144 matches found
WordPress TimThumb Plugin - Remote Code Execution
No description provided by source. Exploit Title: WordPress TimThumb Plugin - Remote Code Execution Google Dork: inurl:timthumb ext:php -site:googlecode.com -site:google.com Date: 3rd August 2011 Author: MaXe Software Link: http://timthumb.googlecode.com/svn-history/r141/trunk/timthumb.php Versio...
WordPress TimThumb 1.32 Code Execution
Exploit Title: WordPress TimThumb Plugin - Remote Code Execution Google Dork: inurl:timthumb ext:php -site:googlecode.com -site:google.com Date: 3rd August 2011 Author: MaXe Software Link: http://timthumb.googlecode.com/svn-history/r141/trunk/timthumb.php Version: 1.32 Screenshot: See attachment...
WordPress Themes Vulnerability
TimThumb, a PHP script that is reused in many popular themes for the WordPress blog software, contains a vulnerability that allows a remote attacker to upload arbitrary PHP code to an affected site. US-CERT encourages users and administrators to: determine if any hosted blogs use TimThumb by...
WordPress TimThumb Plugin - Remote Code Execution
Exploit for php platform in category web applications Exploit Title: WordPress TimThumb Plugin - Remote Code Execution Google Dork: inurl:timthumb ext:php -site:googlecode.com -site:google.com Date: 3rd August 2011 Author: MaXe Software Link:...
WordPress Plugin TimThumb 1.32 - Remote Code Execution
WordPress Plugin TimThumb 1.32 - Remote Code Execution Exploit Title: WordPress TimThumb Plugin - Remote Code Execution Google Dork: inurl:timthumb ext:php -site:googlecode.com -site:google.com Date: 3rd August 2011 Author: MaXe Software Link:...
WordPress TimThumb Plugin 1.32 - Remote Code Execution
This TimThumb plugin is prone to a Remote Code Execution vulnerability because script does not check remotely cached files properly. Solution Update this plugin to the latest version or just delete the "timthumb" file...
WordPress Plugin TimThumb 1.32 - Remote Code Execution
Exploit Title: WordPress TimThumb Plugin - Remote Code Execution Google Dork: inurl:timthumb ext:php -site:googlecode.com -site:google.com Date: 3rd August 2011 Author: MaXe Software Link: http://timthumb.googlecode.com/svn-history/r141/trunk/timthumb.php Version: 1.32 Screenshot: See attachment...
PivotX -- Remote File Inclusion Vulnerability of TimThumb
The PivotX team reports: TimThumb domain name security bypass and insecure cache handling. PivotX before 2.3.0 includes a vulnerable version of TimThumb. If you are still running PivotX 2.2.6, you might be vulnerable to a security exploit, that was patched previously. Version 2.3.0 doesn't have...
Zero-day flaw in WordPress image utility allows to upload files and execute codes
Zero-day flaw in WordPress image utility allows to upload files and execute codes Mark Maunder, CEO of Seattle-based technology firm Feedjit, discovered the flaw after his own blog was hacked to load advertising content. He ended up tracing the issue back to TimThumb, which he uses on his blog...
Zero-day flaw in WordPress image utility allows to upload files and execute codes
Zero-day flaw in WordPress image utility allows to upload files and execute codes Mark Maunder, CEO of Seattle-based technology firm Feedjit, discovered the flaw after his own blog was hacked to load advertising content. He ended up tracing the issue back to TimThumb, which he uses on his blog...
Magazeen 1.0 Cross Site Scripting
Hello list! I want to warn you about Cross-Site Scripting, Full path disclosure, Abuse of Functionality and Denial of Service vulnerabilities in theme Magazeen for WordPress and Dotclear. SecurityVulns ID: 11635. ------------------------- Affected products: ------------------------- Similarly to...
Уязвимости в теме Magazeen для WordPress и Dotclear
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, Full path disclosure, Abuse of Functionality и Denial of Service уязвимостях в теме Magazeen для WordPress и Dotclear. Подобно уязвимостям во многих темах для WordPress, Drupal, ExpressionEngine и Joomla, также уязвимой...
Уязвимости во многих темах и компонентвх для Joomla
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, Full path disclosure, Abuse of Functionality и Denial of Service уязвимостях во многих темах и компонентах для Joomla. Подобно уязвимостям во многих темах для WordPress, Drupal и ExpressionEngine, также уязвимыми являются...
Joomla Themes Cross Site Scripting / Denial Of Service
Hello list! I want to warn you about Cross-Site Scripting, Full path disclosure, Abuse of Functionality and Denial of Service vulnerabilities in multiple themes and components for Joomla. ------------------------- Affected products: ------------------------- Similarly to vulnerabilities in multip...
Уязвимости во многих темах для ExpressionEngine
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, Full path disclosure, Abuse of Functionality и Denial of Service уязвимостях во многих темах для ExpressionEngine. Уязвимыми являются следующие темы для ExpressionEngine: Fresh News, Inspire, City Guide, Delegate, Optimize,...
Уязвимости во многих темах для Drupal
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, Full path disclosure, Abuse of Functionality и Denial of Service уязвимостях во многих темах для Drupal. Уязвимыми являются следующие темы для Drupal: Fresh News, Inspire, Spectrum, Delegate, Optimize, Bueno, Headlines, Daily...
Mimbo Pro 2.3.1 Cross Site Scripting
Hello list! I want to warn you about Cross-Site Scripting, Full path disclosure, Abuse of Functionality and Denial of Service vulnerabilities in Mimbo Pro theme for WordPress. It's commercial theme for WP by developer of TimThumb. ------------------------- Affected products:...
TimThumb 1.24 XSS / DoS / Path Disclosure
Hello list! I want to warn you about Cross-Site Scripting, Full path disclosure, Abuse of Functionality and Denial of Service vulnerabilities in TimThumb and multiple themes for WordPress. ------------------------- Affected products: ------------------------- Vulnerable are TimThumb and all web...
Уязвимости в TimThumb и во многих темах для WordPress
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, Full path disclosure, Abuse of Functionality и Denial of Service уязвимостях в TimThumb и во многих темах для WordPress. Уязвимыми являются TimThumb и все веб приложения в частности темы для WordPress, которые его используют...
WordPress Plugin IGIT Posts Slider Widget 1.0 - 'src' Cross-Site Scripting
source: https://www.securityfocus.com/bid/46589/info The IGIT Posts Slider Widget plugin for WordPress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of...