Atlassian JIRA HipChat for JIRA Plugin Code Injection Vulnerability

Atlassian JIRA is a defect tracking management system from Atlassian Australia. HipChat for JIRA is a real-time collaborative plug-in for tracking and managing all types of issues and defects in the workplace. Atlassian JIRA HipChat for JIRA plugin version 6.30.0 before a security vulnerability...

Unified Layer Shell Upload

/------ Unified-Layer Unrestricted File Upload Exploit /------ Author: UmPire / [email protected] /------ Iran Security Group / iransec.net Hi guys, With this exploit, You can upload files with any extensions you want in sites that are hosted on unified layer and its children like bluehost,...

WordPress Navis DocumentCloud Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's suite of blogging platforms developed using the PHP language, which supports personal blogging sites on servers running PHP and MySQL.Navis DocumentCloud is one of the plug-ins that allows journalists to analyze, annotate, and publish documents. A...

WordPress GD bbPress Attachments plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports the PHP and MySQL server to set up a personal blog site. gd bbPress Attachments is one of the support for uploading attachments to the bbPress open-source forum progra...

WordPress Powerplay Gallery Plugin Arbitrary File Upload Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL server set up a personal blog site.Powerplay Gallery is one of the gallery plug-ins for displaying images. An arbitrary file upload vulnerability exists ...

WordPress Copy Or Move Comments 1.0.0 Cross Site Scripting Vulnerability

WordPress Copy or Move Comments plugin version 1.0.0 suffers from a cross site scripting vulnerability. Title: WordPress 'Copy or Move Comments' Plugin Version: 1.0.0 Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej Date: 2015-06-16 Download: -...

simple-image-manipulator <= 1.0 - Remote File Download

Plugin is still affected and has been closed. In ./simple-image-manipulator/controller/download.php no checks are made to authenticate the user or sanitize input when determining file location. PoC $ curl...

WordPress Mobile Pack Plugin Information Disclosure Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up a personal blog site.Mobile Pack is one of the mobile version of the theme plug-ins. An information disclosure vulnerability exists in...

WordPress Unite Gallery Lite Plugin SQL Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL.Unite Gallery is a graphics and video gallery plugin for WordPress. Unite Gallery Lite 1.4.6 and other versions suffer from ...

WordPress Plotly Plugin HTML Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports in PHP and MySQL server set up personal blog site . Plotly is one of the plugin to the Wordpress site embedded Plotly charts . An HTML injection vulnerability exists ...

WordPress image-export plugin 'download.php' arbitrary file download vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress image-export 1.1 and other versions have a security vulnerability in the implementation of 'download.php', which...

WordPress wp-instance-rename 'mysqldump_download.php' plugin arbitrary file download vulnerability

WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. The WordPress wp-instance-rename 'mysqldumpdownload.php' plugin has an arbitrary file download vulnerability due to the program failing to adequately filter...

WordPress Aspose Cloud eBook Generator Plugin Arbitrary File Download Vulnerability

WordPress is a blogging platform developed using the PHP language, which supports setting up personal blog sites on servers with PHP and MySQL.Aspose Cloud eBook Generator is a plugin for creating eBook blogs, articles, and other content. An arbitrary file download vulnerability exists in the...

WordPress zM Ajax Login and Register Plugin Cross-Site Scripting Vulnerability

WordPress is a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . zM Ajax Login and Register is a plugin that supports the creation of custom registration or login page and integrated AJAX authentication . A...

Users to CSV <= 1.4.5 - Cross-Site Request Forgery (CSRF)

The users-to-csv WordPress plugin was affected by a Cross-Site Request Forgery CSRF security vulnerability. PoC http://www.example.com/wp-admin/users.php?page=users2csv.php=true=users http://www.example.com/wp-admin/users.php?page=users2csv.php=true=comments...

WordPress WP Fastest Cache plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL.WP Fastest Cache is a caching plugin. A cross-site request forgery vulnerability exists in the WordPress WP Fastest Cache plugin that allows remote attackers to...

ElasticSearch Directory Traversal Proof Of Concept

!/usr/bin/python Crappy PoC for CVE-2015-3337 - Reported by John Heasman of DocuSign Affects all ElasticSearch versions prior to 1.5.2 and 1.4.5 Pedro Andujar || twitter: pandujar || email: @segfault.es || @digitalsec.net Tested on default Linux .deb install /usr/share/elasticsearch/plugins/ impo...

WordPress Plugin Community Events 'community-events.php' SQL Injection Vulnerability

WordPress is the WordPress Software Foundation's suite of blogging platforms developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.Community Events is one of the plug-ins that creates events and accepts bookings from attendees. A SQL injection...

WordPress Plugin Reflex Gallery - Arbitrary File Upload (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Wordpress Reflex Gallery Upload Vulnerability', 'Description' = %q This module exploits an arbitrary PHP code upload in the WordPres...

Memory corruption during failed plugin initialization — Mozilla

Mozilla developer Robert Kaiser Kairo reported that a race condition when initialization of a plugin fails led to a potentially exploitable use-after-free vulnerability...