WordPress WP Photo Album Plus 6.1.2 Cross Site Scripting

19 giugno 2015 - Fonte: http://www.mondounix.com
Advisory ID: HTB23257
Product: WP Photo Album Plus WordPress Plugin
Vendor: J.N. Breetvelt
Vulnerable Version(s): 6.1.2 and probably prior
Tested Version: 6.1.2
Advisory Publication:  April 29, 2015  [without technical details]
Vendor Notification: April 29, 2015 
Vendor Patch: April 29, 2015 
Public Disclosure: May 20, 2015 
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2015-3647
Risk Level: Medium 
CVSSv2 Base Score: 5 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 
 
-----------------------------------------------------------------------------------------------
 
Advisory Details:
 
High-Tech...

Leggi il seguito »

WordPress Encrypted Contact Form 1.0.4 CSRF / XSS

19 giugno 2015 - Fonte: http://www.mondounix.com
# Title: Cross-site Request Forgery & Cross-site Scripting in Encrypted
Contact Form Wordpress Plugin v1.0.4
# Submitter: Nitin Venkatesh
# Product: Encrypted Contact Form Wordpress Plugin
# Product URL: https://wordpress.org/plugins/encrypted-contact-form/
# Vulnerability Type: Cross-site Request Forgery [CWE-352], Cross-site
scripting[CWE-79]
# Affected Versions: v1.0.4 and possibly below.
# Tested versions: v1.0.4
# Fixed Version: v1.1
# Link to code diff: https://plugins.trac.wordpress.org/changeset/1125443/
# Changelog: https://wordpress.org/plugins/encrypted-contact-form/changelog/
# CVE Status: None/Unassigned/Fresh
 
## Product Information:
 
Secure contact form for WordPress. Uses end-to-end encryption to...

Leggi il seguito »

WordPress Media File Manager Advanced 1.1.5 XSS / SQL Injection

19 giugno 2015 - Fonte: http://www.mondounix.com
Description
 
"media-file-manager-advanced" suffers from executing administrator actions by any authenticated user due to weak permissions checking.
An attacker can delete/update posts, Creating/Removing/Listing Directories, Moving/Renaming/Deleting Files, Blind SQL Injection and Cross-SiteScripting.
 
Homepage
 
https://wordpress.org/plugins/media-file-manager-advanced/
 
Affected Version
 
<= 1.1.5
 
Description
 
Vulnerability Scope
 
LFD,SQL,XSS,Site Ruining and Changing of Content.
 
Authorization Required
 
User
 
Proof of Concept
 
 
Post Delete
http://domain.tld/wp-admin/admin-ajax.php?action=mfma_relocator_delete
post: id=17
 
MKDIR
http://domain.tld/wp-admin/admin-ajax.php?action=mfma_relocator_mkdir
newdir=EVEXFOLDER
 
folder...

Leggi il seguito »

WordPress Booking Calendar Contact Form 1.0.2 XSS / SQL Injection

19 giugno 2015 - Fonte: http://www.mondounix.com
# Exploit Title: WordPress Booking Calendar Contact Form 1.0.2[Multiple vulnerabilities]
# Date: 2015-05-01
# Google Dork: Index of /wordpress/wp-content/plugins/booking-calendar-contact-form/
# Exploit Author: Joaquin Ramirez Martinez [ i0akiN SEC-LABORATORY ]
# Software Link: http://wordpress.dwbooster.com/calendars/booking-calendar-contact-form
# Vendor: CodePeople.net
# Vebdor URI: http://codepeople.net
# Version: 1.0.2
# OWASP Top10: A1-Injection
# Tested on: windows 7 ultimate + firefox + sqlmap 0.9.

============================================
* Authenticated SQL injection
============================================

========================
Description
========================

In a site that...

Leggi il seguito »

WordPress Yet Another Related Posts 4.2.4 CSRF / XSS / Code Execution

19 giugno 2015 - Fonte: http://www.mondounix.com
Homepage
https://wordpress.org/plugins/yet-another-related-posts-plugin/
Affected Versions <= 4.2.4 Description 'Yet Another Related Posts Plugin'
options can be updated with no token/nonce protection which an attacker may
exploit via tricking website's administrator to enter a malformed page
which will change YARPP options, and since some options allow html the
attacker is able to inject malformed javascript code which can lead to *code
execution/administrator actions* when the injected code is triggered by an
admin user.
injected javascript code is triggered on any post page. Vulnerability Scope
XSS
RCE ( http://research.evex.pw/?vuln=14 ) Authorization Required None Proof
of Concept
 
<body onload="document.getElementById('payload_form').submit()"...

Leggi il seguito »

WordPress Ad Buttons 2.3.1 CSRF / Cross Site Scripting

19 giugno 2015 - Fonte: http://www.mondounix.com
================================================================
CSRF/Stored XSS Vulnerability in Ad Buttons Plugin 
================================================================
 
. contents:: Table Of Content
 
Overview
========
 
* Title :CSRF and Stored XSS Vulnerability in Ad Buttons Wordpress Plugin 
* Author: Kaustubh G. Padwad
* Plugin Homepage: https://wordpress.org/plugins/ad-buttons/
* Severity: HIGH
* Version Affected: Version 2.3.1 and mostly prior to it
* Version Tested : Version 2.3.1
* version patched:
 
Description 
===========
 
Vulnerable Parameter 
--------------------
 
* Your Ad Here' url 
 
About Vulnerability
-------------------
This plugin is vulnerable to a combination...

Leggi il seguito »

WordPress Roomcloud 1.1 Cross Site Scripting

19 giugno 2015 - Fonte: http://www.mondounix.com
## Details
 
# Title: Unsanitized parameters in Wordpress Roomcloud plugin v1.1(rev @1115307) allows Cross-site Scripting
# Submitter: Nitin Venkatesh <venkatesh [dot] nitin [at] gmail [dot] com>
# Product: Wordpress Roomcloud plugin
# Product URL: https://wordpress.org/plugins/roomcloud
# Vulnerability Type: Cross-site Scripting [CWE-79]
# Affected Versions: Tested on v1.1 (revision @1115307)
# Fixed Version: v1.1 (revision @1117499)
# Link to source code diff: https://plugins.trac.wordpress.org/changeset/1117499
# CVE Status: None/Unassigned/Fresh
 
## Product Information
 
A Plugin to add roomcloud booking form to hotel website using [roomcloud] shortcode
 
Use Roomcloud plugin to embed our Booking Engine...

Leggi il seguito »

WordPress Users To CSV 1.4.5 Cross Site Request Forgery

18 giugno 2015 - Fonte: http://www.mondounix.com
# Title: Cross-Site Request Forgery Vulnerability in Users to CSV Wordpress Plugin v1.4.5
# Submitter: Nitin Venkatesh
# Product: Users to CSV Wordpress Plugin
# Product URL: https://wordpress.org/plugins/users-to-csv/ (disabled)
# Plugin SVN URL: https://plugins.svn.wordpress.org/users-to-csv/ (active)
# Vulnerability Type: Cross-site Request Forgery [CWE-352]
# Affected Versions: v1.4.5 and possibly below.
# Tested versions: v1.4.5
# Fixed Version: None. Support for the plugin has been deceased.
# CVE Status: None/Unassigned/Fresh
 
## Product Information:
 
This plugin adds an admin screen under "Users", giving two options:
exporting the current users to a csv file and exporting the unique commenters on your...

Leggi il seguito »

Rilasciato Linux Mint 17.2 Rafaela RC

17 giugno 2015 - Fonte: http://www.chimerarevo.com

Il team Linux Mint ha rilasciato nella giornata odierna la prima versione preliminare della prossima versione della sua distro Ubuntu-based.

E’ infatti disponibile da oggi Linux Mint 17.2 Rafaela Release Candidate, pre-release del rilascio semestrale della distribuzione, ancora basato su Ubuntu 14.04.2 LTS.

Spazio di lavoro 1_001

Brevemente vi illustro...

Leggi il seguito »

Linux Mint: arriva la RC 17.2 Rafaela

17 giugno 2015 - Fonte: http://www.lffl.org/
E' disponibile la Release Candidate di Linux Mint 17.2 Cinnamon e MATE, ecco le principali novità e download.
Linux Mint 17.2 CinnamonI developer Linux Mint hanno rilasciato la release candidate della futura versione 17.2 Rafaela, che include tutte le novità che troveremo nella futura versione stabile. Basata su Ubuntu 14.04 Trusty LTS, Linux Mint 17.2 Rafaela RC include le ultime novità / aggiornamenti...

Leggi il seguito »