Wordpress Feed Statistics Plugin V 1.4.3 feed-statistics.php 重定向漏洞

0x01 漏洞简述 URL 重定向也就是 URL跳转，攻击者可以构造URL将用户的访问重定向到指定页面。 Wordpress Feed Statistics Plugin V 1.4.3 feed-statistics.php 文件中存在重定向漏洞，攻击者通过构造url的base64编码，可以将用户的访问重定向到指定页面。 公开时间：2016-01-09 Google Dork : "inurl:wp-content/plugins/wordpress-feed-statistics/feed-statistics.php?url=" 0x02 漏洞细节 漏洞页面：...

Joomla Shape 5 MP3 Player 2.0 Local File Disclosure

. | | / | | \ \ | | \ / | |\ / / /\ \ / \ | Y / ^ / / || / / / / /\ /\ \ \ \ | / \ / / \ | \ \ / // / \ / / / / Joomla = Shape 5 MP3 Player 2.0 Local File Disclosure Exploit My + Author : KnocKout Contact : [email protected] Skype : [email protected] HomePage : http://milw00rm.com...

SMF (Simple Machine Forum) 2.0.10 Remote Memory Exfiltration

!/usr/bin/python -- coding: iso-8859-15 -- Title: SMF Simple Machine Forum Filippo Roncari Truel Lab http://lab.truel.it Requirements: SMF = 2.0.10 PHP = 5.6.11 / 5.5.27 / 5.4.43 Advisories: TL-2015-PHP04 http://lab.truel.it/d/advisories/TL-2015-PHP04.txt TL-2015-PHP06...

SMF (Simple Machine Forum) 2.0.10 - Remote Memory Exfiltration

!/usr/bin/python -- coding: iso-8859-15 -- Title: SMF Simple Machine Forum Filippo Roncari Truel Lab http://lab.truel.it Requirements: SMF = 2.0.10 PHP = 5.6.11 / 5.5.27 / 5.4.43 Advisories: TL-2015-PHP04 http://lab.truel.it/d/advisories/TL-2015-PHP04.txt TL-2015-PHP06...

CVE-2015-5956

The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting XSS attacks via a base64 encoded data URI, as demonstrated by the 1 returnUrl parameter to showrechis.php and...

CVE-2015-6737

Cross-site scripting XSS vulnerability in the Widgets extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors involving base64 encoded content...

Magento eCommerce - Remote Code Execution

Exploit Title : Magento Shoplift exploit SUPEE-5344 Author : Manish Kishan Tanwar AKA error1046 Date : 25/08/2015 Love to : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,Jagriti,Kishan Singh and ritu rathi Debugged At : Indishell Laboriginally developed by joren //////////////////////// ///...

[CORE-2015-0011] - AirLink101 SkyIPCam1620W OS Command Injection

Advisory Information Title: AirLink101 SkyIPCam1620W OS Command Injection Advisory ID: CORE-2015-0011 Advisory URL: http://www.coresecurity.com/advisories/airlink101-skyipcam1620w-os-command-injection Date published: 2015-07-08 Date of last update: 2015-07-08 Vendors contacted: AirLink101...

AirLink101 SkyIPCam1620W - OS Command Injection

AirLink101 SkyIPCam1620W - OS Command Injection 1. Advisory Information Title: AirLink101 SkyIPCam1620W OS Command Injection Advisory ID: CORE-2015-0011 Advisory URL: http://www.coresecurity.com/advisories/airlink101-skyipcam1620w-os-command-injection Date published: 2015-07-08 Date of last updat...

AirLink101 SkyIPCam1620W OS Command Injection

Advisory Information Title: AirLink101 SkyIPCam1620W OS Command Injection Advisory ID: CORE-2015-0011 Advisory URL: http://www.coresecurity.com/advisories/airlink101-skyipcam1620w-os-command-injection Date published: 2015-07-08 Date of last update: 2015-07-08 Vendors contacted: AirLink101...

Websense Data Security Cross Site Scripting

------------------------------------------------------------------------ Cross-Site Scripting vulnerability in Websense Data Security block page ------------------------------------------------------------------------ Han Sahin, September 2014...

Dridex Banking Trojan Spreading Via Macros in XML Files

Not long ago, criminals pushing the Dridex banking Trojan were using Microsoft Excel documents spiked with a malicious macro as a phishing lure to entice victims to load the malware onto their machines. Even though macros are disabled by default inside most organizations, the persistent hackers a...

Fedora 20 : sudo-1.8.12-1.fc20 (2015-2247)

update to 1.8.12 - fixes CVE-2014-9680 Update to 1.8.11p2 Major upstream changes & fixes : - when running a command in the background, sudo will now forward SIGINFO to the command - the passwords in ldap.conf and ldap.secret may now be encoded in base64. - SELinux role changes are now audited...

Scientific Linux Security Update : ruby on SL7.x x86_64 (20141126)

Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. CVE-2014-8080, CVE-2014-8090 A stack-based buffer overflow was found in the...

ruby, rubygem, rubygems security update

CentOS Errata and Security Advisory CESA-2014:1912 Updated ruby packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which...

Moderate: Red Hat Security Advisory: ruby193-ruby security update

Updated ruby193-ruby packages that fix three security issues are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Device42 WAN Emulator 2.3 - Ping Command Injection (Metasploit)

Device42 WAN Emulator 2.3 - Ping Command Injection Metasploit This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'WAN Emulator v2.3 Command Execution', 'Description' = %q , 'License' =...

The use of CVE2012-0 1 5 8 old vulnerability in the latest APT attack V1. 0-vulnerability warning-the black bar safety net

Format overflow vulnerabilities are often APT to attack the use. In such vulnerability, CVE2012-0 1 5 8 over the past year the most often used one. The use of the vulnerability of the carrier is typically an RTF file formats, the internal data in hex string form saved. 2 0 1 3 years 1 month of...

Jenkins: insecure storage of passwords in Subversion plugin (SECURITY-58)

The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file...

Automattic: Open Redirect in WordPress Feed Statistics {Affected All Versions}

Hi, Feed Statistics Plugin is vulnerable to Open Redirect and effecting large amount of Websites. Which is the reason it should be patched swiftly. Detail description is given below: Tested on: Wordpress 3.9.1 Vulnerable Plugin: Feed Statistics Plugin Link:...