WordPress ShowBiz Pro <= 1.7.1 - Authenticated Arbitrary File Upload to RCE

The WordPress ShowBiz Pro plugin version = 1.7.1 allows arbitrary PHP file upload via the admin-ajax.php endpoint.This leads to unauthenticated remote code execution. id: CVE-2015-9499 info: name: WordPress ShowBiz Pro = 1.7.1 - Authenticated Arbitrary File Upload to RCE author:...

CVE-2015-9499

The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive...

Code injection

The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive...

CVE-2015-9499

CVE-2015-9499 affects the WordPress ShowBiz Pro plugin (≤ 1.7.1). The connected template details an authenticated arbitrary file upload to the WordPress admin endpoint (admin-ajax.php) that can upload a PHP file (e.g., inside a ZIP) and lead to remote code execution. Impact described: full server...

CVE-2015-9499

The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive...

WordPress Showbiz Pro Plugin Has Unspecified Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Showbiz Pro is a responsive trailer display plugin used in it. A security vulnerability exists in WordPress Showbiz Pro plugin version...

WordPress ThemePunch Slider Revolution plugin and Showbiz Pro plugin have multiple vulnerabilities

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports in PHP and MySQL server set up a personal blog site.ThemePunch Slider Revolution revslider is one of the slideshow plugin.Showbiz Pro is one of the scrolling display...

CVE-2014-9735

The ThemePunch Slider Revolution revslider plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to 1 upload and execute arbitrary files via an updateplugin...

CVE-2014-9735

The CVE-2014-9735 issue affects WordPress ThemePunch Slider Revolution (RevSlider) before 3.0.96 and Showbiz Pro plugin 1.7.1 and earlier. The root cause is improper restriction of administrator AJAX functionality, enabling unauthenticated remote code execution via file upload and manipulation ac...

CVE-2014-9735

The ThemePunch Slider Revolution revslider plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to 1 upload and execute arbitrary files via an updateplugin...

WordPress slideshow plugin RevSlider exploit-vulnerability warning-the black bar safety net

Any read: /wp-admin/admin-ajax. php? action=revslidershowimage&img=../wp-config.php Any upload: !/ usr/bin/perl Title: Slider Revolution/Showbiz Pro shell upload exploit Author: Simo Ben youssef Contact: SimoatMorxploitcom Discovered: 1 5 October 2 0 1 4 Coded: 1 5 October 2 0 1 4 Updated: 2 5...

WordPress Showbiz Pro Responsive Teaser File Upload

File upload vulnerability in WordPress Showbiz Pro Responsive Teaser plugin Vulnerability Type: File Upload For the exploit source code contact DSquare Security sales team...

VulnCheck KEV: CVE-2014-9735

The ThemePunch Slider Revolution revslider plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to 1 upload and execute arbitrary files via an...

Slider Revolution/Showbiz Pro shell upload exploit

!/usr/bin/perl Title: Slider Revolution/Showbiz Pro shell upload exploit Author: Simo Ben youssef Contact: SimoatMorxploitcom Discovered: 15 October 2014 Coded: 15 October 2014 Updated: 25 November 2014 Published: 25 November 2014 MorXploit Research http://www.MorXploit.com Vendor: ThemePunch...

Slider Revolution/Showbiz Pro Shell Upload Exploit

Exploit for php platform in category web applications !/usr/bin/perl Title: Slider Revolution/Showbiz Pro shell upload exploit Author: Simo Ben youssef Contact: SimoatMorxploitcom Discovered: 15 October 2014 Coded: 15 October 2014 Updated: 25 November 2014 Published: 25 November 2014 MorXploit...

Slider Revolution/Showbiz Pro Shell Upload

!/usr/bin/perl Title: Slider Revolution/Showbiz Pro shell upload exploit Author: Simo Ben youssef Contact: SimoatMorxploitcom Discovered: 15 October 2014 Coded: 15 October 2014 Updated: 25 November 2014 Published: 25 November 2014 MorXploit Research http://www.MorXploit.com Vendor: ThemePunch...

WordPress Plugin Slider REvolution 3.0.95 / Showbiz Pro 1.7.1 - Arbitrary File Upload

!/usr/bin/perl Title: Slider Revolution/Showbiz Pro shell upload exploit Author: Simo Ben youssef Contact: SimoatMorxploitcom Discovered: 15 October 2014 Coded: 15 October 2014 Updated: 25 November 2014 Published: 25 November 2014 MorXploit Research http://www.MorXploit.com Vendor: ThemePunch...

WordPress Plugin Slider REvolution 3.0.95 Showbiz Pro 1.7.1 - Arbitrary File Upload

WordPress Plugin Slider REvolution 3.0.95 Showbiz Pro 1.7.1 - Arbitrary File Upload !/usr/bin/perl Title: Slider Revolution/Showbiz Pro shell upload exploit Author: Simo Ben youssef Contact: SimoatMorxploitcom Discovered: 15 October 2014 Coded: 15 October 2014 Updated: 25 November 2014 Published:...

VulnCheck KEV: CVE-2015-9499

The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive...