r confirms the issue
2016-02-03: Vendor publishes new release
2016-02-29: CVE request
2016-03-01: MITRE responds that CVE request is out-of-scope of CVE's published
priorities
2016-03-01: Public advisory
- --
Henri Salo
Security Specialist, Nixu Oy
Mobile: +358 40 770 5733
PL 39 FIN (Keilaranta 15)
quot;SELECT post_id, meta_key, meta_value FROM
$wpdb->posts wp JOIN $wpdb->postmeta wpm ON wpm.post_id = wp.ID where
wp.post_type = '$post_type' and meta_key NOT IN ('_edit_lock','_edit_last') and
meta_key NOT LIKE 'field_%' and meta_key NOT LIKE '_wp_types%'";
50 $result_header_quer
ASUS
29-jan-2015 security focus bugtraq
Could you copy-paste their exact responses, thanks? I hope they did not say
issue has been reported to concern department. This probably affects other
firmwares as well.
--
Henri Salo
https://scapsync.com/cwe/CWE-352
https://en.wikipedia.org/wiki/Cross-site_request_forgery
- ---
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlR96QIACgkQXf6hBi6kbk8peQCgtWgwrqs7ahsAw30Ndnu70N7/
l98An1m+MqJ7xJ8+VcPbMxo72i1Xs2oT
=bUVi
-END PGP
advisory
- - Link to bug entry
- - Affected versions
- - Fixed in versions
- - Proof of concept code/exploit
I am more than happy to help you off-list or create the request with you.
- ---
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlRCNA0ACgkQXf6hBi6kbk
another fake/false from iedb.
---
Henri Salo
signature.asc
Description: Digital signature
/path listed in your references.
Does this vulnerability have CVE identifier? What was vendor response?
---
Henri Salo
signature.asc
Description: Digital signature
sites as demo to SQL injection behind WordPress login, err what?
Also please note: This plugin hasn't been updated in over 2 years. It may no
longer be maintained or supported and may have compatibility issues when used
with more recent versions of WordPress.
---
Henri Salo
signature.asc
released new version? To me upgrading to 3.0.1
looks like a solution without looking at the code.
---
Henri Salo
signature.asc
Description: Digital signature
On Tue, Jul 09, 2013 at 07:17:35AM +, akshay.vagh...@cyberoam.com wrote:
Impact Type:Allows disruption of serviceUnknown
Unknown?
---
Henri Salo
signature.asc
Description: Digital signature
/news_dt.php only finds easy2remind.com website.
1: http://plugins.svn.wordpress.org/feed/
---
Henri Salo
signature.asc
Description: Digital signature
advisory -button in your web page without checking the
details? Why don't you just include PoC?
---
Henri Salo
signature.asc
Description: Digital signature
;
$count_log2 = strpos($this-itoa64, $setting[3]);
- if ($count_log2 7 || $count_log2 30)
+ if ($count_log2 7 || $count_log2 13)
return $output;
$count = 1 $count_log2;
Please use CVE-2013-2173 for this issue.
---
Henri Salo
as remote file inclusion?
- Henri Salo
does reply to emails
and fix security vulnerabilities. Does this vulnerability have CVE-identifier,
which would help in communication.
I can report this to the project again and request CVE-identifier if needed.
Please confirm that this is OK for you.
- Henri Salo
-identifiers if these differ a lot of other XSS-issues. At the point where
vendor does not fix issues like these nor reply I would say that people
shouldn't be using the software at all.
- Henri Salo
=2328649
- Henri Salo
#
This plugin is not in the official WordPress plugins repository. Where can it
be downloaded? Does this vulnerability have CVE-identifier?
- Henri Salo
tried release packages).
Could you also tell me the exact version you used when you tested this issue?
Have you reported this to the vendor? Is this fixed in some version? Have you
requested CVE-identifier?
- Henri Salo
#
#
Could not reproduce. Could you give working PoC?
- Henri Salo
#
Can't reproduce. Please provide proper PoC SQL-injection.
- Henri Salo
#
This is not valid issue. Please see
http://community.mybb.com/thread-120125.html for discussion.
- Henri Salo
-message:
mod_fcgid: stderr: PHP Fatal error: Call to undefined function
plugin_basename() in
snip/wp-content/plugins/advanced-text-widget/advancedtext.php on line 11
- Henri Salo
.
- Henri Salo
function add_action() in
snip/wp-content/plugins/1-jquery-photo-gallery-slideshow-flash/wp-1pluginjquery.php
on line 43
- Henri Salo
This seems to be same issue as http://secunia.com/advisories/38699/ /
http://osvdb.org/show/osvdb/62558
I created item about this case to their sf issue tracker:
https://sourceforge.net/tracker/?func=detailaid=3507681group_id=148518atid=771904
- Henri Salo
On Thu, Mar 15, 2012 at 05:31:41PM
/SSCHADV2011-038.txt
This issue can be refered as CVE-2011-4938.
- Henri Salo
-2010-4821.
- Henri Salo
does not have proper input validation
leading to stored XSS, which can only be added by administrators, but I don't
think this as a limit after other vulnerabilities. XSS will also be shown to
normal users (mainpage).
- Henri Salo
these. No contact
information of developer found. Any ideas how to get these fixed or get the
code out of internet. The package is also hosted in here:
http://www.hotscripts.com/listing/yvs-image-gallery/ (and probably others).
- Henri Salo
in the user name field.
As I did not receive any emails back from rezahmail@ on how author informed
vendor I reported this as
https://sourceforge.net/tracker/?func=detailaid=3488241group_id=298778atid=1260461
- Henri Salo
. In download-page there is also link
http://www.scribd.com/doc/23362922/What%E2%80%99s-New-in-KnowledgeTree-3-7 to
What's new-page, which is only about Commercial Edition.
Quality product..
- Henri Salo
).value = '%= Request.Item(Username)
%';
- Henri Salo
in the page, there is no filtering of
input.
There is also SQL-injection vulnerability, which is not critical. I still
reported it to the developer:
http://code.google.com/p/tinyguestbook/issues/detail?id=3
- Henri Salo
#
The page_info_message varibale in the details_view.php does not
sanitize input. This is a relective XSS attack.
# Exploit #
http://127.0.0.1/cal/details_view.php?event_id=1date=2011-12-01view=monthloc=loc1page_info_message=[XSS]
CVE-2011-5045 can be used for this issue.
- Henri Salo
#
#
#
##
CVE-2011-4624 is assigned for this issue.
- Henri Salo
used as far as developer
knew so might be the best not to email bugtraq before fix/patch next time.
More information: https://sourceforge.net/apps/mantisbt/sasha/view.php?id=13
You can also reach them at #sasha-dev in Freenode IRC-network.
- Henri Salo
/search?q=cache:bXCSV_g236EJ:attrition.org/errata/charlatan/htbridge/advisory_errata.htmlhl=enstrip=1
- Henri Salo
#
#
#
I think this is false-positive report, because code from:
http://plugins.svn.wordpress.org/flash-album-gallery/trunk/flagshow.php is:
$pictureID = (int) $_GET['pid'];
- Henri Salo
/plugin-pretty-link-lite-152-xss-vulnerability
- Henri Salo
#
#
#
#Mehdi.H4ckcity 2MzRp mikili All H4ckcity Members
#
I have now requested CVE-identifier for this issue:
http://seclists.org/oss-sec/2011/q4/477
- Henri Salo
if you need verification of issues. I am more than happy to help you!
- Henri Salo
With version r458335 I am unable to reproduce this issue as these PHP-files
just give require_once PHP warnings. Could you please help me with this issue
to identify if this is valid announcement and with what versions, thank you.
- Henri Salo
#
#
#
##
Unable to reproduce. What version of the module did you use?
- Henri Salo
The latest version of this advisory can be found at:
http://www.senseofsecurity.com.au/advisories/SOS-11-003.pdf
Other Sense of Security advisories can be found at:
http://www.senseofsecurity.com.au/research/it-security-advisories.php
http://osvdb.org/show/osvdb/71481
CVE-2011-4342
- Henri Salo
of such damages.
CVE-2011-0508
- Henri Salo
/show/osvdb/76293
CVE-2011-4335
- Henri Salo
:
Vulnerability found and advisory written by Stefan Schurtz.
===
References:
===
http://www.s9y.org
http://www.rul3z.de/advisories/SSCHADV2011-016.txt
CVE-2011-4366
- Henri Salo
.
===
References:
===
http://www.s9y.org
http://blog.s9y.org/archives/233-Serendipity-1.6-released.html
http://www.rul3z.de/advisories/SSCHADV2011-015.txt
CVE-2011-4365
- Henri Salo
: Upgrade to the most recent version
Please use CVE-2011-4336 for this issue. Reference:
http://seclists.org/oss-sec/2011/q4/374
- Henri Salo
/view.php?id=[SQL Injection]
CVE-identifiers for Jara 1.6 issues: http://seclists.org/oss-sec/2011/q4/200
- Henri Salo
://www.infoserve.de/
CVE-2011-4329 is assigned for this issue.
Best regards,
Henri Salo
#
#
#
#
Reported also to the author:
https://wordpress.org/support/topic/plugin-lanoba-social-plugin-xss-vulnerabilities
Best regards,
Henri Salo
/view.php?id=[SQL Injection]
Still not fixed. Tried to contact vendor via email (as did muuratsalo) without
any luck.
http://sourceforge.net/tracker/?func=detailaid=3428075group_id=294500atid=1243901
Best regards,
Henri Salo
/view.php?id=[SQL Injection]
Has this been fixed? What was vendor reply?
Best regards,
Henri Salo
Schurtz.
===
References:
===
http://www.silverstripe.com/
http://www.rul3z.de/advisories/SSCHADV2011-024.txt
I am unable to reproduce these issues. What is your reply SilverStripe? Any
plan on patching?
Best regards,
Henri Salo
your intentions were on reporting this, but
definately false-positive as far as I can tell. Did you notice that several
problems was fixed in this release?
Regards,
Henri Salo
This issue can be refered as CVE-2011-2719.
Best regards,
Henri Salo
own risk. Blue Moon
Consulting Co., Ltd reserves the right to change or update this notice at any
time.
CVE-2009-5025 has been assigned for this issue.
Best regards,
Henri Salo
. Please edit advisory
accordingly.
Best regards,
Henri Salo
of Winamp's
security-related communication?
Do you have any idea if this has been fixed in version Winamp Media Player 5.62?
Best regards,
Henri Salo
the vendor react to your notification? Do you want me to request
CVE-identifier for this issue or did you already request one?
Best regards,
Henri Salo
.
Best regards,
Henri Salo
application security scanner.
--
Netsparker Advisories, advisor...@mavitunasecurity.com
Homepage, http://www.mavitunasecurity.com/netsparker-advisories/
You can use CVE-2011-1723 identifier for this issue. References:
http://osvdb.org/71564
Best regards,
Henri Salo
. I would
say that this is at least low, because of the impact vector. Did the vendor
response anything?
Still not fixed by vendor.
Best regards,
Henri Salo
) are vulnerable.
I would like to thank David Ferrest for notifying me of this issue.
Henrik Størner,
lead Xymon developer.
Does these issues have CVE-identifier? Where can I see the full details of
these vulnerabilities?
Best regards,
Henri Salo
assigned?
---
Henri Salo
67 matches
Mail list logo