Xamarin Studio For Mac 6.2.1 (Build 3) / 6.3 (Build 863) Privilege Escalation

------------------------------------------------------------------------ Xamarin Studio for Mac API documentation update affected by local privilege escalation ------------------------------------------------------------------------ Yorick Koster, April 2017...

WordPress Plugin Popup by Supsystic 1.7.6 - Cross-Site Request Forgery

WordPress Plugin Popup by Supsystic 1.7.6 - Cross-Site Request Forgery !-- Source: https://sumofpwn.nl/advisory/2016/popupbysupsysticwordpresspluginvulnerabletocrosssiterequestforgery.html Abstract A Cross-site Request Forgery vulnerablity exists in the Popup by Supsystic WordPress Plugin. This...

WordPress NewStatPress 1.2.4 Plugin - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Source: https://sumofpwn.nl/advisory/2016/persistentcrosssitescriptinginthewordpressnewstatpressplugin.html Abstract A persistent Cross-Site Scripting XSS vulnerability has been found in the WordPress NewStatPress plugin. By using this...

WordPress File Manager 3.0.1 Plugin - Cross-Site Request Forgery Vulnerability

Exploit for php platform in category web applications !-- Source: https://sumofpwn.nl/advisory/2016/crosssiterequestforgeryinfilemanagerwordpressplugin.html Abstract A Cross-Site Request Forgery CSRF vulnerability was found in the File Manager WordPress Plugin. Among others, this issue can be use...

WordPress Plugin Global Content Blocks 2.1.5 - Cross-Site Request Forgery

!-- Source: https://sumofpwn.nl/advisory/2016/crosssiterequestforgeryinglobalcontentblockswordpressplugin.html Abstract It was discovered that the Global Content Blocks WordPress Plugin is vulnerable to Cross-Site Request Forgery. Amongst others, this issue can be used to update a content block t...

WordPress Google Forms Plugin unauthenticated PHP Object injection vulnerability

Exploit for php platform in category web applications Abstract A PHP Object injection vulnerability was found in the Google Forms WordPress Plugin, which can be used by an unauthenticated user to instantiate arbitrary PHP Objects. Using this vulnerability it is possible to execute arbitrary PHP...

WordPress Plugin WassUp Real Time Analytics 1.9 - Persistent Cross-Site Scripting

Source: https://sumofpwn.nl/advisory/2016/persistentcrosssitescriptinginwassuprealtimeanalyticswordpressplugin.html Persistent Cross-Site Scripting in WassUp Real Time Analytics WordPress Plugin Abstract A stored Cross-Site Scripting XSS vulnerability has been found in the WassUp Real Time...

WordPress Plugin WassUp Real Time Analytics 1.9 - Persistent Cross-Site Scripting

WordPress Plugin WassUp Real Time Analytics 1.9 - Persistent Cross-Site Scripting Source: https://sumofpwn.nl/advisory/2016/persistentcrosssitescriptinginwassuprealtimeanalyticswordpressplugin.html Persistent Cross-Site Scripting in WassUp Real Time Analytics WordPress Plugin Abstract A stored...

WordPress 404 to 301 Plugin 2.2.8 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Source: https://sumofpwn.nl/advisory/2016/storedcrosssitescriptingvulnerabilityin404to301wordpressplugin.html Stored Cross-Site Scripting vulnerability in 404 to 301 WordPress Plugin Abstract A stored Cross-Site Scripting vulnerability was fou...

WordPress WassUp Real Time Analytics 1.9 Plugin - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Source: https://sumofpwn.nl/advisory/2016/persistentcrosssitescriptinginwassuprealtimeanalyticswordpressplugin.html Persistent Cross-Site Scripting in WassUp Real Time Analytics WordPress Plugin Abstract A stored Cross-Site Scripting XSS...

Wordpress Update Resolves XSS, Path Traversal Vulnerabilities

WordPress is strongly encouraging users of the content management system to update to the most recent version, 4.6.1, released on Wednesday. WordPress 4.6.1 Security and Maintenance Release — WordPress @WordPress September 7, 2016 The update addresses two separate security issues, a cross-site...

WordPress 4.5.3 - Directory Traversal Denial of Service

WordPress 4.5.3 - Directory Traversal Denial of Service Path traversal vulnerability in WordPress Core Ajax handlers Abstract A path traversal vulnerability was found in the Core Ajax handlers of the WordPress Admin API. This issue can potentially be used by an authenticated user Subscriber to...

WordPress 4.5.3 - Directory Traversal / Denial of Service

Exploit for php platform in category web applications Path traversal vulnerability in WordPress Core Ajax handlers Abstract A path traversal vulnerability was found in the Core Ajax handlers of the WordPress Admin API. This issue can potentially be used by an authenticated user Subscriber to crea...

WordPress Core 4.5.3 - Directory Traversal / Denial of Service

Path traversal vulnerability in WordPress Core Ajax handlers Abstract A path traversal vulnerability was found in the Core Ajax handlers of the WordPress Admin API. This issue can potentially be used by an authenticated user Subscriber to create a denial of service condition of an affected...

WordPress Plugin Count Per Day 3.5.4 - Persistent Cross-Site Scripting

WordPress Plugin Count Per Day 3.5.4 - Persistent Cross-Site Scripting Stored Cross-Site Scripting vulnerability in Count per Day WordPress Plugin Abstract A Cross-Site Scripting vulnerability was found in the Count per Day WordPress Plugin. This issue can be exploited by an unauthenticated...

VMSA-2016-0010:VMware product updates address multiple HIGH security issues

VMSA-2016-0010.1 VMware product updates address multiple important security issues VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0010.1 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: VMware product updates address multiple security issue...

WordPress ALO EasyMail NewsLetter 2.9.2 Plugin - Cross-Site Request Forgery (Add/Import Arbitrary Su

Exploit for php platform in category web applications Cross-Site Request Forgery in ALO EasyMail Newsletter WordPress Plugin Contact For feedback or questions about this advisory mail us at sumofpwn at securify.nl The Summer of Pwnage This issue has been found during the Summer of Pwnage hacker...

WordPress Plugin WP Live Chat Support 6.2.03 - Persistent Cross-Site Scripting

Stored Cross-Site Scripting vulnerability in WP Live Chat Support WordPress Plugin Abstract A stored Cross-Site Scripting vulnerability was found in the WP Live Chat Support WordPress Plugin. This issue can be exploited by an unauthenticated user. It allows an attacker to perform a wide variety o...

WordPress Plugin Booking Calendar 6.2 - SQL Injection

SQL injection vulnerability in Booking Calendar WordPress Plugin Abstract An SQL injection vulnerability exists in the Booking Calendar WordPress plugin. This vulnerability allows an attacker to view data from the database. The affected parameter is not properly sanitized or protected with an...

WordPress Plugin WP Live Chat Support 6.2.03 - Persistent Cross-Site Scripting

WordPress Plugin WP Live Chat Support 6.2.03 - Persistent Cross-Site Scripting Stored Cross-Site Scripting vulnerability in WP Live Chat Support WordPress Plugin Abstract A stored Cross-Site Scripting vulnerability was found in the WP Live Chat Support WordPress Plugin. This issue can be exploite...