EUVD-2014-9117

Malware in sbrugna...

CVE-2014-9292

Server-side request forgery SSRF vulnerability in proxy.php in the jRSS Widget plugin 1.2 and earlier for WordPress allows remote attackers to trigger outbound requests and enumerate open ports via the url parameter...

CVE-2014-9292

Server-side request forgery SSRF vulnerability in proxy.php in the jRSS Widget plugin 1.2 and earlier for WordPress allows remote attackers to trigger outbound requests and enumerate open ports via the url parameter...

Server side request forgery (ssrf)

Server-side request forgery SSRF vulnerability in proxy.php in the jRSS Widget plugin 1.2 and earlier for WordPress allows remote attackers to trigger outbound requests and enumerate open ports via the url parameter...

CVE-2014-9292

CVE-2014-9292 describes a server-side request forgery (SSRF) in the WordPress plugin Jrss Widget (proxy.php) up to version 1.2. The vulnerability allows unauthenticated remote actors to cause outbound requests and enumerate open ports via the url parameter. Affected product: WordPress/JRSS Widget...

CVE-2014-9292

Server-side request forgery SSRF vulnerability in proxy.php in the jRSS Widget plugin 1.2 and earlier for WordPress allows remote attackers to trigger outbound requests and enumerate open ports via the url parameter...

WordPress jRSS Widget Plugin <= 1.2 - SSRF

This vulnerability is in the proxy.php. It allows the attackers to trigger outbound requests and enumerate open ports via the "URL" parameter. Solution Update the plugin...

Jrss Widget <= 1.2 - SSRF

Plugin is still affected and has been closed...

jRSS Widget Plugin for WordPress proxy.php 'url' Parameter Arbitrary File Access

The version of the jRSS Widget plugin for WordPress installed on the remote host does not sanitize input to the 'url' parameter of the 'proxy.php' script before using it to return the contents of a file. An unauthenticated, remote attacker can exploit this issue to disclose the contents of...

WordPress jRSS Widget 1.1.1 Local File Inclusion

------------------------------------------------------------------------ Software................WordPress jRSS Widget 1.1.1 Vulnerability...........Local File Inclusion Download................http://wordpress.org/extend/plugins/jrss-widget/ Release Date............11/5/2010 Tested...

WordPress Plugin jRSS Widget 1.1.1 - url Information Disclosure

WordPress Plugin jRSS Widget 1.1.1 - url Information Disclosure source: https://www.securityfocus.com/bid/44716/info The jRSS Widget Plugin for WordPress is prone to an information-disclosure vulnerability because it fails to sufficiently validate user-supplied data. An attacker can exploit this...

WordPress jRSS Widget Plugin 1.1.1 - Information Disclosure Vulnerability

This jRSS Widget plugin is prone to an information-disclosure vulnerability. Application fails to validate user-supplied data. Because of this issue, an attacker can view local files in the context of the affected application. In that way, the attacker obtains sensitive information. Other attacks...

WordPress Plugin jRSS Widget 1.1.1 - &#039;url&#039; Information Disclosure

source: https://www.securityfocus.com/bid/44716/info The jRSS Widget Plugin for WordPress is prone to an information-disclosure vulnerability because it fails to sufficiently validate user-supplied data. An attacker can exploit this issue to view local files in the context of the affected...