[FD] Insecure /tmp file use in Oracle Solaris 11 Device Driver Utility v1.3.1 leads to root

Title: Insecure /tmp file use in Oracle Solaris 11 Device Driver Utility v1.3.1 leads to root Author: Larry W. Cashdollar, @_larry0 Date: 2020-02-02 CVE-2020-14724 Download Site: https://docs.oracle.com/cd/E37838_01/html/E69250/useddu.html Vendor: Oracle, fixed in July 14 2020 CPU https

[FD] Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0

/mobile_plugin_exploit.sh URL: http://www.vapidlabs.com/advisory.php?v=178 Credit: Larry W. Cashdollar, @_larry0 ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/

Re: [FD] Stored Cross-Site Scripting in WP Canvas - Shortcodes WordPress Plugin

Hello All, These are really great advisories, my only wish is that they were copied to the security lists in their entirety. This way we aren't relying on a single point of failure (your website) when looking for the data in the future. Thanks! Larry > On Nov 19, 2016, at 5:48 AM, Summer of

[FD] /tmp race condition in Teradata Studio Express v15.12.00.00 studioexpressinstall

Title: /tmp race condition in Teradata Studio Express v15.12.00.00 studioexpressinstall Author: Larry W. Cashdollar, @_larry0 Date: 2016-10-03 Download Site: http://downloads.teradata.com/download/tools/teradata-studio-express Vendor: Teradata Vendor Notified: 2016-10-03 Vendor Contact: web form

[FD] Teradata Virtual Machine Community Edition v15.10 Insecure creation of files in /tmp

Title: Teradata Virtual Machine Community Edition v15.10 Insecure creation of files in /tmp Author: Larry W. Cashdollar, @_larry0 Date: 2016-10-01 Download Site: http://downloads.teradata.com/download/database/teradata-virtual-machine-community-edition-for-vmware Vendor: Teradata Vendor Notified

[FD] Teradata Virtual Machine Community Edition v15.10 has insecure file permission

Title: Teradata Virtual Machine Community Edition v15.10 has insecure file permission Author: Larry W. Cashdollar, @_larry0 Date: 2016-10-01 Download Site: http://downloads.teradata.com/download/database/teradata-virtual-machine-community-edition-for-vmware <http://downloads.teradata.

[FD] Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6

Title: Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6 Author: Larry W. Cashdollar, @_larry0 Date: 2016-09-16 Download Site: http://huge-it.com/joomla-portfolio-gallery/ Vendor: huge-it.com Vendor Notified: 2016-09-17 Vendor Contact: i...@huge-it.com Description: Huge

[FD] Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla

Title: Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla Author: Larry W. Cashdollar, @_larry0 Date: 2016-09-16 Download Site: http://huge-it.com/joomla-catalog/ Vendor: huge-it.com Vendor Notified: 2016-09-17 Vendor Contact: i...@huge-it.com Description: Huge-IT Product Catalog

[FD] XSS and SQLi in huge IT gallery v1.1.5 for Joomla

Title: XSS and SQLi in huge IT gallery v1.1.5 for Joomla Fixed: v1.1.7 Author: Larry W. Cashdollar, @_larry0 and Elitza Neytcheva, @ElitzaNeytcheva Date: 2016-07-14 Download Site: http://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-pro Vendor: huge-it.com Vendor

[FD] Local root vulnerability in DeleGate v9.9.13

Title: Local root vulnerability in DeleGate v9.9.13 Author: Larry W. Cashdollar, @_larry0 Date: 2015-12-17 Advisory: http://www.vapidlabs.com/advisory.php?v=159 Download Sites: http://delegate.hpcc.jp/delegate/ http://delegate.org/delegate/ Vendor: National Institute of Advanced Industrial

Re: [FD] Remote file upload vulnerability in mailcwp v1.99 wordpress plugin

On Jul 16, 2015, at 8:18 PM, Larry W. Cashdollar lar...@me.com wrote: Title: Remote file upload vulnerability in mailcwp v1.99 wordpress plugin Author: Larry W. Cashdollar, @_larry0 Date: 2015-07-09 Download Site: https://wordpress.org/plugins/mailcwp/ Vendor: CadreWorks Pty Ltd Vendor

[FD] Remote file upload vulnerability in mailcwp v1.99 wordpress plugin

Title: Remote file upload vulnerability in mailcwp v1.99 wordpress plugin Author: Larry W. Cashdollar, @_larry0 Date: 2015-07-09 Download Site: https://wordpress.org/plugins/mailcwp/ Vendor: CadreWorks Pty Ltd Vendor Notified: 2015-07-09 fixed in v1.110 Vendor Contact: Contact Page via WP site

[FD] Remote file download vulnerability in Wordpress Plugin image-export v1.1

Title: Remote file download vulnerability in Wordpress Plugin image-export v1.1 Author: Larry W. Cashdollar, @_larry0 Date: 2015-07-01 Download Site: https://wordpress.org/plugins/image-export Vendor: www.1efthander.com Vendor Notified: 2015-07-05 Vendor Contact: https://twitter.com/1eftHander

[FD] Remote file upload vulnerability SQLi in wordpress plugin wp-powerplaygallery v3.3

Title: Remote file upload vulnerability SQLi in wordpress plugin wp-powerplaygallery v3.3 Author: Larry W. Cashdollar, @_larry0 Date: 2015-06-27 Download Site: https://wordpress.org/plugins/wp-powerplaygallery Vendor: WP SlideShow Vendor Notified: 2015-06-29 Advisory: http://www.vapid.dhs.org

[FD] Remote file download vulnerability in Wordpress Plugin wp-swimteam v1.44.10777

Title: Remote file download vulnerability in Wordpress Plugin wp-swimteam v1.44.10777 Author: Larry W. Cashdollar, @_larry0 Date: 2015-07-02 Download Site: https://wordpress.org/plugins/wp-swimteam Vendor: Mike Walsh www.MichaelWalsh.org Vendor Notified: 2015-07-02, fixed in v1.45beta3 Vendor

[FD] SQL Injection in easy2map-photos wordpress plugin v1.09

Title: SQL Injection in easy2map-photos wordpress plugin v1.09 Author: Larry W. Cashdollar, @_larry0 Date: 2015-06-08 Download Site: https://wordpress.org/plugins/easy2map-photos Vendor: Steven Ellis Vendor Notified: 2015-06-08, fixed in v1.1.0 Vendor Contact: https://profiles.wordpress.org

[FD] Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5

Title: Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5 Author: Larry W. Cashdollar, @_larry0 Date: 2015-07-05 Download Site: https://wordpress.org/plugins/wp-ecommerce-shop-styling Vendor: https://profiles.wordpress.org/haet/ Vendor Notified: 2015-07-05

[FD] Remote file download in Wordpress Plugin mdc-youtube-downloader v2.1.0

Title: Remote file download in Wordpress Plugin mdc-youtube-downloader v2.1.0 Author: Larry W. Cashdollar, @_larry0 Date: 2015-07-01 Download Site: https://wordpress.org/plugins/mdc-youtube-downloader Vendor: https://profiles.wordpress.org/mukto90/ Vendor Notified: 2015-07-01, removed vulnerable

[FD] SQL Injection in easy2map wordpress plugin v1.24

Title: SQL Injection in easy2map wordpress plugin v1.24 Author: Larry W. Cashdollar, @_larry0 Date: 2015-06-08 Download Site: https://wordpress.org/plugins/easy2map Vendor: Steven Ellis Vendor Notified: 2015-06-08, fixed in v1.25 Vendor Contact: https://profiles.wordpress.org/stevenellis/ Advisory

[FD] Remote file download vulnerability in download-zip-attachments v1.0

Title: Remote file download vulnerability in download-zip-attachments v1.0 Author: Larry W. Cashdollar, @_larry0 Date: 2015-06-10 Download Site: https://wordpress.org/plugins/download-zip-attachments/ Vendor: rivenvirus Vendor Notified: 2015-06-15 Vendor Contact: https://profiles.wordpress.org

[FD] Arbitrary File download in wordpress plugin wp-instance-rename v1.0

Title: Arbitrary File download in wordpress plugin wp-instance-rename v1.0 Author: Larry W. Cashdollar, @_larry0 Date: 2015-06-12 Download Site: https://wordpress.org/plugins/wp-instance-rename/ Vendor: Vlajo Vendor Notified: 2015-06-12 Advisory: http://www.vapid.dhs.org/advisory.php?v=127 Vendor

[FD] Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin

Title: Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin Author: Larry W. Cashdollar, @_larry0 Date: 2015-06-07 Download Site: https://wordpress.org/plugins/aviary-image-editor-add-on-for-gravity-forms Vendor: Waters Edge Web Design

[FD] Remote file upload vulnerability in wordpress plugin videowhisper-video-presentation v3.31.17

Title: Remote file upload vulnerability in wordpress plugin videowhisper-video-presentation v3.31.17 Author: Larry W. Cashdollar, @_larry0 Date: 2015-03-29 Download Site: https://wordpress.org/plugins/videowhisper-video-presentation/ Vendor: http://www.videowhisper.com/ Vendor Notified: 2015-03

[FD] Exploit for stealing backups on WP sites with WP-DB-Backup v2.2.4 plugin

#!/bin/bash #Larry W. Cashdollar, @_larry0 #Will brute force and search a Wordpress target site with WP-DB-Backup v2.2.4 plugin installed for any backups done on #20141031 assumes the wordpress database is wordpress and the table prefix is wp_ #http://www.vapid.dhs.org/advisories/wordpress

[FD] Rooted SSH/SFTP Daemon Default Login Credentials

I stumbled on to this while setting up an android vulnerability testing lab. Title: Rooted SSH/SFTP Daemon Default Login Credentials Author: Larry W. Cashdollar, @_larry0 OSVDB-ID: 110742 Date: 9/2/2014 Download: https://play.google.com/store/apps/details?id=web.oss.sshsftpDaemon

[FD] Remote Command Injection in Ruby Gem sfpagent 0.4.14

Title: Remote Command Injection in Ruby Gem sfpagent 0.4.14 Date: 4/15/2014 Author: Larry W. Cashdollar, @_larry0 CVE: 2014-2888 Download: http://rubygems.org/gems/sfpagent Vulnerability The list variable generated from the user supplied JSON[body] input is passed directly to the system