Tags archives: unix

 

0

TP-LINK WDR4300 – Stored XSS & DoS

Advisory Information ===============   Vendors Contacted: TP-LINK Vendor Patched: Yes, Firmware 140916 System Affected: N750 Wireless Dual Band Gigabit Router (TL-WDR4300), might affect others. Versions Affected: 130617 , possibly earlier CVE Numbers Assigned: CVE-2014-4727, CVE-2014-4728     Vulnerabilities Description ===================   # Stored XSS –   It is possible inject javascript code via DHCP hostname [...]

 

0

M/Monit 3.2.2 Cross Site Request Forgery

Application: M/Monit 3.2.2 Author: Dolev Farhi @dolevff Date: 13.9.2014 Relevant CVEs: CVE-2014-6409, CVE-2014-6607 Vulnerable version: <= 3.2.2       M/Monit is an Easy, proactive monitoring of Unix systems, network and cloud services.   1. Vulnerability Description: Account hijack via cross-site request forgery (CVE-2014-6409, CVE-2014-6607) It was found that M/Monit latest version is vulnerable to [...]

 

0

WordPress WooCommerce Reflected XSS

Details ================ Software: WooCommerce – excelling eCommerce Version: 2.1.12 Homepage: http://wordpress.org/plugins/woocommerce/ Advisory report: https://security.dxw.com/advisories/reflected-xss-in-woocommerce-excelling-ecommerce-allows-attackers-ability-to-do-almost-anything-an-admin-user-can-do/ CVE: Awaiting assignment CVSS: 6.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:P)   Description ================ Reflected XSS in WooCommerce – excelling eCommerce allows attackers ability to do almost anything an admin user can do   Vulnerability ================ An attacker able to convince a logged-in admin user [...]

 

0

WatchGuard XTM 11.8.3 Reflected XSS (CVE-2014-6413)

I. VULNERABILITY   Reflected XSS Attacks vulnerabilities in WatchGuard XTM 11.8.3   II. BACKGROUND ————————- WatchGuard builds affordable, all-in-one network and content security solutions to provide defense in depth for corporate content, networks and the businesses they power.   III. DESCRIPTION ————————- Has been detected a Reflected XSS vulnerability in XTM WatchGuard. The code injection [...]

 

0

MODX Revolution Reflected Cross-Site Scripting (XSS)

Advisory ID: HTB23229 Product: MODX Revolution Vendor: MODX Vulnerable Version(s): 2.3.1-pl and probably prior Tested Version: 2.3.1-pl Advisory Publication: August 20, 2014 [without technical details] Vendor Notification: August 20, 2014 Vendor Patch: September 11, 2014 Public Disclosure: September 17, 2014 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-5451 Risk Level: Low CVSSv2 Base Score: 2.6 [...]

 

0

WordPress WP-Ban 1.62 Bypass

Details ================ Software: WP-Ban Version: 1.62 Homepage: http://wordpress.org/plugins/wp-ban/ Advisory report: https://security.dxw.com/advisories/vulnerability-in-wp-ban-allows-visitors-to-bypass-the-ip-blacklist-in-some-configurations/ CVE: CVE-2014-6230 CVSS: 5 (Medium; AV:N/AC:L/Au:N/C:P/I:N/A:N)   Description ================ Vulnerability in WP-Ban allows visitors to bypass the IP blacklist in some configurations   Vulnerability ================ This plugin allows blacklisting users based on their IP address, however it takes the IP address from the X-Forwarded-For [...]

 

 

0

DVWA Cross Site Request Forgery

<!– There are multiple CSRF issues in DVWA. Attackers can use these CSRF exploits to first reset the DVWA database of victim, then make the victim log in using the default resets, next crafts another CSRF to change the challenge level to low to make exploitation more probable, then use these to craft a command [...]

 

0

HttpFileServer 2.3.x Remote Command Execution

ffected software: http://sourceforge.net/projects/hfs/ Version : 2.3x # Exploit Title: HttpFileServer 2.3.x Remote Command Execution # Google Dork: intext:”httpfileserver 2.3″ # Date: 11-09-2014 # Remote: Yes # Exploit Author: Daniele Linguaglossa # Vendor Homepage: http://rejetto.com/ # Software Link: http://sourceforge.net/projects/hfs/ # Version: 2.3.x # Tested on: Windows Server 2008 , Windows 8, Windows 7 # CVE : [...]

 

0

WordPress Slideshow Gallery 1.4.6 Shell Upload

#!/usr/bin/env python # # WordPress Slideshow Gallery 1.4.6 Shell Upload Exploit # # WordPress Slideshow Gallery plugin version 1.4.6 suffers from a remote shell upload vulnerability (CVE-2014-5460) # # Vulnerability discovered by: Jesus Ramirez Pichardo – http://whitexploit.blogspot.mx/ # # Exploit written by: Claudio Viviani – info@homelab.it – http://www.homelab.it # # # Disclaimer: # # This [...]