what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

WordPress Clickjacking
Posted Sep 23, 2011
Authored by Andrew Horton | Site security-assessment.com

This advisory is the result of research into how clickjacking can be leveraged and is the first published clickjacking exploit against a popular web application to gain OS command execution. WordPress is a web application used to create a website or blog. The WordPress Admin panel can be clickjacked to install an arbitrary plugin from the WordPress plugin archive which leads to arbitrary PHP code installation and subsequently OS command execution. Versions of WordPress prior to 3.1.3 are vulnerable to clickjacking. WordPress has had clickjacking protection since May, 2011 with the release of version 3.1.3, however no specific threat or exploit has been published.

tags | advisory, web, arbitrary, php
SHA-256 | 6d655b5582b4862af9ad5082596a3a125309795b934f84d6bc8af6fa078b4321

Related Files

WordPress 5.9 Cross Site Scripting
Posted Feb 10, 2022
Authored by Taurus Omar

WordPress versions 5.9 and below suffer from a cross site scripting vulnerability in the author and contributor roles. Per the researcher, WordPress is addressing this in their next release and considers this a medium severity vulnerability.

tags | exploit, xss
SHA-256 | eb036d4467921c95f77944d1565e15824ae56f7f501944425c1be75fb150f82d
Red Hat Security Advisory 2022-0163-01
Posted Jan 19, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0163-01 - The RHEL-8 based Cryostat container images have been updated with a security fix for "CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache". Users of RHEL-8 based Cryostat container images are advised to upgrade to these updated images, which contain backported patches to correct this security issue. Users of these images are also encouraged to rebuild all container images that depend on these images. You can find images updated by this advisory in Red Hat Ecosystem Catalog.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2021-3712, CVE-2021-44716
SHA-256 | 7118b2b2689f6eefb1b744c04b387a5f1b3a1a39a25ba507fc74bc6d87d5d81b
Red Hat Security Advisory 2021-5191-02
Posted Dec 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-5191-02 - Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools. This advisory is intended to use with Container Images, for Red Hat 3scale API Management 2.11.1. Issues addressed include an XML injection vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-26247, CVE-2020-36385, CVE-2021-0512, CVE-2021-22946, CVE-2021-22947, CVE-2021-33928, CVE-2021-33929, CVE-2021-33930, CVE-2021-33938, CVE-2021-3656, CVE-2021-3733
SHA-256 | 222e9e194871a86f08f51b797c06b520b5e808c822dbc8abe7f4de9d3c85287c
Red Hat Security Advisory 2021-5110-05
Posted Dec 15, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-5110-05 - The RHEL-8 based Cryostat container images have been updated with a security fix for "CVE-2020-26160 jwt-go: access restriction bypass vulnerability". Users of RHEL-8 based Cryostat container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs, and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images. You can find images updated by this advisory in Red Hat Ecosystem Catalog. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2020-26160
SHA-256 | 63915501de1b49a02aa0b126d481b202a818dff802e0229badf455bffd50eaf3
WordPress 4.9.6 Arbitrary File Deletion
Posted Oct 25, 2021
Authored by samguy

WordPress version 4.9.6 arbitrary file deletion exploit. Original discovery of this vulnerability is attributed to VulnSpy in June of 2018.

tags | exploit, arbitrary
advisories | CVE-2018-12895
SHA-256 | 9e26b80d1679329336158f3cd64555119dd28f5c169070eeb582f83fd788eb26
Red Hat Security Advisory 2021-3851-01
Posted Oct 14, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3851-01 - Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools. This advisory is intended to use with Container Images, for Red Hat 3scale API Management 2.11.0. Issues addressed include a cross site scripting vulnerability.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2020-8911, CVE-2020-8912, CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-27218, CVE-2021-3442, CVE-2021-36222, CVE-2021-3653, CVE-2021-3715, CVE-2021-37750
SHA-256 | e4888f040246d49c7a7c2e4f31bece8b08efa09009b3ee41382c5876a9bfdbbc
WordPress 5.7 Media Library XML Injection
Posted Sep 20, 2021
Authored by David Uton

WordPress version 5.7 suffers from a Media Library XML external entity injection vulnerability.

tags | exploit
advisories | CVE-2021-29447
SHA-256 | f4d5079185c7b7a82974659421942eaed8b4ed45e1818b1ece7631fe12e92485
Backdooring WordPress To Get Cleartext Passwords
Posted Sep 11, 2021
Authored by Rafael Sousa

This paper demonstrates how to insert a backdoor in WordPress to get cleartext passwords anytime that a user logs in.

tags | paper
SHA-256 | 86a58a7a0e7f76d5a10b4c0f076df6f7acd2ba7b44bb9ce85aa4c428f169ff91
Red Hat Security Advisory 2021-1129-01
Posted Apr 8, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1129-01 - Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools. This advisory is intended to use with container images for Red Hat 3scale API Management 2.10.0.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-20843, CVE-2019-11719, CVE-2019-11727, CVE-2019-11756, CVE-2019-12749, CVE-2019-14866, CVE-2019-15903, CVE-2019-17006, CVE-2019-17023, CVE-2019-17498, CVE-2019-19126, CVE-2019-19532, CVE-2019-19956, CVE-2019-20388, CVE-2019-20907, CVE-2019-5094, CVE-2019-5188, CVE-2020-0427, CVE-2020-12243, CVE-2020-12400, CVE-2020-12401, CVE-2020-12402, CVE-2020-12403, CVE-2020-12723, CVE-2020-14040, CVE-2020-14351, CVE-2020-1971
SHA-256 | 080546fe1bfc5e278c82d7414e75a36e9df9b89d827f78304ae6390c7b762f52
WordPress Security
Posted Feb 21, 2020
Authored by Haktan Emik

Whitepaper called WordPress Security. Written in Turkish.

tags | paper
SHA-256 | e49b4b89327b25ec6a9f68b3a1e5349d5d266d462409d6037057a44f027bcec3
WordPress 5.3 Denial Of Service
Posted Jan 14, 2020
Authored by Rory M | Site labs.arcturus.net

WordPress is vulnerable to denial of service by abusing XMLRPC API. The system.multicall function lets you batch other API calls. Another API function is pingback.ping, which makes WordPress make a connection out to another site. If you batch a few thousand pingback.ping requests using the multicall feature, you can exhaust a variety of different resources on the server. This PoC will eat through Apache2's worker threads and will also make MySQL eat up more CPU and mem, possibly knocking over low-RAM VPS instances.

tags | exploit, denial of service
SHA-256 | 6c6fe7a9f5127e081592602ad3e160fb880556efc026bfde16f893df42e1b79d
Red Hat Security Advisory 2019-4082-01
Posted Dec 4, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-4082-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory includes ose-cluster-authentication-operator-container, ose-cluster-config-operator-container, and ose-cluster-kube-apiserver-operator-container, which have been updated with the a fix to address a secret disclosure issue.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-10213
SHA-256 | 563414c80fc6048a1732d2861ad68304d7131d3a8df3d594fa17915be9216316
WordPress Penetration Testing Using WPScan And Metasploit
Posted Oct 5, 2018
Authored by Behrouz Mansoori

Whitepaper called WordPress Penetration Testing Using WPScan and Metasploit. Written in English.

tags | paper
SHA-256 | 40d6ad648ac7360b313cbb38733b52a8bf9a680e252b22d792e7b8db54f89a9d
WordPress Security
Posted Oct 5, 2018
Authored by Behrouz Mansoori

This is a whitepaper that provides an overview on WordPress Security. Written in Persian.

tags | paper
SHA-256 | d22218ad1594c053cb1ee1157adae795a1d60e443169f78cd2050fa557349319
WordPress Core 4.6 Unauthenticated Remote Code Execution
Posted May 5, 2017
Authored by Dawid Golunski | Site legalhackers.com

WordPress (core) 4.6 suffers from an unauthenticated remote code execution condition via an exploitable version of PHPMailer built-in to WordPress code. Exploitation details provided.

tags | exploit, remote, code execution
advisories | CVE-2016-10033
SHA-256 | 3562cc0222ccab73bf32045e3f2bee84233aef4cd3e169a98bcd74a969767f51
WordPress Spider Event Calendar 1.5.51 Blind SQL Injection
Posted Apr 8, 2017
Authored by Manuel Garcia Cardenas

The WordPress Spider Event Calendar Plugin, prior to 1.5.51 suffers from a blind SQL injection vulnerability due to improper sanitization of an order_by parameter.

tags | exploit, sql injection
SHA-256 | 4454658986b01df7747b115a7789ea51bbfcd5b69c667b6f78c6f281074c4d75
OpenSSL Security Advisory - Missing Sanity Check / Use-After-Free
Posted Sep 28, 2016
Site openssl.org

This security update addresses issues that were caused by patches included in the previous security update, released on 22nd September 2016. Given the Critical severity of one of these flaws they have chosen to release this advisory immediately to prevent upgrades to the affected version, rather than delaying in order to provide their usual public pre-notification.

tags | advisory
SHA-256 | 77e4bc126822f74950332b755111a67d667dfdb76d28ac707831dec3730de752
WordPress Simple Backup Arbitrary Download
Posted May 19, 2015
Authored by Ashiyane Digital Security Team

The WordPress Simple Backup plugin suffers from an arbitrary download vulnerability.

tags | advisory, arbitrary
SHA-256 | 2f1879ea63c04f1d1bdc1146437974cb35370b7761eb8ab23b2cca9b2c380294
WordPress Contact Form To Email Plugin CSRF / XSS
Posted May 14, 2015
Authored by Ashiyane Digital Security Team

WordPress Contact Form To Email Plugin suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, csrf
SHA-256 | 2aca5d9a62624deeeede389712066d5e147d5a31e58641761cd32697cfcfbe4a
WordPress Themes File Download / Deletion
Posted Jul 5, 2014
Authored by CaFc Versace

Multiple WordPress themes suffer from arbitrary file download and file deletion vulnerabilities. Included are Awake, Construct, Dejavu, Echelon, Elegance, Fusion, Infocus, Mega, Method, Modular, MyRiad, Oakrealty, Persuasion, and Binary.

tags | exploit, arbitrary, vulnerability
SHA-256 | 16d3d8d513a0c1a112e5fd02b8f6fb4f3ac05578ecf115db498705d6dbb8c3ef
Spider Event Calendar 1.3.0 Cross Site Scripting / Path Disclosure / SQL Injection
Posted May 22, 2013
Authored by Janek Vind aka waraxe | Site waraxe.us

Spider Event Calendar version 1.3.0 is a Wordpress plugin that suffers from multiple cross site scripting, path disclosure, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | e1280c273978d2943c741ebee56c227367b4ac94ad923128afa07f35b1146ed6
Spider Catalog 1.4.6 Cross Site Scripting / Path Disclosure / SQL Injection
Posted May 22, 2013
Authored by Janek Vind aka waraxe | Site waraxe.us

Spider Catalog version 1.4.6 is a Wordpress plugin that suffers from multiple cross site scripting, path disclosure, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 37e63ff3e32d65df162db6c051518d4a1fcd556135bdae06ee5a5a69e189c813
Wordpress Flagallery-Skins SQL Injection
Posted May 22, 2013
Authored by Ashiyane Digital Security Team

Wordpress Flagallery-skins plugin suffers from an SQL Injection vulnerability. Note that this advisory has site-specific information.

tags | exploit, remote, sql injection
SHA-256 | 8e7321e57a191458bb0488828e864521503137f0590d73239395524588a9079f
WordPress ProPlayer Plugin SQL Injection
Posted May 20, 2013
Authored by Ashiyane Digital Security Team

WordPress ProPlayer Plugin version 4.7.9.1 suffers from a remote SQL injection vulnerability. Note that this advisory has site-specific information.

tags | exploit, remote, sql injection
SHA-256 | cc97f9fb24702b00b0d44275e740d8353c7449cd7d2b62180d8d38729de371eb
Security Notice For CA ARCserve Backup
Posted Jan 15, 2013
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies support is alerting customers to multiple risks with certain CA ARCserve Backup RPC services. Two vulnerabilities exist that can allow a remote attacker to execute arbitrary code or cause a denial of service condition. The first vulnerability occurs due to a flaw with how RPC requests are processed. An attacker can potentially execute arbitrary code or cause a denial of service on server installations. The second vulnerability occurs due to insufficient validation of certain RPC requests and exploitation can result in a service crash. This vulnerability affects both server and agent installations. This advisory is an updated version of the originally release CA20121018-01.

tags | advisory, remote, denial of service, arbitrary, vulnerability
advisories | CVE-2012-2971, CVE-2012-2972
SHA-256 | be3d581b61c9b5924795c648c3df4db5b11cf040219259da002acc2321c797fa
Page 1 of 4
Back1234Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close