Tags archives: sicurezza

 

0

Sony cancels premiere of The Interview after hacker terrorist threats

SONY PICTURES has cancelled the New York premiere of controversial film The Interview after hackers who breached the firm’s systems last month posted threats on text-sharing site Pastebin. Sony has also told cinema owners that they can cancel screenings of the comedy after the group responsible for the hack threatened theatres that chose to show [...]

 

0

Senator: Backdoor for the Feds is a backdoor for hackers

A US Senator is urging Congress to pass laws forbidding Uncle Sam’s spies from forcing software and hardware makers to build backdoors. In an op-ed posted in the LA Times, Sen. Ron Wyden (D-OR) said that there was no safe way to build backdoors into phones, tablets, computers and software without exposing them to hackers [...]

 

0

WordPress SPNbabble 1.4.1 CSRF / XSS

# Title: CSRF/XSS Vulnerability in SPNbabble WP Plugin # Author: Manideep K # CVE-ID: CVE-2014-9339 # Plugin Homepage: https://wordpress.org/plugins/spnbabble/ # Version Affected: 1.4.1 (probably lower versions) # Severity: High   # About Plugin: SPNbabble (http://spnbabble.sitepronews.com) allows users to create an account and post 140 character blogs with urls to send out messages to your followers. [...]

 

0

WordPress DandyID Services ID 1.5.9 CSRF / XSS

# Title: CSRF/XSS Vulnerability in DandyID Services WP Plugin # Author: Manideep K # CVE-ID: CVE-2014-9335 # Plugin Homepage: https://wordpress.org/plugins/dandyid-services/ # Version Affected: 1.5.9 (probably lower versions) # Severity: High   # About Plugin: DandyID is a free service that enables you to connect, manage, and share all of your online identities from a single [...]

 

0

WordPress twitterDash 2.1 CSRF / XSS

************************************************************************************** # Title: CSRF / Stored XSS Vulnerability in twitterDash Wordpress Plugin # Author: Manideep K # CVE-ID: CVE-2014-9368 # Plugin Homepage: https://wordpress.org/plugins/twitterdash/ # Version Affected: 2.1 (probably lower versions) # Severity: High   #About Plugin: twitterDash adds a field on the Dashboard. In this field you find the last(you can define how many) updates [...]

 

0

WordPress iTwitter WP 0.04 CSRF / XSS

# Title: CSRF/XSS Vulnerability in iTwitter WP Plugin # Author: Manideep K # CVE-ID: CVE-2014-9336 # Plugin Homepage: https://wordpress.org/plugins/itwitter/ # Version Affected: 0.04 (probably lower versions) # Severity: High   # Description: # Vulnerable Parameter: itex_t_twitter_username, itex_t_twitter_userpass etc # About Vulnerability: This plugin is vulnerable to a combination of CSRF/XSS attack meaning that if an [...]

 

0

WordPress Download Manager Unauthenticated File Upload

## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ##   require ‘msf/core’   class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking   include Msf::HTTP::Wordpress include Msf::Exploit::FileDropper   def initialize(info = {}) super(update_info( info, ‘Name’ => ‘Wordpress Download Manager (download-manager) Unauthenticated File Upload’, ‘Description’ => %q{ The WordPress download-manager plugin contains multiple unauthenticated file [...]

 

0

Vsftpd su Debian Wheezy

    Vsftpd (acronimo di Very Secure FTP Daemon) è quello che uso come servizio ftp, semplice, leggero, sicuro e veloce da configurare.   $ sudo apt-get install vsftpd   subito dopo mettere mano al file di configurazione:   $ sudo nano /etc/vsftp.conf   per una configurazione base i punti più importanti da de commentare […]

L’articolo Vsftpd su Debian Wheezy sembra essere il primo su EDMOND’S WEBLOG.

 

0

WordPress WP Symposium 14.11 Shell Upload

#!/usr/bin/python # # Exploit Name: Wordpress WP Symposium 14.11 Shell Upload Vulnerability # # # Vulnerability discovered by Claudio Viviani # # Exploit written by Claudio Viviani # # # 2014-11-27: Discovered vulnerability # 2014-12-01: Vendor Notification (Twitter) # 2014-12-02: Vendor Notification (Web Site) # 2014-12-04: Vendor Notification (E-mail) # 2014-12-11: No Response/Feedback # 2014-12-11: [...]

 

0

WordPress WP Construction Mode 1.91 XSS

Title: WordPress ‘WP Construction Mode’ plugin – XSS Version: 1.91 Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej Date: 2014/12/12 Download: https://wordpress.org/plugins/wp-construction-mode/ Contacted vendor: 2014/10/20 —————————————————————-   ## Plugin description: —————————————————————- Set entire website or specific page under construction or maintenance for all viewers except Admin     ## Reflected XSS: —————————————————————- the set_opt parameter is [...]