WordPress Plugin Paypal Currency Converter Basic For WooCommerce - File Read

Exploit Title: Paypal Currency Converter Basic For Woocommerce File Read Google Dork: inurl:"paypal-currency-converter-basic-for-woocommerce" Date: 10/06/2015 Exploit Author: Kuroi'SH Software Link: https://wordpress.org/plugins/paypal-currency-converter-basic-for-woocommerce/ Version: ';...

extjs Arbitrary File Read

Hi all£º Baidu Security Team found a vulnerability in extjs,with this vulnerability we can read arbitrary file and request internal http services File: /examples/feed-viewer/feed-proxy.php line:3-line:6 $feed = $REQUEST'feed'; if$feed != '' && strpos$feed, 'http' === 0 header'Content-Type:...

Server side request forgery (ssrf)

Server-side request forgery SSRF vulnerability in proxy.php in the jRSS Widget plugin 1.2 and earlier for WordPress allows remote attackers to trigger outbound requests and enumerate open ports via the url parameter...

CVE-2014-9292

CVE-2014-9292 describes a server-side request forgery (SSRF) in the WordPress plugin Jrss Widget (proxy.php) up to version 1.2. The vulnerability allows unauthenticated remote actors to cause outbound requests and enumerate open ports via the url parameter. Affected product: WordPress/JRSS Widget...

WordPress jRSS Widget Plugin <= 1.2 - SSRF

This vulnerability is in the proxy.php. It allows the attackers to trigger outbound requests and enumerate open ports via the "URL" parameter. Solution Update the plugin...

CVE-2014-4941

Absolute path traversal vulnerability in Cross-RSS wp-cross-rss plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php...

CVE-2014-1855

Multiple cross-site scripting XSS vulnerabilities in Seo Panel before 3.5.0 allow remote attackers to inject arbitrary web script or HTML via the 1 capcheck parameter to directories.php or 2 keyword parameter to proxy.php...

CVE-2014-1855

Seo Panel 3.x is affected by two XSS vulnerabilities (CVE-2014-1855) in 3.4.0 and earlier. The issues arise from insufficient sanitisation of user-supplied data in the capcheck parameter (directories.php) and the keyword parameter (proxy.php), enabling remote code execution in the victim’s browse...

FlashCanvas 1.5 proxy.php XSS Vulnerability

Advisory Information Title: FlashCanvas proxy.php XSS Vulnerability Date published: 11 December 2013 Reference: CVE-2013-6880 Advisory Summary Script does not adequately verify the Referer header before requesting via curl the remote URL specified in the ‘url’ GET parameter and rendering it. Vend...

ClarkConnect proxy.php url Parameter XSS

The remote web server is used by ClarkConnect, an Internet server and gateway product, to process PHP scripts used for configuration. The installed version includes a script, '/public/proxy.php', that fails to sanitize user- supplied input to the 'url' parameter before using it to generate dynami...

CVE-2008-5949

Multiple PHP remote file inclusion vulnerabilities in ccTiddly 1.7.4 and 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the cctbase parameter to 1 index.php; 2 handle/proxy.php; 3 header.php, 4 include.php, and 5 workspace.php in includes/; and 6 plugins/RSS/files/rss.php...

cctiddly-rfi.txt

/ $Id: cctiddly-1.7.4-rfi.txt,v 0.1 2008/12/04 04:12:20 cOndemned Exp $ ccTiddly 1.7.4 cctbase Multiple Remote File Inclusion Vulnerabilities found by cOndemned download from : http://tiddlywiki.org/ccTiddly/ccTiddlyv1.7.4.zip Probably prior versions are vulnerable too... Greetz: ZaBeaTy, str0ke,...

ext10-lfi.txt

ext 1.0 alpha1 feed-proxy.php Remote File Disclosure D.Script: http://yui-ext.com/deploy/ext-1.0-alpha1.zip Discovered by: Alkomandoz Hacker Homepage: http://www.asb-may.net - mohandko.com - sniper-sa.com - tryag.com V.Code In /examples/layout/feed-proxy.php...

ext 1.0 alpha1 &#40;feed-proxy.php&#41; Remote File Disclosure

ext 1.0 alpha1 feed-proxy.php Remote File Disclosure D.Script: http://yui-ext.com/deploy/ext-1.0-alpha1.zip Discovered by: Alkomandoz Hacker Homepage: http://www.asb-may.net - mohandko.com - sniper-sa.com - tryag.com V.Code In /examples/layout/feed-proxy.php...

Directory traversal

Directory traversal vulnerability in examples/layout/feed-proxy.php in Jack Slocum Ext 1.0 alpha1 Ext JS allows remote attackers to read arbitrary files via a .. dot dot in the feed parameter. NOTE: analysis by third party researchers indicates that this issue might be platform dependent...

CVE-2007-2285

CVE-2007-2285 affects the Ext JS example component: layout/feed-proxy.php in Jack Slocum Ext 1.0 alpha1. The vulnerability is a directory traversal that allows a remote attacker to read arbitrary files by manipulating the feed parameter via "..". Public sources confirm the same description across...

Ext 1.0 - &#039;feed-proxy.php?feed&#039; Remote File Disclosure

ext 1.0 alpha1 feed-proxy.php Remote File Disclosure D.Script: http://yui-ext.com/deploy/ext-1.0-alpha1.zip Discovered by: Alkomandoz Hacker Homepage: http://www.asb-may.net - mohandko.com - sniper-sa.com - tryag.com V.Code In /examples/layout/feed-proxy.php...