Lucene search
K

70 matches found

Cvelist
Cvelist
added 2018/09/24 10:0 p.m.21 views

CVE-2018-16299

The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter...

7.7AI score0.43722EPSS
Exploits2References4
WPVulnDB
WPVulnDB
added 2018/09/19 12:0 a.m.20 views

Localize My Post 1.0 - Unauthenticated Local File Inclusion (LFI)

The localize-my-post WordPress plugin was affected by an Unauthenticated Local File Inclusion LFI security vulnerability. PoC http://www.example.com/wp-content/plugins/localize-my-post/ajax/include.php?file=../../../../../../../../../../etc/passwd...

5CVSS0.6AI score0.43722EPSS
Exploits2References3Affected Software1
0day.today
0day.today
added 2018/09/19 12:0 a.m.30 views

WordPress Localize My Post 1.0 Plugin - Local File Inclusion Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress Plugin Localize My Post 1.0 - Local File Inclusion Author: Manuel Garcia Cardenas Software link: https://es.wordpress.org/plugins/localize-my-post/ CVE: N/A DESCRIPTION This bug was found in the file:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2018/09/19 12:0 a.m.23 views

WordPress Localize My Post 1.0 Local File Inclusion

Exploit Title: WordPress Plugin Localize My Post 1.0 - Local File Inclusion Author: Manuel Garcia Cardenas Date: 2018-09-19 Software link: https://es.wordpress.org/plugins/localize-my-post/ CVE: N/A DESCRIPTION This bug was found in the file: /localize-my-post/ajax/include.php...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2018/09/19 12:0 a.m.12 views

WordPress Plugin Localize My Post 1.0 - Local File Inclusion

WordPress Plugin Localize My Post 1.0 - Local File Inclusion Exploit Title: WordPress Plugin Localize My Post 1.0 - Local File Inclusion Author: Manuel Garcia Cardenas Date: 2018-09-19 Software link: https://es.wordpress.org/plugins/localize-my-post/ CVE: 2018-16299 DESCRIPTION This bug was found...

7.3AI score
Exploits0
wpexploit
wpexploit
added 2018/09/19 12:0 a.m.22 views

Localize My Post 1.0 - Unauthenticated Local File Inclusion (LFI)

The localize-my-post WordPress plugin was affected by an Unauthenticated Local File Inclusion LFI security vulnerability. http://www.example.com/wp-content/plugins/localize-my-post/ajax/include.php?file=../../../../../../../../../../etc/passwd...

5CVSS1.8AI score0.43722EPSS
Exploits2References3
Exploit DB
Exploit DB
added 2018/09/19 12:0 a.m.29 views

WordPress Plugin Localize My Post 1.0 - Local File Inclusion

Exploit Title: WordPress Plugin Localize My Post 1.0 - Local File Inclusion Author: Manuel Garcia Cardenas Date: 2018-09-19 Software link: https://es.wordpress.org/plugins/localize-my-post/ CVE: 2018-16299 DESCRIPTION This bug was found in the file: /localize-my-post/ajax/include.php...

7.4AI score
Exploits0
OSV
OSV
added 2018/07/03 2:29 p.m.3 views

CVE-2018-7774

The vulnerability exists within processing of localize.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the username input parameter...

8.8CVSS5.8AI score
Exploits0References1
Hacker One
Hacker One
added 2014/10/13 10:9 p.m.15 views

Localize: files likes of README.md is public

A readme or read me file contains information about other files in a directory or archive and is commonly distributed with computersoftware. Such a file is usually a text file called README.TXT, README.md, README.1ST, READ.ME, or simply README, although someMicrosoft Windows software may...

6.6AI score
Exploits0
Hacker One
Hacker One
added 2014/07/07 9:2 p.m.19 views

Localize: PHP PDOException and Full Path Disclosure

hi phrasekey , agian! in phraseChange action if set to array pdo quote show error! line 755 index.php Warning: PDO::quote expects parameter 1 to be string, array given in /srv/data/web/vhosts/www.localize.im/htdocs/classes/Database.php on line 30 Fatal error: Uncaught exception 'PDOException' wit...

Exploits0
Hacker One
Hacker One
added 2014/06/10 9:54 p.m.35 views

Localize: PHP PDOException and Full Path Disclosure

hi in phrases on phrasemove or phraseChange action - parameter phrasekey set to array like phraseChangephraseKey11:test pdo quote show error : Warning: PDO::quote expects parameter 1 to be string, array given in /srv/data/web/vhosts/www.localize.im/htdocs/classes/Database.php on line 30 Fatal...

0.2AI score
Exploits0
Hacker One
Hacker One
added 2014/05/24 10:4 p.m.17 views

Localize: full path disclosure from false language

https://www.localize.im/projects/3t/languages/4xX Fatal error: Uncaught exception 'Exception' with message 'Unknown language ID 3083' in /srv/data/web/vhosts/www.localize.im/htdocs/classes/Language.php:423 Stack trace: 0 /srv/data/web/vhosts/www.localize.im/htdocs/classes/Language.php221:...

0.3AI score
Exploits0
Hacker One
Hacker One
added 2014/05/22 6:18 p.m.11 views

Localize: missing sender policy framework (SPF)

A Valid TXT Record was not found in localize.im This can spoof your email address. Proof of Concept: http://mxtoolbox.com/SuperTool.aspx?action=spf:localize.im&run=toolpage related article: Missing SPF for hackerone.com...

Exploits0
Hacker One
Hacker One
added 2014/05/02 7:45 a.m.21 views

Localize: XSS in Team Only Area

Hello Marco, Remember this https://github.com/delight-im/Localize/commit/d32d07af0c81c65aa802fe389979f8fea6625e13? Can you resolved that bug here? Thanks!...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2014/04/25 2:14 p.m.54 views

Localize: Full Path Disclosure (FPD) in www.localize.im

Hi, found another information disclosure vulnerability/Full Path Disclosure on your application. Proof of Concept ------------------------- GET : https://www.localize.im/projects/projiect ID/languages/Language ID POST CONTENT:...

6.5AI score
Exploits0
Hacker One
Hacker One
added 2014/04/22 10:20 a.m.23 views

Localize: Criptographic Issue: Strisct Transport Security with not good max age..(TOO SHORT!)

Hello again team of Localize! I have already reported this bug to the HackerOne team..and they fix it..not immediately, because it's low priority but they fix it! Report: https://hackerone.com/reports/3709 : Issue: Strict Transport Security with too short max age. Description: Your site use a goo...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2014/04/20 9:2 a.m.29 views

Localize: OPTIONS Method Enabled

HTTP OPTIONS method is enabled on the web server of Localize. The OPTIONS method provides a list of the methods that are supported by the web server, it represents a request for information about the communication options available on the request/response chain identified by the Request-URI. This...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2014/04/19 3:54 a.m.15 views

Localize: Making groups in any project without permission

Something Interesting happening here !! ; Steps to reproduce : 1 Suppose User1 have Public Project called http://www.localize.io/v/8h 2 In public project any other user ll not have permissions to edit project 3 Now User2 want to make a group in http://www.localize.io/v/8h which is unlikely not...

7AI score
Exploits0
Hacker One
Hacker One
added 2014/04/19 2:52 a.m.15 views

Localize: infinite number of new project creation!

Hello, To be honest, I'm not sure if there is any real security implications of this bug, but it's something which should be fixed soon as possible.. With This bug, Attacker can create thousands of new projects in lest than 5 minutes! http://www.localize.io/pages/createproject I Explained Total...

Exploits0
Hacker One
Hacker One
added 2014/04/17 8:28 p.m.6 views

Localize: Assigning a non-existing role to user causes exception when opening project page

Reproduction: - Create a new private project - Log in as another user and go the the newly create project page. Request access there. - Switch back to original user and check pending requests. - At this point I was able to assign a non-existing role I changed the dropdown list and chose 10 as...

0.8AI score
Exploits0
Rows per page
Query Builder