976 matches found
WordPress Ultimate Product Catalog 3.8.6 Shell Upload
Exploit Title: Wordpress Ultimate-Product-Catalog v3.8.6 Arbitrary file RCE Date: 2016-06-23 Google Dork: Index of /wp-content/plugins/ultimate-product-catalogue/ Exploit Author: Joaquin Ramirez Martinez i0akiN SEC-LABORATORY Vendor Homepage: http://www.EtoileWebDesign.com/ plugin uri:...
WordPress Advanced Custom Fields 4.4.7 Cross Site Scripting
FULL DISCLOSURE Product : Advanced Custom Fields Exploit Author : Rahul Pratap Singh Version : 4.4.7 Home page Link :https://wordpress.org/plugins/advanced-custom-fields/ Website : https://0x62626262.wordpress.com Linkedin : https://in.linkedin.com/in/rahulpratapsingh94 Date : 1/5/2016...
[SECURITY] Fedora 21 Update: drupal6-cck-2.10-1.fc21
The Content Construction Kit allows you to add custom fields to custom content types using a web interface. In Drupal 5.x, custom content types can be created in Drupal core, and the Content Construction Kit allows you to add custom fields to any content type. In Drupal 7 and later, most of the...
Invision Power Board 3.4.7 SQL Injection
Exploit Title: Invision Power Board customfields-outfields foreach $this-customfields-outfields as $id = $data if !empty$this-request 'field' . $id $queryPP = true; if isarray$this-request 'field' . $id foreach $this-request 'field' . $id as $k = $v $this-request 'field' . $id $k = urldecode$v;...
Sensitive information displayed in anonymous REST API calls
h4. Expected behavior Block sensitive information from being displayed on anonymous REST API calls in JIRA. h4. Actual behavior Users' full-name are displayed when running the calls below: noformat /user/picker?query= /groupuserpicker?query=ali&showAvatar noformat Default fields and custom fields...
Advanced Custom Fields <= 3.5.1 - Remote File Inclusion
The Advanced Custom Fields WordPress plugin was affected by a Remote File Inclusion security vulnerability...
Wordpress HMS Testimonials Plugin 2.0.10 - Multiple Vulnerabilities
No description provided by source. Update ======================== Fixed wrong dates. Details ======================== Application: HMS Testimonials http://wordpress.org/plugins/hms-testimonials/ Version: 2.0.10 Type: Wordpress Plugin Vendor: Jeff Kreitner http://profiles.wordpress.org/kreitje/...
WordPress Plugin Advanced Custom Fields Remote File Inclusion
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
statTypes REST API exposes all statistics field names anonymously
On an instance with no anonymous access enabled, /rest/gadget/1.0/statTypes returns a list of all stattable custom fields names and IDs in the instance in response to anonymous requests. This is a nasty exposure of data - admins have no way of knowing that private data shouldn't be put into custo...
Grant "Browse Project" permission to "User Custom Field Value" makes project visible to all users
panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-37117. panel If in your permission schema, you grant Browse Project permission to "User Custom Field Value", the project is visible to all...
XSS in admin/ViewIssueFields.jspa
Reproduction: 1. Create custom fields with alert1 in name and/or description. 2. Go to 'Field Configurations' 3. Click 'Add Field Configuration', enter any text in 'Name' 4. Hit okay and wait for the page to refresh 5. Choose the config you just made - XSSed...
XSS in admin/ViewIssueFields.jspa
Reproduction: 1. Create custom fields with alert1 in name and/or description. 2. Go to 'Field Configurations' 3. Click 'Add Field Configuration', enter any text in 'Name' 4. Hit okay and wait for the page to refresh 5. Choose the config you just made - XSSed...
XSS in admin/ViewIssueFields.jspa
Reproduction: 1. Create custom fields with alert1 in name and/or description. 2. Go to 'Field Configurations' 3. Click 'Add Field Configuration', enter any text in 'Name' 4. Hit okay and wait for the page to refresh 5. Choose the config you just made - XSSed...
WordPress Advanced Custom Fields Remote File Inclusion
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'WordPress Plugin Advanced Custom Fiel...
WordPress Advanced Custom Fields Plugin - Remote File Inclusion
WordPress Advanced Custom Fields plugin is prone to a remote file inclusion vulnerability. It allows for remote file inclusion and remote code execution via the export.php script. Solution Update the plugin...
WordPress Plugin Advanced Custom Fields - Remote File Inclusion (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'WordPress Plugin Advanced Custom Fiel...
WordPress Plugin Advanced Custom Fields Remote File Inclusion
This module exploits a remote file inclusion flaw in the WordPress blogging software plugin known as Advanced Custom Fields. The vulnerability allows for remote file inclusion and remote code execution via the export.php script. The Advanced Custom Fields plug-in versions 3.5.1 and below are...
WordPress Advanced Custom Fields 3.5.1 RFI
Remote file include vulnerability in WordPress Advanced Custom Fields plugin Vulnerability Type: Remote File Include For the exploit source code contact DSquare Security sales team...
Fedora Update for drupal-cck FEDORA-2010-15737
Check for the Version of drupal-cck OpenVAS Vulnerability Test Fedora Update for drupal-cck FEDORA-2010-15737 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...
Fedora Update for drupal-cck FEDORA-2010-15707
Check for the Version of drupal-cck OpenVAS Vulnerability Test Fedora Update for drupal-cck FEDORA-2010-15707 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...