WordPress ACF Frontend Display Plugin 2.0.5 - File Upload Vulnerability

Exploit for php platform in category web applications +---------------------------------------------------------------------------+ + Author: TUNISIAN CYBER + Title: WP Plugin Free ACF Frontend Display File Upload Vulnerability + Date: 3-07-2015 + Type: WebAPP + Download Plugin:...

WordPress Plugin ACF Frontend Display 2.0.5 - Arbitrary File Upload

+---------------------------------------------------------------------------+ + Author: TUNISIAN CYBER + Title: WP Plugin Free ACF Frontend Display File Upload Vulnerability + Date: 3-07-2015 + Type: WebAPP + Download Plugin: https://downloads.wordpress.org/plugin/acf-frontend-display.2.0.5.zip +...

Swim Team <= v1.44.10777 - Local File Inclusion

The code in ./wp-swimteam/include/user/download.php doesn't sanitize user input from downloading sensitive system files. $ curl...

DLA-235-1 ruby1.9.1 - security update

Bulletin has no description...

Directory traversal

Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive information or cause a denial of service via a crafted file path to the 1 reportFileServlet or 2 exportServlet servlet...

xzgrep '/tmp/semi' Local Arbitrary Code Execution Vulnerability

xzgrep is a set of regular expression tools for searching compressed files. A security vulnerability exists in the xzgrep '/tmp/semi' processing, which allows a local attacker to execute arbitrary code in the context of the application...

Photo Manager Pro v4.4.0 iOS - File Include Vulnerability

Document Title: =============== Photo Manager Pro v4.4.0 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1445 Release Date: ============= 2015-03-12 Vulnerability Laboratory ID VL-ID: ====================================...

Fusion Engage 1.0.5 - Local File Disclosure

The fusion-engage WordPress plugin was affected by a Local File Disclosure security vulnerability. curl --data "action=fegetsvhtml&video=../wp-config.php" "http://www.example.com/wp-admin/admin-ajax.php";...

WordPress DesignFolio+ Theme File Upload

Exploit Title: Wordpress Theme DesignFolio+ Arbitrary File Upload Vulnerability Google dork: inurl:wp-content/themes/DesignFolio-Plus Author: CrashBandicot Date: 04.03.2015 OSVDB-ID: 119623 Vendor HomePage: https://github.com/UpThemes/DesignFolio-Plus Software Link:...

Arbitrary File Download Vulnerability in Internet Behavior Management System of Shenzhen Wheaton Information Technology Co.

Shenzhen Wheaton Information Technology Co., Ltd. Internet behavior management system is a set of monitoring system for the user's online behavior. Shenzhen Wheaton Information Technology Co., Ltd. Internet behavior management system there are arbitrary file download vulnerability, there are...

WordPress Plugin Reflex Gallery 3.1.3 - Arbitrary File Upload

Exploit Title: Wordpress Plugin Reflex Gallery - Arbitrary File Upload Google Dork: inurl:wp-content/plugins/reflex-gallery/ Date: 08.03.2015 Exploit Author: CrashBandicot @DosPerl Vendor Homepage: https://wordpress.org/plugins/reflex-gallery/ Software Link:...

WordPress Theme DesignFolio Plus 1.2 - Arbitrary File Upload

Exploit Title: Wordpress Theme DesignFolio+ Arbitrary File Upload Vulnerability Google dork: inurl:wp-content/themes/DesignFolio-Plus Author: CrashBandicot Date: 04.03.2015 Vendor HomePage: https://github.com/UpThemes/DesignFolio-Plus Software Link:...

MGASA-2015-0057 Updated moodle packages fix CVE-2015-1493

Updated moodle package fixes security vulnerability: In Moodle before 2.6.8, parameter "file" passed to scripts serving JS was not always cleaned from including "../" in the path, allowing to read files located outside of moodle directory. All OS's are affected, but especially vulnerable are...

Exploit for Out-of-bounds Write in Gnu Glibc

CVE-2015-0235-workaround aka GHOST glibc vulnerability A shar...

Microsoft fixes 8 security vulnerabilities, including Google's disclosure of 0day vulnerabilities-vulnerability warning-the black bar safety net

Microsoft has released the latest security patches, repair the content includes Google 9 0 days of the submitted 0day vulnerability, Microsoft this program 2 months to fix, but forced by Google reluctant to breach its 9 0-day cloth vulnerability details the policy had to advance the release patch...

DEBIAN-CVE-2015-0552

Directory traversal vulnerability in the gcabfolderextract function in libgcab/gcab-folder.c in gcab 0.4 allows remote attackers to write to arbitrary files via crafted path in a CAB file, as demonstrated by "\tmp\moo."...

CVE-2015-1041

Cross-site scripting XSS vulnerability in e107admin/filemanager.php in e107 1.0.4 allows remote attackers to inject arbitrary web script or HTML via the e107files/ file path in the QUERYSTRING...

Microsoft Windows TS WebProxy Windows Remote Elevation of Privilege Vulnerability

Microsoft Windows Vista is a very popular operating system released by Microsoft. An elevation of privilege vulnerability exists in the Microsoft TS WebProxy Windows component, which can be triggered when windows fails to properly filter file paths and can be exploited by an attacker to execute...

Codiad path directory traversal vulnerability

Codiad is an open source Web-based IDE application for writing and editing code online. A directory traversal vulnerability exists in Codiad components/filemanager/download.php, which allows an attacker to read the contents of arbitrary files via the path parameter...

WordPress A.F.D. Theme Echelon Arbitrary File Download

Name: Wordpress A.F.D Theme Echelon / INURL - BRASIL Description: This exploit allows attacker to download any writable file from the server Usage info: Put the path of the file in the file's field of the exploit ,then click "Download" button then you get the file directly File download /etc/pass...