what you don't know can hurt you
Showing 1 - 25 of 100 RSS Feed

Files

WordPress PHPMailer Host Header Command Injection
Posted May 17, 2017
Authored by Dawid Golunski, wvu | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in WordPress version 4.6 with Exim as an MTA via a spoofed Host header to PHPMailer, a mail-sending library that is bundled with WordPress. A valid WordPress username is required to exploit the vulnerability. Additionally, due to the altered Host header, exploitation is limited to the default virtual host, assuming the header isn't mangled in transit. If the target is running Apache 2.2.32 or 2.4.24 and later, the server may have HttpProtocolOptions set to Strict, preventing a Host header containing parens from passing through, making exploitation unlikely.

tags | exploit, spoof
advisories | CVE-2016-10033
MD5 | 79e346c62995359fee5570ce7b675572

Related Files

ShopperPress WordPress Theme 2.7 Cross Site Scripting
Posted Aug 17, 2012
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

ShopperPress WordPress theme version 2.7 suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 208ecb5c6407d2aface4e45643669151
ShopperPress WordPress Theme 2.7 SQL Injection
Posted Aug 17, 2012
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

The ShopperPress WordPress theme version 2.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | db008f009f691d425c907525c3c37394
Secunia Security Advisory 50289
Posted Aug 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the RSVPMaker plugin for WordPress, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory
MD5 | fb8df4c3c7e3960c5bbf3196f86f1259
Secunia Security Advisory 50217
Posted Aug 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in the Mz-jajak plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
MD5 | 4f0eb8ff701833aad0d9c36c94d029f0
WordPress Mz-Jajak 2.1 SQL Injection
Posted Aug 11, 2012
Authored by StRoNiX

WordPress third party plugin Mz-jajak versions 2.1 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 5bb3a93d4ec818482dbad5c8047b4119
WordPress Quick Post Widget 1.9.1 Cross Site Scripting
Posted Aug 10, 2012
Authored by Stefan Schurtz

WordPress Quick Post Widget version 1.9.1 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2012-4226
MD5 | 615cbf348739d0efce5c30b420d9345b
Secunia Security Advisory 50207
Posted Aug 9, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - loneferret has reported a vulnerability in the Postie plugin for WordPress, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory
MD5 | d5096b2a170c6e87c68cbfc78c051c69
Secunia Security Advisory 50208
Posted Aug 9, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - loneferret has reported some vulnerabilities in the SimpleMail plugin for WordPress, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory, vulnerability
MD5 | 77ccedf221104dbce6ed463f8f859d65
Secunia Security Advisory 50176
Posted Aug 7, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been discovered in the Vitamin plugin for WordPress, which can be exploited by malicious people to disclose sensitive information.

tags | advisory, vulnerability
MD5 | 1975f1ca6d275e2c8ade9b3675f20f05
Secunia Security Advisory 50161
Posted Aug 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability with an unknown impact has been reported in the Featured Post with thumbnail plugin for WordPress.

tags | advisory
MD5 | da27114d17e5f0e693bb0686396e8b94
Secunia Security Advisory 50166
Posted Aug 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been discovered in the WP Lead Management plugin for WordPress, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory, vulnerability
MD5 | ffe53d97f6a59971cc40b16983295479
WordPress Easy Comment Uploads Shell Upload
Posted Aug 4, 2012
Authored by Nafsh

WordPress Easy Comment Uploads third party module suffers from a remote shell upload vulnerability as the mime-type check seems to be bypass if the referer is set to wp-admin.

tags | exploit, remote, shell
MD5 | 70f0a57d3680ceac9ae57574db19eb54
Secunia Security Advisory 50173
Posted Aug 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in the XVE Various Embed plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
MD5 | 40a413d82c6734e4fa17a05032abbecf
Secunia Security Advisory 50100
Posted Aug 2, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been discovered in the G-Lock Double Opt-in Manager plugin for WordPress, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory, vulnerability
MD5 | 4a85b959e8691c2e7207bb8b68578848
WordPress G-Lock Double Opt-in Manager 2.6.2 SQL Injection
Posted Aug 1, 2012
Authored by BEASTIAN

WordPress G-Lock Double Opt-in Manager plugin versions 2.6.2 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | f0f9d0672603192eda88598cc6166338
Secunia Security Advisory 50099
Posted Jul 31, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in the Backend Localization plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
MD5 | eb3105446a618a04f85ecebe3a003f5e
JW Player / SVFP / Poodll / RokBox Cross Site Scripting
Posted Jul 29, 2012
Authored by MustLive

Various flash players, such as JWPlayer for MODx, Simple video flash player for Joomla, Poodll for Moodle, RokBox for Joomla, and RokBox for WordPress all suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | b24214fa12493f0853af80eb6dfeec32
Secunia Security Advisory 49850
Posted Jul 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Charlie Eriksen has discovered a security issue in the GD Star Rating plugin for WordPress, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
MD5 | 4b6a09fce0dc4049b096335b88e03920
Secunia Security Advisory 49836
Posted Jul 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Charlie Eriksen has discovered multiple vulnerabilities in the Mac Photo Gallery plugin for WordPress, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory, vulnerability
MD5 | e8665c81dff3f7c90e9605cadc75df4e
Secunia Security Advisory 50038
Posted Jul 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Backup plugin for WordPress, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
MD5 | eaae04f23d669cad28f8297c445a9372
Secunia Security Advisory 49910
Posted Jul 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Charlie Eriksen has discovered two vulnerabilities in the Flexi Quote Rotator plugin for WordPress, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site request forgery attacks.

tags | advisory, vulnerability, sql injection, csrf
MD5 | 65707ad61ac31f19f97dc800f6e719a1
WordPress Front End Upload 0.5.4.4 Shell Upload
Posted Jul 24, 2012
Authored by Chris Kellum

WordPress Front End Upload version 0.5.4.4 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | beb98cfe39efbbecf8da50c059f4faa9
Secunia Security Advisory 50030
Posted Jul 23, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Get Off Malicious Scripts plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | 88d3522399a6a74215a7f72e860b05e2
WordPress Chenpress Shell Upload
Posted Jul 21, 2012
Authored by Am!r | Site irist.ir

WordPress ChenPress plugin suffers from a remote shell upload vulnerability via a FCKEditor.

tags | exploit, remote, shell
MD5 | 4d57c5aab8a869355fa7edbf23b7fc88
Secunia Security Advisory 49996
Posted Jul 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in the Nmedia Users File Uploader plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, file upload
MD5 | 3decd94bc73492932f55162ea381a7b0
Page 1 of 4
Back1234Next

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    1 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    12 Files
  • 13
    Feb 13th
    18 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    19 Files
  • 20
    Feb 20th
    20 Files
  • 21
    Feb 21st
    11 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close