Tags archives: sicurezza

 

0

WordPress NEX-Forms 3.0 SQL Injection inurlbr

# AUTOR SCRIPT: Cleiton Pinheiro / Nick: googleINURL # Exploit name: MINI 3xplo1t-SqlMap – WordPress NEX-Forms 3.0 SQL Injection Vulnerability # Type: SQL Injection # Email: inurlbr@gmail.com # Blog: http://blog.inurl.com.br # Twitter: https://twitter.com/googleinurl # Fanpage: https://fb.com/InurlBrasil # Pastebin http://pastebin.com/u/Googleinurl # GIT: https://github.com/googleinurl # PSS: http://packetstormsecurity.com/user/googleinurl # YOUTUBE: http://youtube.com/c/INURLBrasil # PLUS: http://google.com/+INURLBrasil # Who Discovered http://www.homelab.it/index.php/2015/04/21/wordpress-nex-forms-sqli [...]

 

0

WordPress NEX-Forms 3.0 SQL Injection SQLMAP

######################   # Exploit Title : NEX-Forms 3.0 SQL Injection Vulnerability   # Exploit Author : Claudio Viviani   # Website Author: http://www.homelab.it http://archive-exploit.homelab.it/1 (Full HomelabIT Vulns Archive)     # Vendor Homepage : https://wordpress.org/plugins/nex-forms-express-wp-form-builder/   # Software Link : https://downloads.wordpress.org/plugin/nex-forms-express-wp-form-builder.3.0.zip   # Dork Google: inurl:nex-forms-express-wp-form-builder # index of nex-forms-express-wp-form-builder   # Date : 2015-03-29 [...]

 

0

WordPress plugins susceptible to dangerous exploits

More than a dozen WordPress plugins have been updated to patch vulnerabilities that allow attackers to inject potentially dangerous commands into the browsers of people visiting trusted websites. Administrators responsible for WordPress sites should make sure the fixes are installed as soon as possible. The cross-site scripting (XSS) vulnerabilities make it possible for hackers to [...]

 

0

Rilasciato Ubuntu 15.04 “Vivid Vervet”: passo a passo tutte le novità.

Perfetta tabella di marcia: Ubuntu ha rilasciato in data odierna la nuova versione del sistema operativo targato Canonical: Ubuntu 15.04 “Vivid Vervet”.
Come sappiamo Canonical ha già investito…

 

0

WordPress Add Link to Facebook Stored Cross Site Scripting

Title: Stored XSS Vulnerability in Add Link to Facebook Wordpress Plugin   Author: Rohit Kumar   Plugin Homepage: http://wordpress.org/extend/plugins/add-link-to-facebook/   Severity: Medium   Version Affected: Version 1.215 and mostly prior to it.   Version Tested: Version 1.215   Version Patched : 1.215   Description:   Vulnerable Parameter 1. App ID 2. App Secret 3. Custom [...]

 

0

WordPress WP Statistics 9.1.2 Cross Site Scripting

=========================================================== Stored XSS Vulnerability in WP Statistics Wordpress Plugin ===========================================================   . contents:: Table Of Content   Overview ========   * Title :Stored XSS Vulnerability in WP Statistics Wordpress Plugin * Author: Kaustubh G. Padwad * Plugin Homepage: https://wordpress.org/plugins/wp-statistics/ * Severity: Medium * Version Affected: 9.1.2 and mostly prior to it * Version Tested : [...]

 

0

WordPress MiwoFTP 1.0.5 CSRF Command Execution

WordPress MiwoFTP Plugin 1.0.5 CSRF Arbitrary File Creation Exploit (RCE)     Vendor: Miwisoft LLC Product web page: http://www.miwisoft.com Affected version: 1.0.5   Summary: MiwoFTP is a smart, fast and lightweight file manager plugin that operates from the back-end of WordPress.   Desc: MiwoFTP WP Plugin suffers from a cross-site request forgery remote code execution [...]

 

0

WordPress MiwoFTP 1.0.5 Cross Site Request Forgery

WordPress MiwoFTP Plugin 1.0.5 CSRF Arbitrary File Deletion Exploit     Vendor: Miwisoft LLC Product web page: http://www.miwisoft.com Affected version: 1.0.5   Summary: MiwoFTP is a smart, fast and lightweight file manager plugin that operates from the back-end of WordPress.   Desc: Input passed to the ‘selitems[]‘ parameter is not properly sanitised before being used [...]

 

0

WordPress Video Gallery 2.8 SQL Injection

######################   # Exploit Title : Wordpress Video Gallery 2.8 SQL Injection Vulnerabilitiey   # Exploit Author : Claudio Viviani   # Vendor Homepage : http://www.apptha.com/category/extension/Wordpress/Video-Gallery   # Software Link : https://downloads.wordpress.org/plugin/contus-video-gallery.2.8.zip   # Dork Google: inurl:/wp-admin/admin-ajax.php?action=googleadsense     # Date : 2015-04-04   # Tested on : Windows 7 / Mozilla Firefox Linux / [...]

 

0

WordPress N-Media Website Contact Form 1.3.4 Shell Upload

######################   # Exploit Title : Wordpress N-Media Website Contact Form with File Upload 1.3.4 Shell Upload Vulnerability   # Exploit Author : Claudio Viviani     # Software Link : https://downloads.wordpress.org/plugin/website-contact-form-with-file-upload.1.3.4.zip   # Date : 2015-04-1   # Dork Google: index of website-contact-form-with-file-upload index of /uploads/contact_files/   # Tested on : Linux BackBox 4.0 [...]