Fusion Engage 1.0.5 - Local File Disclosure

The fusion-engage WordPress plugin was affected by a Local File Disclosure security vulnerability. curl --data "action=fegetsvhtml&video=../wp-config.php" "http://www.example.com/wp-admin/admin-ajax.php";...

WordPress DesignFolio+ Theme File Upload

Exploit Title: Wordpress Theme DesignFolio+ Arbitrary File Upload Vulnerability Google dork: inurl:wp-content/themes/DesignFolio-Plus Author: CrashBandicot Date: 04.03.2015 OSVDB-ID: 119623 Vendor HomePage: https://github.com/UpThemes/DesignFolio-Plus Software Link:...

Arbitrary File Download Vulnerability in Internet Behavior Management System of Shenzhen Wheaton Information Technology Co.

Shenzhen Wheaton Information Technology Co., Ltd. Internet behavior management system is a set of monitoring system for the user's online behavior. Shenzhen Wheaton Information Technology Co., Ltd. Internet behavior management system there are arbitrary file download vulnerability, there are...

WordPress Plugin Reflex Gallery 3.1.3 - Arbitrary File Upload

Exploit Title: Wordpress Plugin Reflex Gallery - Arbitrary File Upload Google Dork: inurl:wp-content/plugins/reflex-gallery/ Date: 08.03.2015 Exploit Author: CrashBandicot @DosPerl Vendor Homepage: https://wordpress.org/plugins/reflex-gallery/ Software Link:...

WordPress Theme DesignFolio Plus 1.2 - Arbitrary File Upload

Exploit Title: Wordpress Theme DesignFolio+ Arbitrary File Upload Vulnerability Google dork: inurl:wp-content/themes/DesignFolio-Plus Author: CrashBandicot Date: 04.03.2015 Vendor HomePage: https://github.com/UpThemes/DesignFolio-Plus Software Link:...

MGASA-2015-0057 Updated moodle packages fix CVE-2015-1493

Updated moodle package fixes security vulnerability: In Moodle before 2.6.8, parameter "file" passed to scripts serving JS was not always cleaned from including "../" in the path, allowing to read files located outside of moodle directory. All OS's are affected, but especially vulnerable are...

Exploit for Out-of-bounds Write in Gnu Glibc

CVE-2015-0235-workaround aka GHOST glibc vulnerability A shar...

Microsoft fixes 8 security vulnerabilities, including Google's disclosure of 0day vulnerabilities-vulnerability warning-the black bar safety net

Microsoft has released the latest security patches, repair the content includes Google 9 0 days of the submitted 0day vulnerability, Microsoft this program 2 months to fix, but forced by Google reluctant to breach its 9 0-day cloth vulnerability details the policy had to advance the release patch...

DEBIAN-CVE-2015-0552

Directory traversal vulnerability in the gcabfolderextract function in libgcab/gcab-folder.c in gcab 0.4 allows remote attackers to write to arbitrary files via crafted path in a CAB file, as demonstrated by "\tmp\moo."...

CVE-2015-1041

Cross-site scripting XSS vulnerability in e107admin/filemanager.php in e107 1.0.4 allows remote attackers to inject arbitrary web script or HTML via the e107files/ file path in the QUERYSTRING...

Microsoft Windows TS WebProxy Windows Remote Elevation of Privilege Vulnerability

Microsoft Windows Vista is a very popular operating system released by Microsoft. An elevation of privilege vulnerability exists in the Microsoft TS WebProxy Windows component, which can be triggered when windows fails to properly filter file paths and can be exploited by an attacker to execute...

Codiad path directory traversal vulnerability

Codiad is an open source Web-based IDE application for writing and editing code online. A directory traversal vulnerability exists in Codiad components/filemanager/download.php, which allows an attacker to read the contents of arbitrary files via the path parameter...

WordPress A.F.D. Theme Echelon Arbitrary File Download

Name: Wordpress A.F.D Theme Echelon / INURL - BRASIL Description: This exploit allows attacker to download any writable file from the server Usage info: Put the path of the file in the file's field of the exploit ,then click "Download" button then you get the file directly File download /etc/pass...

MGASA-2014-0483 Updated moodle package fixes security vulnerabilities

In Moodle before 2.6.5, without forcing encoding, it was possible that UTF7 characters could be used to force cross-site scripts to AJAX scripts although this is unlikely on modern browsers and on most Moodle pages MSA-14-0035. In Moodle before 2.6.5, an XSS issue through $searchcourse in...

Use the phpinfo information LFI temporary file[POC]-vulnerability warning-the black bar safety net

Remember before foreign cattle raised by LFI contain temporary files? Did feel a little tasteless, because the temporary file path and name is unknown, although the temporary file name can use a similar? Other wildcards let's call it a wildcard match, while the N individual together with requests...

iFunBox Free v1.1 iOS - File Include Vulnerability

Document Title: =============== iFunBox Free v1.1 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1344 Release Date: ============= 2014-10-20 Vulnerability Laboratory ID VL-ID: ==================================== 1344...

foreman-proxy: smart-proxy remote command injection

The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetchbootfile...

Photorange v1.0 iOS - File Include Web Vulnerability

Document Title: =============== Photorange v1.0 iOS - File Include Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1318 Release Date: ============= 2014-09-06 Vulnerability Laboratory ID VL-ID: ==================================== 1318...

Code injection

Plack::App::File in Plack before 1.0031 removes trailing slash characters from paths, which allows remote attackers to bypass the whitelist of generated files and obtain sensitive information via a crafted path, related to Plack::Middleware::Static...

WordPress FR0_theme theme Arbitrary File Download Vulnerability

Exploit for php platform in category web applications +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : WordPress FR0theme theme Arbitrary File Download Vulnerability Author : alieye designer Homepage : http://english.gg.go.kr/ Contact : email protected Risk : High Class: Remote...