Cross RSS 1.7 - Local File Inclusion

Absolute path traversal vulnerability in Cross-RSS wp-cross-rss plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php. id: CVE-2014-4941 info: name: Cross RSS 1.7 - Local File Inclusion author: DhiyaneshDK severity: medium...

CVE-2014-4941

Absolute path traversal vulnerability in Cross-RSS wp-cross-rss plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php...

EUVD-2014-4858

Malware in sbrugna...

Cross-RSS Plugin for WordPress Arbitrary Files Read

The WordPress Cross-RSS Plugin installed on the remote host is affected by an Arbitrary Files Read. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

Cross RSS 1.7 - proxy.php rss Parameter Local File Inclusion

The cross-rss WordPress plugin was affected by a proxy.php rss Parameter Local File Inclusion security vulnerability...

CVE-2014-4941

Absolute path traversal vulnerability in Cross-RSS wp-cross-rss plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php...

Path traversal

Absolute path traversal vulnerability in Cross-RSS wp-cross-rss plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php...

CVE-2014-4941

Absolute path traversal vulnerability in Cross-RSS wp-cross-rss plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php...

CVE-2014-4941

Cross-RSS for WordPress (plugin 1.7) is affected by an Absolute Path Traversal via the rss parameter to proxy.php, enabling reading arbitrary server files. Root cause: local file inclusion in the plugin’s handling of the rss input. Impact: potential exposure of sensitive files on the server. Reme...