15 matches found
EUVD-2014-8842
Malware in sbrugna...
CVE-2014-9013
The ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin 2.4.0 for WordPress allows remote authenticated users to create arbitrary users and gain admin privileges via a request to wpmpppajaxcall with an execution target of wpinsertuser...
CVE-2014-9014
Directory traversal vulnerability in the ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin before 2.4.1 for WordPress allows remote authenticated users to download arbitrary files via a .. dot dot in the file parameter...
Design/Logic Flaw
The ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin 2.4.0 for WordPress allows remote authenticated users to create arbitrary users and gain admin privileges via a request to wpmpppajaxcall with an execution target of wpinsertuser...
Directory traversal
Directory traversal vulnerability in the ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin before 2.4.1 for WordPress allows remote authenticated users to download arbitrary files via a .. dot dot in the file parameter...
CVE-2014-9013
The ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin 2.4.0 for WordPress allows remote authenticated users to create arbitrary users and gain admin privileges via a request to wpmpppajaxcall with an execution target of wpinsertuser...
CVE-2014-9013
Summary: CVE-2014-9013 affects the WordPress WP Marketplace plugin (version 2.4.0) and is triggered via the ajaxinit function in wpmarketplace/libs/cart.php. The vulnerability allows remote authenticated users to call wpmp_pp_ajax_call and, through the execution target wp_insert_user or related c...
CVE-2014-9014
Directory traversal vulnerability in the ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin before 2.4.1 for WordPress allows remote authenticated users to download arbitrary files via a .. dot dot in the file parameter...
CVE-2014-9014
The CVE-2014-9014 entry corresponds to a directory traversal vulnerability in WP Marketplace (WordPress plugin) before 2.4.1. An authenticated user could exploit an improper file parameter handling in wpmarketplace/libs/cart.php (ajaxinit) to download arbitrary files via a .. path traversal. Publ...
WP Marketplace - Arbitrary File Upload
The wpmarketplace WordPress plugin was affected by an Arbitrary File Upload security vulnerability...
Wordpress WP Marketplace 2.4.0 Arbitrary File Download Vulnerability
Exploit for php platform in category web applications Exploit Title: WP Marketplace 2.4.0 Arbitrary File Download Date: 26-10-2014 Software Link: https://wordpress.org/plugins/wpmarketplace/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/...
WP Marketplace 1.1.0 - Shell Upload
The wp-marketplace WordPress plugin was affected by a Shell Upload security vulnerability...
Wordpress WP Marketplace Plugin 1.5.0 - 1.6.1 Arbitrary File Upload
Exploit for php platform in category web applications Description : Wordpress Plugins - WP Marketplace Shell Upload Vulnerability Version : 1.5.0 - 1.6.1 Link : http://wordpress.org/extend/plugins/wpmarketplace/ Plugins : http://downloads.wordpress.org/plugin/wpmarketplace.zip Date : 26-05-2012...
WordPress Plugin timthumb.php Shell Upload
Exploit Title: Multiple Wordpress timthumb.php reuse vulnerabilities Date: 09/19/2011 Author: Ben Schmidt supernothing AT spareclockcycles.org @supernothing --- Description --- The following Wordpress plugins reuse a vulnerable version of the timthumb.php library. By hosting a malicious GIF file...
Multiple WordPress Plugins - 'timthumb.php' File Upload
Exploit Title: Multiple Wordpress timthumb.php reuse vulnerabilities Date: 09/19/2011 Author: Ben Schmidt supernothing AT spareclockcycles.org @supernothing --- Description --- The following Wordpress plugins reuse a vulnerable version of the timthumb.php library. By hosting a malicious GIF file...