WordPress Real Estate 7 Theme 3.3.4 Abuse Of Functionality Vulnerability

==== Z://USB-00RESEARCH/WORDPRESS/ ============================================= 2023 == Report Title: WordPress Real Estate 7 Theme = 3.3.4 - Abuse of Functionality Google Dork: inurl:/wp-content/themes/realestate-7/ Research Date: 2023-02-10 Researcher: FearZzZz https://fearzzzz.ru Component...

WordPress Real Estate 7 Theme 3.3.4 Abuse Of Functionality

==== Z://USB-00RESEARCH/WORDPRESS/ ============================================= 2023 == Report Title: WordPress Real Estate 7 Theme = 3.3.4 - Abuse of Functionality Google Dork: inurl:/wp-content/themes/realestate-7/ Research Date: 2023-02-10 Researcher: FearZzZz https://fearzzzz.ru Component...

OPPO: No rate limit on Reporting a Threat on [https://community.coloros.com] lead to Increase in the User Group/Points

Summary: When a user signs up on https://community.coloros.com he is assigned with a specific User Group which increases with his activity on the community. I found that there is no rate limit implemented on reporting a threat and due to which a User can abuse this functionality to Increase his...

Design/Logic Flaw

Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management NSM 9.1.7.11 and earlier allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via appliance web interface...

CVE-2018-6681

CVE-2018-6681 is an Abuse of Functionality vulnerability in McAfee Network Security Management (NSM) 9.1.7.11 and earlier. The issue occurs in the web interface where authenticated users can cause arbitrary HTML to be reflected in the response page, via the appliance’s web interface. Affected sof...

D-Link DIR-300NRUB5 Firmware 1.2.94 Cross Site Request Forgery

Hello list! There are Abuse of Functionality, Brute Force and Cross-Site Request Forgery vulnerabilities in D-Link DIR-300. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DIR-300NRUB5, Firmware 1.2.94. All previous versions also must be...

D-Link DVG-5402SP CSRF / Brute Force

Hello list! There are Brute Force, Abuse of Functionality and Cross-Site Request Forgery vulnerabilities in D-Link DVG-5402SP VoIP Router. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DVG-5402SP, Firmware RU1.01. Other versions also...

WordPress i1.wp.com Functionality Abuse

Exploit Title: Wordpress i1.wp.com Abuse of Functionality Date: Nov 12th 2015 WASC: WASC-42 Exploit Author: Andrea Menin github.com/theMiddleBlue/ Video: https://www.youtube.com/watch?v=6g2khjbflmA Description: ------------ Abuse of Functionality is an attack technique that uses a web site's own...

AoF ana CSRF vulnerabilities in D-Link DCS-2103

Hello 3APA3A! There are Abuse of Functionality and Cross-Site Request Forgery vulnerabilities in D-Link DCS-2103 IP camera. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DCS-2103, Firmware 1.20. All previous versions also must be...

WordPress Vulcan Theme XSS / Disclosure/ DoS

Hello list! Let's back to vulnerabilities, which I disclosed in April 2011, which can be used for DDoS attacks on other sites, e.g. with my DAVOSET http://seclists.org/fulldisclosure/2015/Jun/111. In addition to hundreds of themes, which I wrote about in previous years, here is another theme for...

Multiple vulnerabilities in Vulcan theme for WordPress + WAF bypass

Hello 3APA3A! Let's back to vulnerabilities, which I disclosed in April 2011, which can be used for DDoS attacks on other sites, e.g. with my DAVOSET http://seclists.org/fulldisclosure/2015/Jun/111. In addition to hundreds of themes, which I wrote about in previous years, here is another theme fo...

Hikvision DS-7108HWI-SH XML Injection / Abuse Issues

Hello list! There are vulnerabilities in Hikvision DS-7108HWI-SH. These are XML Injection, Abuse of Functionality and Brute Force vulnerabilities. All these vulnerabilities are present in other IP cameras and DVR of Hikvision. ------------------------- Affected vendors: -------------------------...

Hikvision DS-2CD2012-I XML Injection / Abuse Issues

Hello list! There are vulnerabilities in Hikvision DS-2CD2012-I. These are XML Injection, Abuse of Functionality and Brute Force vulnerabilities. All these vulnerabilities are present in other IP cameras and DVR of Hikvision. ------------------------- Affected vendors: -------------------------...

X (Formerly Twitter): Abuse of "Remember Me" functionality.

Steps to Reproduce:- 1. Navigate to https://twitter.com/login, Fill up the required details and click on the "Log in" button. Make sure you have checked "Remember Me" check-box. 2. Login Successfully, Analyze the cookie using FireBug, specially "authtoken" and "remembercheckedon". These cookies...

Vulnerabilities in D-Link DAP-1360

Hello 3APA3A! There are Abuse of Functionality, Brute Force and Cross-Site Request Forgery vulnerabilities in D-Link DAP-1360 Wi-Fi Access Point and Router. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DAP-1360, Firmware 1.0.0. This...

D-Link DAP-1360 Abuse / Cross Site Request Forgery

D-Link DAP-1360 suffers from cross site request forgery, abuse of functionality, and brute force vulnerabilities. There are Abuse of Functionality, Brute Force and Cross-Site Request Forgery vulnerabilities in D-Link DAP-1360 Wi-Fi Access Point and Router. ------------------------- Affected...

D-Link DAP-1360 Abuse / Cross Site Request Forgery

Hello list! There are Abuse of Functionality, Brute Force and Cross-Site Request Forgery vulnerabilities in D-Link DAP-1360 Wi-Fi Access Point and Router. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DAP-1360, Firmware 1.0.0. This mod...

CSRF, AoF and XSS vulnerabilities in D-Link DAP 1150

Hello 3APA3A! In 2011 and beginning of 2012 I wrote about multiple vulnerabilities http://securityvulns.ru/docs27440.html, http://securityvulns.ru/docs27677.html, http://securityvulns.ru/docs27676.html in D-Link DAP 1150 several dozens. That time I wrote about vulnerabilities in admin panel in...

WordPress Flexolio XSS / Disclosure / File Upload

Hello list! There are Content Spoofing, Cross-Site Scripting, Full path disclosure, Abuse of Functionality, Denial of Service and Arbitrary File Upload vulnerabilities in Flexolio for WordPress. Which contains TimThumb and CU3ER. In April 2011 I wrote about vulnerabilities in TimThumb...

Multiple vulnerabilities in Flexolio for WordPress

Hello 3APA3A! There are Content Spoofing, Cross-Site Scripting, Full path disclosure, Abuse of Functionality, Denial of Service and Arbitrary File Upload vulnerabilities in Flexolio for WordPress. Which contains TimThumb and CU3ER. In April 2011 I wrote about vulnerabilities in TimThumb...