70 matches found
CVE-2018-16299
The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter...
Localize My Post 1.0 - Unauthenticated Local File Inclusion (LFI)
The localize-my-post WordPress plugin was affected by an Unauthenticated Local File Inclusion LFI security vulnerability. PoC http://www.example.com/wp-content/plugins/localize-my-post/ajax/include.php?file=../../../../../../../../../../etc/passwd...
WordPress Localize My Post 1.0 Plugin - Local File Inclusion Vulnerability
Exploit for php platform in category web applications Exploit Title: WordPress Plugin Localize My Post 1.0 - Local File Inclusion Author: Manuel Garcia Cardenas Software link: https://es.wordpress.org/plugins/localize-my-post/ CVE: N/A DESCRIPTION This bug was found in the file:...
WordPress Localize My Post 1.0 Local File Inclusion
Exploit Title: WordPress Plugin Localize My Post 1.0 - Local File Inclusion Author: Manuel Garcia Cardenas Date: 2018-09-19 Software link: https://es.wordpress.org/plugins/localize-my-post/ CVE: N/A DESCRIPTION This bug was found in the file: /localize-my-post/ajax/include.php...
WordPress Plugin Localize My Post 1.0 - Local File Inclusion
WordPress Plugin Localize My Post 1.0 - Local File Inclusion Exploit Title: WordPress Plugin Localize My Post 1.0 - Local File Inclusion Author: Manuel Garcia Cardenas Date: 2018-09-19 Software link: https://es.wordpress.org/plugins/localize-my-post/ CVE: 2018-16299 DESCRIPTION This bug was found...
Localize My Post 1.0 - Unauthenticated Local File Inclusion (LFI)
The localize-my-post WordPress plugin was affected by an Unauthenticated Local File Inclusion LFI security vulnerability. http://www.example.com/wp-content/plugins/localize-my-post/ajax/include.php?file=../../../../../../../../../../etc/passwd...
WordPress Plugin Localize My Post 1.0 - Local File Inclusion
Exploit Title: WordPress Plugin Localize My Post 1.0 - Local File Inclusion Author: Manuel Garcia Cardenas Date: 2018-09-19 Software link: https://es.wordpress.org/plugins/localize-my-post/ CVE: 2018-16299 DESCRIPTION This bug was found in the file: /localize-my-post/ajax/include.php...
CVE-2018-7774
The vulnerability exists within processing of localize.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the username input parameter...
Localize: files likes of README.md is public
A readme or read me file contains information about other files in a directory or archive and is commonly distributed with computersoftware. Such a file is usually a text file called README.TXT, README.md, README.1ST, READ.ME, or simply README, although someMicrosoft Windows software may...
Localize: PHP PDOException and Full Path Disclosure
hi phrasekey , agian! in phraseChange action if set to array pdo quote show error! line 755 index.php Warning: PDO::quote expects parameter 1 to be string, array given in /srv/data/web/vhosts/www.localize.im/htdocs/classes/Database.php on line 30 Fatal error: Uncaught exception 'PDOException' wit...
Localize: PHP PDOException and Full Path Disclosure
hi in phrases on phrasemove or phraseChange action - parameter phrasekey set to array like phraseChangephraseKey11:test pdo quote show error : Warning: PDO::quote expects parameter 1 to be string, array given in /srv/data/web/vhosts/www.localize.im/htdocs/classes/Database.php on line 30 Fatal...
Localize: full path disclosure from false language
https://www.localize.im/projects/3t/languages/4xX Fatal error: Uncaught exception 'Exception' with message 'Unknown language ID 3083' in /srv/data/web/vhosts/www.localize.im/htdocs/classes/Language.php:423 Stack trace: 0 /srv/data/web/vhosts/www.localize.im/htdocs/classes/Language.php221:...
Localize: missing sender policy framework (SPF)
A Valid TXT Record was not found in localize.im This can spoof your email address. Proof of Concept: http://mxtoolbox.com/SuperTool.aspx?action=spf:localize.im&run=toolpage related article: Missing SPF for hackerone.com...
Localize: XSS in Team Only Area
Hello Marco, Remember this https://github.com/delight-im/Localize/commit/d32d07af0c81c65aa802fe389979f8fea6625e13? Can you resolved that bug here? Thanks!...
Localize: Full Path Disclosure (FPD) in www.localize.im
Hi, found another information disclosure vulnerability/Full Path Disclosure on your application. Proof of Concept ------------------------- GET : https://www.localize.im/projects/projiect ID/languages/Language ID POST CONTENT:...
Localize: Criptographic Issue: Strisct Transport Security with not good max age..(TOO SHORT!)
Hello again team of Localize! I have already reported this bug to the HackerOne team..and they fix it..not immediately, because it's low priority but they fix it! Report: https://hackerone.com/reports/3709 : Issue: Strict Transport Security with too short max age. Description: Your site use a goo...
Localize: OPTIONS Method Enabled
HTTP OPTIONS method is enabled on the web server of Localize. The OPTIONS method provides a list of the methods that are supported by the web server, it represents a request for information about the communication options available on the request/response chain identified by the Request-URI. This...
Localize: Making groups in any project without permission
Something Interesting happening here !! ; Steps to reproduce : 1 Suppose User1 have Public Project called http://www.localize.io/v/8h 2 In public project any other user ll not have permissions to edit project 3 Now User2 want to make a group in http://www.localize.io/v/8h which is unlikely not...
Localize: infinite number of new project creation!
Hello, To be honest, I'm not sure if there is any real security implications of this bug, but it's something which should be fixed soon as possible.. With This bug, Attacker can create thousands of new projects in lest than 5 minutes! http://www.localize.io/pages/createproject I Explained Total...
Localize: Assigning a non-existing role to user causes exception when opening project page
Reproduction: - Create a new private project - Log in as another user and go the the newly create project page. Request access there. - Switch back to original user and check pending requests. - At this point I was able to assign a non-existing role I changed the dropdown list and chose 10 as...