FlatPress 1.0.3 Cross Site Request Forgery / Shell Upload

FlatPress 1.0.3 CSRF Arbitrary File Upload RCE PoC function exec var command = document.getElementById"exec"; var url = "http://localhost/flatpress/fp-content/attachs/test.php?cmd="; var cmdexec = command.v...

[SECURITY] [DLA 294-1] wordpress security update

Package : wordpress Version : 3.6.1+dfsg-1deb6u7 CVE ID : CVE-2015-2213 CVE-2015-5622 CVE-2015-5731 CVE-2015-5732 CVE-2015-5734 Several vulnerabilities have been fixed in Wordpress, the popular blogging engine. CVE-2015-2213 SQL Injection allowed a remote attacker to compromise the site...

Debian DSA-3328-1 : wordpress - security update

Several vulnerabilities have been found in Wordpress, the popular blogging engine. - CVE-2015-3429 The file example.html in the Genericicons icon font package and twentyfifteen Wordpress theme allowed for cross site scripting. - CVE-2015-5622 The robustness of the shortcodes HTML tags filter has...

JVN#13160869: Chyrp vulnerable to cross-site scripting

Chyrp is a blogging engine. Chyrp contains a cross-site scripting vulnerability. Impact An arbitrary script which may be embedded by an authenticated attacker could be executed on the Admin user's web browser. Solution Update the software Update to the latest version according to the information...

[SECURITY] [DSA 2841-1] movabletype-opensource security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2841-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 11, 2014 http://www.debian.org/security/faq -...

[SECURITY] [DSA 2841-1] movabletype-opensource security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2841-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 11, 2014 http://www.debian.org/security/faq -...

[oCERT-2011-001] Chyrp input sanitization errors

2011-001 Chyrp input sanitization errors Description: The Chyrp framework, an open source blogging engine, suffers from cross-site scripting XSS and local file inclusion LFI vulnerabilities. Insufficient input sanitization on the parameters passed to pages related to administration settings, the...

Open Source CERT Security Advisory 2011.001

File 1: oCERT-2011-001 File 2: JAHx113.txt ================================================== 2011-001 Chyrp input sanitization errors Description: The Chyrp framework, an open source blogging engine, suffers from cross-site scripting XSS and local file inclusion LFI vulnerabilities. Insufficient...

Flatpress 0.909.1 - Persistent Cross-Site Scripting

Flatpress 0.909.1 - Persistent Cross-Site Scripting Title: FlatPress 0.909.1 Stored XSS Vendor: http://www.flatpress.org Dork: "powered by FlatPress" AUTHOR: ITSecTeam Email: [email protected] Website: http://www.itsecteam.com Forum : http://forum.ITSecTeam.com Original Advisory:...

Flatpress 0.909.1 - Persistent Cross-Site Scripting

Title: FlatPress 0.909.1 Stored XSS Vendor: http://www.flatpress.org Dork: "powered by FlatPress" AUTHOR: ITSecTeam Email: [email protected] Website: http://www.itsecteam.com Forum : http://forum.ITSecTeam.com Original Advisory: www.ITSecTeam.com/en/vulnerabilities/vulnerability32.htm Thanks:...

FlatPress 0.909.1 Stored XSS Vulnerability

Exploit for php platform in category web applications ========================================== FlatPress 0.909.1 Stored XSS Vulnerability ========================================== Title: FlatPress 0.909.1 Stored XSS Vendor: http://www.flatpress.org Dork: "powered by FlatPress" AUTHOR: ITSecTea...

Flatpress 0.804 < 0.812.1 - Local File Inclusion

Security Advisory ----------------- FlatPress 0.804-0.812.1 Local File Inclusion to Remote Command Execution Researcher Information ---------------------- Discovered by: Giuseppe Zmax Fuggiano Website: http://www.giusef.net Contact: giuseppedotfuggianoatgmaildotcom Product Information...

FlatPress 0.804 - 0.812.1 local file inclusion vulnerability

No description provided by source. Security Advisory ----------------- FlatPress 0.804-0.812.1 Local File Inclusion to Remote Command Execution Researcher Information ---------------------- Discovered by: Giuseppe Zmax Fuggiano Website: http://www.giusef.net Contact:...