# Exploit Title : LibrettoCMS 2.2.2 Malicious File Upload
# Date : 14 June 2013
# Exploit Author : CWH Underground
# Site : www.2600.in.th
# Vendor Homepage : http://libretto.artwebonline.com/
# Software Link : http://jaist.dl.sourceforge.net/project/librettocms/librettoCMS_v.2.2.2.zip
# Version : 2.2.2
# Tested on : Window and Linux
,--^----------,--------,-----,-------^--,
| ||||||||| `--------' | O .. CWH Underground Hacking Team ..
`+---------------------------^----------|
`\_,-------, _________________________|
/ XXXXXX /`| /
/ XXXXXX / `\ /
/ XXXXXX /\______(
/ XXXXXX /
/ XXXXXX /
(________(
`------'
#####################################################
DESCRIPTION
#####################################################
LibrettoCMS...
Leggi il seguito »
Libretto CMS 2.2.2 Shell Upload
WordPress NextGEN Gallery 1.9.12 Shell Upload
15 giugno 2013 - Fonte: http://www.mondounix.com
##############################################################
- S21Sec Advisory -
##############################################################
Title: NextGEN Gallery 1.9.12 Arbitrary File Upload
ID: S21SEC-046-en
CVE ID: CVE-2013-3684
Severity: High
Status: Fixed
History: 27.May.2013 Vulnerability discovered
28.May.2013 Vendor informed
12.Jun.2013 Fix released
Authors: Marcos Agüero (maguero@s21sec.com)
URL: http://www.s21sec.com/images/labs/advisories/s21sec-046-en.txt
Release: Public
[ SUMMARY ]
NextGEN Gallery is a WordPress gallery plugin that offers sophisticated...
Leggi il seguito »
Installiamo il Plugin LibreOffice 4 per Firefox
30 maggio 2013 - Fonte: http://www.osside.net
LibreOffice 4 è finalmente sbarcato anche in Debian Testing (Jessie)
Molti avranno certamente notato l’opzione Mostra documenti all’interno del browser in Strumenti>Opzioni>Internet che non è certo una novità .
Ahimè però mettendoci il segno di spunta nessun plugin viene aggiunto al browser e i documenti in linea continuano ad essere aperti esternamente.
Il plugin che ci occorre è libnpsoplugin.so per Debian contenuto all’interno del pacchetto ...
Leggi il seguito »
WordPress User Role Editor 3.12 Cross Site Request Forgery
29 maggio 2013 - Fonte: http://www.mondounix.com
# Exploit Title: WP User Role Editor CSRF # Date: 19/5/13 # Exploit Author: Henry Hoggard # Author Website: http://henryhoggard.co.uk # Vendor Homepage:https://wordpress.org/support/plugin/user-role-editor # Software Link:https://wordpress.org/support/plugin/user-role-editor # Version: <=3.12 # Tested on: Debian # CVE : none yet Notified Dev: 16/05/13 Patch Released (3.14): 17/05/13 Description: This allows you to sign up with admin privileges if you make the admin visit your CSRF script. http://server/wordpress/wp-admin/users.php?page=user-role-editor.php&action=default&user_role=administrator...
Leggi il seguito »
Monitorare dispositivi NAS Buffalo TeraStation con Nagios
20 maggio 2013 - Fonte: http://nolabnoparty.com
Monitorare dispositivi NAS Buffalo TeraStation con Nagios NoLabNoPartY.com
Monitorare lo stato dello spazio utilizzato nei dispositivi NAS è un punto chiave per il mantenimento della funzionalità della rete. Ma cosa succede se il NAS utilizzato per il backup non ha spazio sufficiente? Il backup non viene eseguito...
Leggi il seguito »
WordPress IndiaNIC FAQS Manager 1.0 XSS / CSRF
25 marzo 2013 - Fonte: http://www.mondounix.com
<html> <!-- # Exploit Title: WordPress IndiaNIC FAQ 1.0 Plugin CSRF + XSS # Google Dork: inurl:wp-content/plugins/faqs-manager # Date: 21.03.2013 # Exploit Author: m3tamantra (http://m3tamantra.wordpress.com/blog) # Vendor Homepage: http://wordpress.org/extend/plugins/faqs-manager/ # Software Link: http://downloads.wordpress.org/plugin/faqs-manager.zip # Version: 1.0 # Tested on: Apache/2.2.16 (Debian) PHP 5.3.3-7+squeeze14 with Suhosin-Patch (cli) ############## # Description: ############## # IndiaNIC FAQ Settings Page is vulnerable for CSRF. # The Ask Question area (front-end) is vulnerable for XSS. It is possible to insert <script>alert(1)</script> in question parameter. # The Captcha value...
Leggi il seguito »
WordPress IndiaNIC FAQS Manager 1.0 SQL Injection
25 marzo 2013 - Fonte: http://www.mondounix.com
# Exploit Title: WordPress IndiaNIC FAQ 1.0 Plugin Blind SQL Injection # Google Dork: inurl:wp-content/plugins/faqs-manager # Date: 21.03.2013 # Exploit Author: m3tamantra (http://m3tamantra.wordpress.com/blog) # Vendor Homepage: http://wordpress.org/extend/plugins/faqs-manager/ # Software Link: http://downloads.wordpress.org/plugin/faqs-manager.zip # Version: 1.0 # Tested on: Apache/2.2.16 (Debian) PHP 5.3.3-7+squeeze14 with Suhosin-Patc= h (cli) ############## # Description: ############## # The "order" and "orderby" parameter is vulnerable for SQL Injection # Example URL: http://127.0.0.1:9001/wordpress/wp-admin/admin.php?page=3Din= ic_faq&orderby=3D<sqli> # PoC take some time to finish...
Leggi il seguito »
WordPress LeagueManager 3.8 SQL Injection
15 marzo 2013 - Fonte: http://www.mondounix.com
#!/usr/bin/ruby # # Exploit Title: WordPress LeagueManager Plugin v3.8 SQL Injection # Google Dork: inurl:"/wp-content/plugins/leaguemanager/" # Date: 13/03/13 # Exploit Author: Joshua Reynolds # Vendor Homepage: http://wordpress.org/extend/plugins/leaguemanager/ (No longer active) # Software Link: http://downloads.wordpress.org/plugin/leaguemanager.3.8.zip (No longer active) # Version: 3.8 # Tested on: BT5R1 - Ubuntu 10.04.2 LTS # CVE: CVE-2013-1852 #----------------------------------------------------------------------------------------- #Description: # #An SQL Injection vulnerability exists in the league_id parameter of a function call made #by the leaguemanager_export page. This request is processed within the leaguemanager.php: # #if...
Leggi il seguito »
Vulnerabilities in SWFUpload in multiple web applications: WordPress, Dotclear, InstantCMS, AionWeb and others
13 marzo 2013 - Fonte: http://www.mondounix.com
Hello list! Earlier I've wrote about Content Spoofing and Cross-Site Scripting vulnerabilities in SWFUpload (http://securityvulns.ru/docs29181.html). This is very popular flash-file, which is used at tens millions of web sites and in hundreds of web applications (only WordPress is used at more then 62 millions of web sites according to wordpress.com). Last year I've wrote about other XSS hole in SWFUpload and I mentioned that there are many web applications with vulnerable SWFUpload. All of them are vulnerable to these new vulnerabilities, except swfupload.swf bundled with WordPress since version 3.3.2. There are different names of files of SWFUpload: swfupload.swf, swfupload_f9.swf, swfupload_f8.swf, swfupload_f10.swf...
Leggi il seguito »
WordPress Events Manager 5.3.3 Cross Site Scripting
9 marzo 2013 - Fonte: http://www.mondounix.com
Advisory ID: HTB23139 Product: Events Manager WordPress plugin Vendor: Marcus Sykes Vulnerable Version(s): 5.3.3 and probably prior Tested Version: 5.3.3 Vendor Notification: January 16, 2013 Vendor Patch: January 17, 2013 Public Disclosure: March 6, 2013 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2013-1407 Risk Level: Medium CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) ----------------------------------------------------------------------------------------------- Advisory Details: High-Tech Bridge Security Research Lab discovered multiple...
Leggi il seguito »
