # # /_//_/_,_/_/_/___/__/__/_,_/_/ /_/__/_, / # # /___/ team # # # # [...]