The iDangero.us Chop Slider 3 WordPress plugin version 3.4 and prior contains a blind SQL injection in the id parameter of the get_script/index.php page. The injection is passed through GET parameters, and thus must be encoded, and magic_quotes is applied at the server.
c40d3f2150f043263d7f5b593f87cd6eb6ed9507f109b3c2713e5d016de691c2When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP. Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.
f20ed46e990bc49e51e4df52537ec564d571907ef6c1bab6631f3044e0db35c8Whitepaper called Hacking HTTP CORS.
b61e090c2844b313bc5bcf80a898258cecf16f0d35e5763fa01cfa2c26e996cbThis is a brief whitepaper that discuss HTTP Host header attacks.
a6fa96ce1a609cfb613a8375b0180918f63f56cc17ee3a3c76e0de0ea38c3e92This is a whitepaper that discusses attacking GraphQL.
aa2a135e3c79bce67c8da5438837eb4be4d82d6384d4352b498bfce711c37bebLiteSpeed Web Server Enterprise version 5.4.11 suffers from an authenticated remote command injection vulnerability.
3ba47cb0d0b0247ab02f85b865390f467999b58710524e0b2140b93cf1e7dd71Whitepaper called Malware Hunting 101. Written in Vietnamese.
4c7c6fc0b06cba7e2b4fb8988f1c690f57a0745feb25e07266255d76ec474755Openlitespeed Web Server version 1.7.8 suffers from an authenticated command injection vulnerability.
6245ded7393648d6817b10e62fc6f6b93770c5c229af1eac1d2e7523eb97a85aWhitepaper called Android Application Vulnerabilities. Written in Vietnamese.
25a9be443e83e5ebb65adc0990933e8bc358ae4df7692ffa351cac1c3505acdeThis Metasploit module exploits an authenticated directory traversal vulnerability in WordPress plugin Simple JobBoard versions prior to 2.9.3 to perform an arbitrary file read with the web server privileges.
6496c8aa6342663e882ec2f4a0d63167dcd9c32f65f07c081d82e365efcf4f8dLaravel version 8.4.2 suffers from a debug mode remote code execution vulnerability.
e34cd9189ebccce75149b7a897ad6f0f8f21c47b20e534aec63a70a6024d57f6This Metasploit module exploits an unauthenticated directory traversal vulnerability in Apache Flink version 1.11.0.
79df4302ec4ea436f7e67026dddc838b8aa4610460bb6f8baa402ecd0a91ba4dResponsive FileManager version 9.13.4 path traversal exploit. Original discovery of this finding is attributed to farisv in December of 2018.
e60dde7a6fb3e57f25bc60645a9e6b12692e86e856f5127f0306b5a233418882CSZ CMS version 1.2.9 suffers from multiple cross site scripting vulnerabilities.
79f1df60bfb3aadd09240d3b2f1db88b5dd5c450c8c2e5cd822fcbfb3e1d4cbbWhitepaper called Object Prototype Pollution Attack.
0cf71dcc65c57e4d0d55c1d72779900dfcd3e0f7bb0d277277738f83613d8f75This Metasploit module exploits an unauthenticated directory traversal vulnerability in WordPress plugin W3 Total Cache version 0.9.2.6 through 0.9.3, allowing arbitrary file read with the web server privileges.
b1fd7066d25604160753e81eec4934df777ae2201da72af60ddf06186600cd4dWhitepaper called Exploit WordPress Plugin Vulnerability Using Static Source Code Analysis Techniques.
c79b819f3916ff0be16a8f92b4bb6d4ac20350c987de62c68c23246986271990This is a brief whitepaper discussing best practices in mobile application security.
b1918abbd608009a0920e4a9bc031809a5b57b44c3c36e87343ee875c3173748Whitepaper called API Security Overview that discusses different types of flaws and exploitation of API insecurities.
19487e6fb12e5fd2ce1d15d579fca1015fa6eb99c113ccce6a7fd2ae4947256bWonderCMS version 3.1.3 suffers from a persistent cross site scripting vulnerability. Original finding for persistent cross site scripting in this version of WonderCMS is attributed to Hemant Patidar.
5c77636e1392acaaefaad99cda395188e1f61fbc280e529b78e09a0273f56e6cWordPress Accesspress Social Icons theme version 1.7.9 suffers from a remote SQL injection vulnerability.
df164b02a712cca62c1fad6d88d073af2a72295ef861341c2f8f29ebd0a7522fApache OpenMeetings version 5.0.0 suffers from a denial of service vulnerability.
7539b0d8fbb557e732f484501716397e2294abadc113cf2d94a89501dcf3e5deBigTree CMS version 4.4.10 suffers from a remote code execution vulnerability.
92f4a303fee246d434165dc019b78a49fcc67be677212629c4facc2f010f054cSymphony CMS version 3.0.0 suffers from a persistent cross site scripting vulnerability.
2e44366f893d3e12294a36d49eeaca34428e4d82f50595d15725bbc37035ee42WordPress Autoptimize plugin version 2.7.6 suffers from an authenticated remote shell upload vulnerability.
22351f0d0d7c3f44bb5f337f9236dda428c979d350043aa67d965801fc39d337
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed