16 matches found
Vulnerabilities in Contact Form 7 for WordPress
Hello 3APA3A! I want to inform you about vulnerabilities in Contact Form 7 plugin for WordPress. These are Code Execution via Arbitrary File Uploading vulnerabilities two attack vectors. This is addition to previous Code Execution vulnerability in Contact Form 7...
Code Execution vulnerability in Contact Form 7 for WordPress
Hello 3APA3A! I want to inform you about vulnerability in Contact Form 7 plugin for WordPress. This is Code Execution via Arbitrary File Uploading vulnerability. ------------------------- Affected products: ------------------------- Vulnerable are Contact Form 7 3.5.2 and previous versions. After...
AFU and IL vulnerabilities in Uploadify
Hello 3APA3A! These are Arbitrary File Uploading and Information Leakage vulnerabilities in Uploadify. The same as in June with previous vulnerabilities in Uploadify, in September the developers just ignored my warnings, even I sent letter to multiple their e-mail addresses...
Uploadify 3.2.1 Shell Upload / Information Disclosure
Hello list! These are Arbitrary File Uploading and Information Leakage vulnerabilities in Uploadify. The same as in June with previous vulnerabilities in Uploadify, in September the developers just ignored my warnings, even I sent letter to multiple their e-mail addresses. -----------------------...
Uploadify 2.1.4 File Upload / XSS / File Deletion
Hello list! These are Arbitrary File Uploading, Arbitrary File Deletion and Cross-Site Scripting vulnerabilities in Uploadify. Particularly in the version used in aCMS it looks like these developers use modified version of Uploadify, but other developers also can use such version...
XSS and CS vulnerabilities in aCMS
Hello 3APA3A! After previous Cross-Site Scripting, Content Spoofing, Information Leakage, Insufficient Authorization and Arbitrary File Uploading vulnerabilities in aCMS, here are new ones. These are Cross-Site Scripting and Content Spoofing vulnerabilities in aCMS. This is commercial CMS...
XSS and CS vulnerabilities in aCMS
Hello 3APA3A! After previous Cross-Site Scripting, Content Spoofing, Information Leakage, Insufficient Authorization and Arbitrary File Uploading vulnerabilities in aCMS, here are new ones. These are Cross-Site Scripting and Content Spoofing vulnerabilities in aCMS. This is commercial CMS...
TinyMCE Image Manager 1.1 XSS / File Upload
Hello list! These are Arbitrary File Uploading and Cross-Site Scripting vulnerabilities in TinyMCE Image Manager plugin for TinyMCE. ------------------------- Affected products: ------------------------- Vulnerable are TinyMCE Image Manager 1.1 and previous versions. -------------------------...
AFU and XSS vulnerabilities in TinyMCE Image Manager
Hello 3APA3A! These are Arbitrary File Uploading and Cross-Site Scripting vulnerabilities in TinyMCE Image Manager plugin for TinyMCE. ------------------------- Affected products: ------------------------- Vulnerable are TinyMCE Image Manager 1.1 and previous versions. -------------------------...
IA and AFU vulnerabilities in aCMS
Hello 3APA3A! These are Insufficient Authorization and Arbitrary File Uploading vulnerabilities in aCMS. This is commercial CMS. There are multiple vulnerabilities in aCMS and it's the second part of them. ------------------------- Affected products: ------------------------- Vulnerable are aCMS...
AFU vulnerabilities in MCImageManager for TinyMCE
Hello 3APA3A! I want to warn you about vulnerabilities in Moxiecode Image Manager MCImageManager. This is commercial plugin for TinyMCE. It concerns as MCImageManager, as all web applications which have MCImageManager in their bundle. These are Arbitrary File Uploading vulnerabilities, which lead...
AFU vulnerabilities in MCFileManager for TinyMCE
Hello 3APA3A! I want to warn you about vulnerabilities in Moxiecode File Manager MCFileManager. This is commercial plugin for TinyMCE. It concerns as MCFileManager, as all web applications which have MCFileManager in their bundle. These are Arbitrary File Uploading vulnerabilities, which lead to...
aCMS 1.0 Shell Upload / Insufficient Authorization
Hello list! These are Insufficient Authorization and Arbitrary File Uploading vulnerabilities in aCMS. This is commercial CMS. There are multiple vulnerabilities in aCMS and it's the second part of them. ------------------------- Affected products: ------------------------- Vulnerable are aCMS 1....
Moxiecode Image Manager 3.1.5 Shell Upload
I want to warn you about vulnerabilities in Moxiecode Image Manager MCImageManager. This is commercial plugin for TinyMCE. It concerns as MCImageManager, as all web applications which have MCImageManager in their bundle. These are Arbitrary File Uploading vulnerabilities, which lead to Code...
Moxiecode File Manager 3.1.5 Shell Upload
Hello list! I want to warn you about vulnerabilities in Moxiecode File Manager MCFileManager. This is commercial plugin for TinyMCE. It concerns as MCFileManager, as all web applications which have MCFileManager in their bundle. These are Arbitrary File Uploading vulnerabilities, which lead to Co...
Уязвимости в CMS WebManager-Pro
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Arbitrary File Uploading и Code Execution уязвимостях в CMS WebManager-Pro это украинская коммерческая CMS. Arbitrary File Uploading WASC-42: В админке в разделе "файлы" http://site/admin/files.php возможна загрузка произвольных файлов. Code...