WordPress Plugin Import CSV 1.0 - Directory Traversal

Exploit Title: Wordpress Import CSV | Directory Traversal Exploit Author: Wadeek Website Author: https://github.com/Wad-Deek Software Link: https://downloads.wordpress.org/plugin/xml-and-csv-import-in-article-content.zip Stable Tag: 1.1 Tested on: Xampp on Windows7 Version Disclosure...

WordPress Import CSV 1.1 Directory Traversal

Exploit Title: Wordpress Import CSV | Directory Traversal Exploit Author: Wadeek Website Author: https://github.com/Wad-Deek Software Link: https://downloads.wordpress.org/plugin/xml-and-csv-import-in-article-content.zip Stable Tag: 1.1 Tested on: Xampp on Windows7 Version Disclosure...

WordPress Plugin Import CSV 1.0 - Directory Traversal

WordPress Plugin Import CSV 1.0 - Directory Traversal Exploit Title: Wordpress Import CSV | Directory Traversal Exploit Author: Wadeek Website Author: https://github.com/Wad-Deek Software Link: https://downloads.wordpress.org/plugin/xml-and-csv-import-in-article-content.zip Stable Tag: 1.1 Tested...

wordpress 插件 site-import V1.0.1 文件包含漏洞

No description provided by source...

[SECURITY] Fedora 22 Update: phpMyAdmin-4.5.5.1-1.fc22

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

WordPress Plugin Site Import 1.0.1 - LocalRemote File Inclusion

WordPress Plugin Site Import 1.0.1 - LocalRemote File Inclusion Exploit Title: Wordpress Site Import 1.0.1 | Local and Remote file inclusion Exploit Author: Wadeek Website Author: https://github.com/Wad-Deek Software Link: https://downloads.wordpress.org/plugin/site-import.1.0.1.zip Version: 1.0....

WordPress Site Import Plugin 1.0.1 - Local and Remote File Inclusion

Site Import plugin is prone to local and remote files inclusion. Solution Upgrade the plugin...

WordPress Site Import 1.0.1 Plugin - Local File Inclusion / Remote File Inclusion

Exploit for php platform in category web applications Exploit Title: Wordpress Site Import 1.0.1 | Local and Remote file inclusion Exploit Author: Wadeek Website Author: https://github.com/Wad-Deek Software Link: https://downloads.wordpress.org/plugin/site-import.1.0.1.zip Version: 1.0.1 Tested o...

WordPress Plugin Site Import 1.0.1 - Local/Remote File Inclusion

Exploit Title: Wordpress Site Import 1.0.1 | Local and Remote file inclusion Exploit Author: Wadeek Website Author: https://github.com/Wad-Deek Software Link: https://downloads.wordpress.org/plugin/site-import.1.0.1.zip Version: 1.0.1 Tested on: Xampp on Windows7 Version Disclosure...

Portal Apache Jetspeed 2.3.0 and earlier versions: a remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

! As my personal“friendship detect open source software security”one of the projects I'm ready to play play the Apache Jetspeed 2, which v2. 3 0 one. Jetspeed this stuff, used those words, that is: “An open portal platform and enterprise information portal, completely based on open standards,...

Bumble: Account Takeover

Hello this is regarding an account takeover via import image from facebook option, when we import fb photos a link with a token generated which is valid for any user and it can be use to replace user linked fb account to attacker fb account And then login via fb to takeover account Note: I tested...

Import Woocommerce <= 1.0.1 - Reflected Cross-Site Scripting (XSS)

The Import WooCommerce WordPress plugin was affected by a Reflected Cross-Site Scripting XSS security vulnerability...

WordPress Import Woocommerce 1.0.1 Cross Site Scripting

FULL DISCLOSURE Product : Import Woocommerce Exploit Author : Rahul Pratap Singh Version : 1.0.1 Home page Link : https://wordpress.org/plugins/import-woocommerce/ Website : 0x62626262.wordpress.com Linkedin : https://in.linkedin.com/in/rahulpratapsingh94 Date : 24/Feb/2016 XSS Vulnerability:...

WordPress CSV Import 1.0 Cross Site Scripting

FULL DISCLOSURE Product : CSV Import Exploit Author : Rahul Pratap Singh Version : 1.0 Home page Link : https://wordpress.org/plugins/csv-import/ Website : 0x62626262.wordpress.com Linkedin : https://in.linkedin.com/in/rahulpratapsingh94 Date : 23/Feb/2016 XSS Vulnerability:...

WordPress Import CSV Plugin <= 1.0 - Cross Site Scripting

This WordPress plugin is prone to a cross-site scripting XSS vulnerability, because "alertmsg" parameter is not sanitized. Solution Update the plugin...

CSV Import 1.0 - Reflected Cross-Site Scripting (XSS)

The CSV Import WordPress plugin was affected by a Reflected Cross-Site Scripting XSS security vulnerability...

PyScan-Scanner - Vulnerability Scanner With Custom Payload

REQUIRE urllib2 BeautifulSoup requests START Change database information $bdd = new PDO'mysql:host=localhost;dbname=pyscan', 'user', 'password'; Update a Python gate panelurl = "http://localhost/pyscan/" gatescraper = "cmd/gate.php" gatescanner = "cmd/scan.php" gatevuln = "cmd/vuln.php" gatepaylo...

Backup Guard < 1.0.3 - Authenticated Arbitrary File Upload

The plugin allowed any authenticated user to call the AJAX actions, including the one to import backups which could lead to arbitrary file upload...

[SECURITY] Fedora 22 Update: phpMyAdmin-4.5.4-1.fc22

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

Hippo CMS 10.1 - Multiple Vulnerabilities

Exploit for java platform in category web applications Hippo CMS 10.1 XML External Entity Information Disclosure Vulnerability Vendor: Hippo B.V. Product web page: http://www.onehippo.org Affected version: 10.1, 7.9 and 7.8 Enterprise Edition Summary: Hippo CMS is an open source Java CMS. We buil...