22 maggio 2013 - Fonte: http://www.mondounix.com
Author: Janek Vind "waraxe"
Date: 22. May 2013
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-105.html
Description of vulnerable software:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Spider Catalog is the best WordPress catalog plugin. It is a convenient tool
for organizing the products represented on your website into catalogs. Each
product on the catalog is assigned with a relevant category, which makes it
easier for the customers to search and identify the needed products within the
catalog.
http://wordpress.org/extend/plugins/catalog/
http://web-dorado.com/products/wordpress-catalog.html
Vulnerable is current version 1.4.6, older versions...
Leggi il seguito »
Inserito in 0day, cross site scripting, exploit, FULL PATH DISCLOSURE, function, linux, MondoUnix, multiple, PHP, REFLECTED XSS, remote, Security, Sicurezza, SPIDER CATALOG, sql injection, SQL-I, STORED XSS, unix, Vulnerabilities, Vulnerability, webapps, wordpress, WORDPRESS SECURITY, XSS
22 maggio 2013 - Fonte: http://www.mondounix.com
Author: Janek Vind "waraxe"
Date: 22. May 2013
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-104.html
Description of vulnerable software:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Spider Event Calendar is a highly configurable plugin which allows you
to have multiple organized events in a calendar. This plugin is one of
the best WordPress Calendar available in WordPress Directory. If you
have problem with organizing your WordPress Calendar events and displaying
them in a calendar format, then Spider WordPress Calendar Plugin is the
best solution.
http://wordpress.org/extend/plugins/spider-event-calendar/
http://web-dorado.com/products/wordpress-calendar.html
Vulnerable...
Leggi il seguito »
Inserito in 0day, cross site scripting, exploit, FULL PATH DISCLOSURE, function, linux, MondoUnix, multiple, PHP, REFLECTED XSS, remote, Security, Sicurezza, SPIDER EVENT CALENDAR, sql injection, SQL-I, STORED XSS, unix, Vulnerabilities, Vulnerability, webapps, wordpress, WORDPRESS SECURITY, XSS
16 maggio 2013 - Fonte: http://www.mondounix.com
Wordpress Newsletter Plugin 3.2.6 (alert) Reflected XSS Vulnerability
Vendor: Stefano Lissa
Product web page: http://wordpress.org/extend/plugins/newsletter/
Affected version: 3.2.6 and bellow
Summary: Newsletter is the perfect WordPress plugin for creating
real newsletters and mail marketing system on your WordPress blog.
Desc: The plugin suffers from a XSS issue due to a failure to properly
sanitize user-supplied input to the 'alert' GET parameter in the 'page.php'
script. Attackers can exploit this weakness to execute arbitrary HTML
and script code in a user's browser session.
=======================================================================
/subscription/page.php:
-----------------------
70:...
Leggi il seguito »
Inserito in 0day, cross site scripting, exploit, linux, MondoUnix, Newsletter, PHP, Plugin, remote, Security, Sicurezza, unix, Vulnerabilities, Vulnerability, webapps, wordpress, WORDPRESS SECURITY, XSS
16 maggio 2013 - Fonte: http://www.mondounix.com
# Exploit Title: Joomla com_jnews Open Flash-Chart XSS
# Release Date: 14/05/2013
# Author: Deepankar Arora And Rafay Baloch
# Blog: http://rafayhackingarticles.net
# Vendor: www.joobi.co
# Versions Affected: 8.0.1(latest) and earlier
# Google Dork: inurl:com_jnews
Description:
The vulnerability with Open-Flash Chart is a known vulnerability, however
it is integrated with com_jnews, The get-data parameter is not sanitized.
Therefore it results in a flash based cross-site scripting.
The vulnerable code is as follows:
var _local2 = open_flash_chart_data ";
if (this.chart_parameters ["get-data"]) {
_local2 = this.chart_parameters ["get-Data"];
...
Leggi il seguito »
Inserito in 0day, Components, cross site scripting, exploit, JNEWS, joomla, linux, MondoUnix, PHP, remote, Security, Sicurezza, unix, Vulnerabilities, Vulnerability, webapps, XSS
14 maggio 2013 - Fonte: http://www.mondounix.com
# Exploit Title: Joomla com_phocagallery Plupload Flash XSS
# Release Date: 13/05/2013
# Author: Rafay Baloch And Deepankar Arora
# Contact: http://rafayhackingarticles.net
# Vendor: phoca.cz
# Versions Affected: 3.0.0 - 4.0.0
# Google Dork: inurl:com_phocagallery
Description:
The vulnerability with plupload with a known vulnerability, however
com_phocagallery uses it, The id parameter is not sanitized. Therefore it
results in a flash based xss.
The vulnerable code is as follows:
this.id = this.stage.loaderInfo.parameters["id"];
As you can see that there is not type of filtering being performed at the
id parameter.
POC:
http://localhost/joomla/components/com_phocagallery/assets/plupload/plupload.flash.swf?id=0\%22))}catch(e){if(!window.x){window.x=1;alert(2)}}//
Fix:
Sanitize...
Leggi il seguito »
Inserito in 0day, Components, cross site scripting, exploit, joomla, linux, MondoUnix, PHOCAGALLERY, PHP, remote, Security, Sicurezza, unix, Vulnerabilities, Vulnerability, webapps, XSS
14 maggio 2013 - Fonte: http://www.mondounix.com
-------------------------
Affected products:
-------------------------
Vulnerable are Search and Share 0.9.3 and previous versions.
-------------------------
Affected vendors:
-------------------------
Latent Motion
http://www.latentmotion.com
----------
Details:
----------
Cross-Site Scripting (WASC-08):
XSS via id parameter and XSS via copying payload into clipboard.
http://site/wp-content/plugins/search-and-share/js/ZeroClipboard.swf?id=\%22))}catch(e){}if(!self.a)self.a=!alert(document.cookie)//&width&height
Full path disclosure (WASC-13):
http://site/wp-content/plugins/search-and-share/SearchAndShare.php
http://site/wp-content/plugins/search-and-share/error_log...
Leggi il seguito »
Inserito in 0day, cross site scripting, exploit, linux, MondoUnix, PHP, Plugin, remote, SEARCH AND SHARE, Security, Sicurezza, unix, Vulnerabilities, Vulnerability, webapps, wordpress, WORDPRESS SECURITY, XSS
14 maggio 2013 - Fonte: http://www.mondounix.com
Wordpress Securimage-WP Plugin v3.2.4 URI-based XSS Vulnerability
Vendor: Securimage PHP CAPTCHA
Product web page: https://wordpress.org/extend/plugins/securimage-wp/
Affected version: 3.2.4
Summary: Securimage-WP adds powerful CAPTCHA protection to
comment forms on posts and pages to help prevent comment
spam from getting onto your site.
Desc: Securimage-WP suffers from a XSS issue in 'siwp_test.php'
that uses the 'PHP_SELF' variable. The vulnerability is
present because there isn't any filtering to the mentioned
variable in the affected script. Attackers can exploit this
weakness to execute arbitrary HTML and script code in a user's
browser session.
Tested on: Microsoft Windows 7 Ultimate SP1...
Leggi il seguito »
Inserito in 0day, cross site scripting, exploit, linux, MondoUnix, PHP, Plugin, remote, securimage, Security, Sicurezza, unix, Vulnerabilities, Vulnerability, webapps, wordpress, WORDPRESS SECURITY, XSS
12 maggio 2013 - Fonte: http://www.mondounix.com
Advisory ID: DRUPAL-SA-CONTRIB-2013-037
Project: Rules (third-party module)
Version: 7.x
Date: 2013-March-27
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting
Description
The Rules module allows site administrators to define conditionally executed actions based on occurring events (known as reactive or ECA rules). It's a replacement with more features for the trigger module in core.
The module contains a persistent cross site scripting (XSS) vulnerability due to the fact that it fails to sanitize rule tags before display.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission...
Leggi il seguito »
Inserito in 0day, cross site scripting, drupal, exploit, linux, MondoUnix, PHP, remote, rules, Security, Sicurezza, unix, Vulnerabilities, Vulnerability, webapps, XSS
12 maggio 2013 - Fonte: http://www.mondounix.com
Advisory ID: DRUPAL-SA-CONTRIB-2013-043
Project: MP3 Player (third-party module)
Version: 6.x
Date: 2013-April-17
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting
Description
This module enables you to easily enable a Flash MP3 Player on a CCK FileField.
The module doesn't sufficiently filter user-supplied text from mp3 filenames.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission to create a node with an mp3 filefield with the MP3 player set as the display widget.
CVE identifier(s) issued
CVE-2013-1971
Versions affected
All MP3 Player versions.
Drupal...
Leggi il seguito »
Inserito in 0day, cross site scripting, drupal, exploit, linux, MondoUnix, MP3 Player, PHP, remote, Security, Sicurezza, unix, Vulnerabilities, Vulnerability, webapps, XSS
12 maggio 2013 - Fonte: http://www.mondounix.com
Advisory ID: DRUPAL-SA-CONTRIB-2013-046
Project: Filebrowser (third-party module)
Version: 6.x
Date: 2013-May-1
Security risk: Highly critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting
Description
Filebrowser module allows site administrators to expose a particular file system folder and all of its subfolders with an FTP-like interface to site visitors.
The module doesn't sufficiently sanitize user input when presenting lists of files.
Because the vulnerability is Reflected Cross Site Scripting, the only mitigating factor is that an authenticated user must be tricked into visiting a specially crafted malicious url.
CVE identifier(s) issued
...
Leggi il seguito »
Inserito in 0day, cross site scripting, drupal, exploit, FileBrowser, linux, MondoUnix, PHP, REFLECTED CROSS SITE SCRIPTING, remote, Security, Sicurezza, unix, Vulnerabilities, Vulnerability, webapps, XSS
