WordPress CP Multi View Event Calendar 1.01 SQL Injection

24 ottobre 2014 - Fonte: http://www.mondounix.com
######################
 
# Exploit Title : CP Multi View Event Calendar 1.01 SQL Injection Vulnerability
 
# Exploit Author : Claudio Viviani 
 
# Software Link : https://downloads.wordpress.org/plugin/cp-multi-view-calendar.zip
 
# Date : 2014-10-23
 
# Tested on : Windows 7 / Mozilla Firefox
              Windows 7 / sqlmap (0.8-1)
              Linux / Mozilla Firefox
              Linux / sqlmap 1.0-dev-5b2ded0
 
######################
 
 
# Description
 
CP Multi View Event Calendar 1.01 suffers from SQL injection vulnerability
 
calid variable is not sanitized.
 
######################
 
# PoC
 
http://localhost/?cpmvc_id=1&cpmvc_do_action=mvparse&f=datafeed&method=list&calid=1...

Leggi il seguito »

WordPress MaxButtons 1.26.0 Cross Site Scripting

16 ottobre 2014 - Fonte: http://www.mondounix.com
Advisory ID: HTB23237
Product: MaxButtons WordPress plugin
Vendor: Max Foundry
Vulnerable Version(s): 1.26.0 and probably prior
Tested Version: 1.26.0
Advisory Publication:  September 24, 2014  [without technical details]
Vendor Notification: September 24, 2014 
Vendor Patch: October 2, 2014 
Public Disclosure: October 15, 2014 
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-7181
Risk Level: Low 
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 
 
-----------------------------------------------------------------------------------------------
 
Advisory...

Leggi il seguito »

WordPress WP Google Maps 6.0.26 Cross Site Scripting

16 ottobre 2014 - Fonte: http://www.mondounix.com
Advisory ID: HTB23236
Product: WP Google Maps WordPress plugin
Vendor: WP Google Maps 
Vulnerable Version(s): 6.0.26 and probably prior
Tested Version: 6.0.26
Advisory Publication:  September 24, 2014  [without technical details]
Vendor Notification: September 24, 2014 
Vendor Patch: September 29, 2014 
Public Disclosure: October 15, 2014 
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-7182
Risk Level: Low 
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 
 
-----------------------------------------------------------------------------------------------
 
Advisory...

Leggi il seguito »

WordPress EWWW Image Optimizer 2.0.1 Cross Site Scripting

10 ottobre 2014 - Fonte: http://www.mondounix.com
Advisory ID: HTB23234
Product: EWWW Image Optimizer WordPress plugin
Vendor: Shane Bishop
Vulnerable Version(s): 2.0.1 and probably prior
Tested Version: 2.0.1
Advisory Publication:  September 17, 2014  [without technical details]
Vendor Notification: September 17, 2014 
Vendor Patch: September 24, 2014 
Public Disclosure: October 8, 2014 
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-6243
Risk Level: Low 
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 
 
-----------------------------------------------------------------------------------------------
 
Advisory...

Leggi il seguito »

WordPress Contact Form DB 2.8.13 Cross Site Scripting

10 ottobre 2014 - Fonte: http://www.mondounix.com
Advisory ID: HTB23233
Product: Contact Form DB WordPress plugin
Vendor: Michael Simpson
Vulnerable Version(s): 2.8.13 and probably prior
Tested Version: 2.8.13
Advisory Publication:  September 17, 2014  [without technical details]
Vendor Notification: September 17, 2014 
Vendor Patch: September 25, 2014 
Public Disclosure: October 8, 2014 
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-7139
Risk Level: Low 
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 
 
-----------------------------------------------------------------------------------------------
 
Advisory...

Leggi il seguito »

WordPress Google Calendar Events 2.0.1 Cross Site Scripting

10 ottobre 2014 - Fonte: http://www.mondounix.com
Advisory ID: HTB23235
Product: Google Calendar Events WordPress plugin
Vendor: Phil Derksen
Vulnerable Version(s): 2.0.1 and probably prior
Tested Version: 2.0.1
Advisory Publication:  September 17, 2014  [without technical details]
Vendor Notification: September 17, 2014 
Vendor Patch: October 7, 2014 
Public Disclosure: October 8, 2014 
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-7138
Risk Level: Low 
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 
 
-----------------------------------------------------------------------------------------------
 
Advisory...

Leggi il seguito »

WordPress InfusionSoft Upload

9 ottobre 2014 - Fonte: http://www.mondounix.com
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
require 'msf/core'
 
class Metasploit3 < Msf::Exploit::Remote
  Rank = ExcellentRanking
 
  include Msf::HTTP::Wordpress
  include Msf::Exploit::FileDropper
 
  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Wordpress InfusionSoft Upload Vulnerability',
      'Description'    => %q{
        This module exploits an arbitrary PHP code upload in the wordpress Infusionsoft Gravity
        Forms plugin, versions from 1.5.3 to 1.5.10. The vulnerability allows for arbitrary file
        upload and remote code execution.
      },
    ...

Leggi il seguito »

WordPress BulletProof Security 50.8 Script Insertion

6 ottobre 2014 - Fonte: http://www.mondounix.com
Document Title:
===============
BulletProof Security Wordpress v50.8 - POST Inject Vulnerability
 
 
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1326
 
 
Release Date:
=============
2014-09-30
 
 
Vulnerability Laboratory ID (VL-ID):
====================================
1326
 
 
Common Vulnerability Scoring System:
====================================
3.2
 
 
Product & Service Introduction:
===============================
The BulletProof Security Plugin allows you to create and activate .htaccess website security with one-click (figuratively) for 
your website without having to know anything about .htaccess files. The Master...

Leggi il seguito »

WordPress Content Audit 1.6 Blind SQL Injection

2 ottobre 2014 - Fonte: http://www.mondounix.com
Details
================
Software: Content Audit
Version: 1.6
Homepage: http://wordpress.org/plugins/content-audit/
Advisory report: https://security.dxw.com/advisories/blind-sqli-vulnerability-in-content-audit-could-allow-a-privileged-attacker-to-exfiltrate-password-hashes/
CVE: CVE-2014-5389
CVSS: 3.6 (Low; AV:N/AC:H/Au:S/C:P/I:N/A:P)
 
Description
================
Blind SQLi vulnerability in Content Audit could allow a privileged attacker to exfiltrate password hashes
 
Vulnerability
================
An attacker with an admin account is able to add arbitrary text in the “Audited content types” option by using a DOM inspector to modify the value of a checkbox field. This text is then inserted into an SQL query and...

Leggi il seguito »

WordPress Photo Gallery Cross-Site Scripting (XSS)

1 ottobre 2014 - Fonte: http://www.mondounix.com
Advisory ID: HTB23232
Product: Photo Gallery WordPress plugin
Vendor: http://web-dorado.com/
Vulnerable Version(s): 1.1.30 and probably prior
Tested Version: 1.1.30
Advisory Publication:  September 10, 2014  [without technical details]
Vendor Notification: September 10, 2014 
Vendor Patch: September 10, 2014 
Public Disclosure: October 1, 2014 
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-6315
Risk Level: Low 
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 
 
-----------------------------------------------------------------------------------------------
 
Advisory...

Leggi il seguito »