The 'upload_file()' ajax function is affected from unrestircted file upload vulnerability. An attacker can upload a malicious file to the server by sending a POST request with the malicious file to the 'admin-ajax.php' page.
Wordpress Duplicator 0.5.14 suffers from remote SQL Injection Vulnerability. The $post['duplicator_delid'] variable is not sanitized, allowing an authorized user with 'export' permission or a remote unauthenticated attacker to execute arbitrary SQL queries on the victim WordPress web site by enticing an authenticated admin (CSRF).
Wordpress Plugin 'WP Mobile Edition' is not filtering data in GET parameter 'files' in file 'themes/mTheme-Unus/css/css.php', allowing attackers to view the source code of wp-config.php.
This PoC exploit code is created by Emil Kvarnhammar, TrueSec for the rootpipe vulnerability (CVE-2015-1130). It is tested on OS X 10.7.5, 10.8.2, 10.9.5 and 10.10.2. It uses ctypes, objc, sys, Cocoa, and Foundation libraries to write a file with the given source binary to the given destination binary as root.
The file uploading code(uploader.php) in Windows Desktop and iPhone Photo Uploader plugin does not check for file extension before uploading it to the server, making it vulnerable to arbitrary file upload. To exploit this vulnerability, an attacker can open uploader.php in the plugin directory, browse for a PHP shell, and submit it. The shell will then be uploaded to the uploads directory at http://target.com/wp-content/uploads/i-dump-uploads/.
This module exploits a remote command execution vulnerability in the Barracuda Firmware Version <= 5.0.0.012 by exploiting a vulnerability in the web administration interface. By sending a specially crafted request it's possible to inject system commands while escalating to root do to relaxed sudo configuration on the local machine.
A remote code execution vulnerability exists in Novell ZENworks Configuration Management 11.3.1 due to improper validation of user-supplied input. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the vulnerable system.
The Wordpress plugin 'Traffic Analyzer' is vulnerable to a blind SQL injection vulnerability. The application does not properly validate input from the 'Referer' HTTP header value, which could allow a remote attacker to access the database with the privleges configured by Wordpress. This could also lead to the attack gaining remote access to the webservers filesystem and further compromise the system hosting the Wordpress installation.
Input passed to the 'content' POST parameter and the cookie 'counter' is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The application suffers from multiple blind SQL injection vulnerabilities when input is passed to several POST parameters thru their affected modules which are not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Services By CQR