Monthly Archives: April 2015

Full Disclosure

phpSFP – Schedule Facebook Posts 1.5.6 Pre-auth SQL Injection (0-day)

Posted by Pichaya Morimoto on Apr 05

######################################################################
# _ ___ _ _ ____ ____ _ _____
# | | / _ | | |/ ___|/ ___| / |_ _|
# | | | | | | | | | _| | / _ | |
# | |__| |_| | | | |_| | |___ / ___ | |
# |________/|_| _|____|____/_/ __|
#
# phpSFP – Schedule Facebook Posts 1.5.6 Pre-auth SQL Injection (0-day)
# Website :
http://codecanyon.net/item/phpsfp-schedule-facebook-posts/5177393
#…

Full Disclosure

WordPress plugin Simple Ads Manager – Information Disclosure

Posted by ITAS Team on Apr 05

#Vulnerability title: WordPress plugin Simple Ads Manager – Information
Disclosure
#Product: WordPress plugin Simple Ads Manager
#Vendor: https://profiles.wordpress.org/minimus/
#Affected version: Simple Ads Manager 2.5.94 and 2.5.96
#Download link: https://wordpress.org/plugins/simple-ads-manager/
#CVE ID: CVE-2015-2826
#Author: Nguyen Hung Tuan (tuan.h.nguyen () itas vn) & ITAS Team

::PROOF OF CONCEPT::

+ REQUEST
POST…

Full Disclosure

ECE Projects XSS (Cross-site Scripting) Security Vulnerabilities

Posted by Jing Wang on Apr 05

*ECE Projects XSS (Cross-site Scripting) Security Vulnerabilities*

Exploit Title: ECE Projects XSS (Cross-site Scripting) Security
Vulnerabilities
Vendor: ECE Projektmanagement G.m.b.H. & Co. KG (ECE)
Product: ECE Projects
Vulnerable Versions:
Tested Version:
Advisory Publication: April 01, 2015
Latest Update: April 01, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: *
Impact CVSS Severity (version 2.0):
CVSS v2 Base…

Full Disclosure

6kbbs v8.0 SQL Injection Security Vulnerabilities

Posted by Jing Wang on Apr 05

*6kbbs v8.0 SQL Injection Security Vulnerabilities*

Exploit Title: 6kbbs Multiple SQL Injection Security Vulnerabilities
Vendor: 6kbbs
Product: 6kbbs
Vulnerable Versions: v7.1 v8.0
Tested Version: v7.1 v8.0
Advisory Publication: April 01, 2015
Latest Update: April 01, 2015
Vulnerability Type: Improper Neutralization of Special Elements used in an
SQL Command (‘SQL Injection’) [CWE-89]
CVE Reference: *
Impact CVSS Severity (version…

Full Disclosure

6kbbs v8.0 Multiple CSRF (Cross-Site Request Forgery) Security Vulnerabilities

Posted by Jing Wang on Apr 05

*6kbbs v8.0 Multiple CSRF (Cross-Site Request Forgery) Security
Vulnerabilities*

Exploit Title: 6kbbs Multiple CSRF (Cross-Site Request Forgery) Security
Vulnerabilities
Vendor: 6kbbs
Product: 6kbbs
Vulnerable Versions: v7.1 v8.0
Tested Version: v7.1 v8.0
Advisory Publication: April 02, 2015
Latest Update: April 02, 2015
Vulnerability Type: Cross-Site Request Forgery (CSRF) [CWE-352]
CVE Reference: *
CVSS Severity (version 2.0):
CVSS v2 Base…

Full Disclosure

6kbbs v8.0 XSS (Cross-site Scripting) Security Vulnerabilities

Posted by Jing Wang on Apr 05

*6kbbs v8.0 XSS (Cross-site Scripting) Security Vulnerabilities*

Exploit Title: 6kbbs XSS (Cross-site Scripting) Security Vulnerabilities
Vendor: 6kbbs
Product: 6kbbs
Vulnerable Versions: v7.1 v8.0
Tested Version: v7.1 v8.0
Advisory Publication: April 02, 2015
Latest Update: April 02, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: *
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM)…

Full Disclosure

Proverbs Web Calendar 2.1.2 XSS (Cross-site Scripting) Security Vulnerabilities

Posted by Jing Wang on Apr 05

*Proverbs Web Calendar 2.1.2 XSS (Cross-site Scripting) Security
Vulnerabilities*

Exploit Title: Proverbs Web Calendar /calendar.php Multiple Parameters XSS
(Cross-site Scripting) Security Vulnerabilities
Vendor: Proverbs
Product: Proverbs Web Calendar
Vulnerable Versions: 1.0.0 1.1 1.2.2 2.1 2.1.2
Tested Version: 1.2.2 2.1
Advisory Publication: April 03, 2015
Latest Update: April 03, 2015
Vulnerability Type: Cross-Site Scripting…

Full Disclosure

Re: Remote file upload vulnerability in videowhisper-video-conference-integration wordpress plugin v4.91.8

Posted by Larry W. Cashdollar on Apr 05

Hello Folks,

You can get php execution by using the file extension .phtml for both of these advisories. I’m currently updating the
advisories and the vendor.

Try using an uncommon extension not defined in /etc/mime.types.

$ grep “#app” /etc/mime.types
#application/vnd.ms-pki.stl stl
#application/x-httpd-eruby rhtml
#application/x-httpd-php…

Full Disclosure

WordPress plugin Simple Ads Manager – SQL Injection

Posted by ITAS Team on Apr 05

#Vulnerability title: WordPress plugin Simple Ads Manager – SQL Injection
#Product: WordPress plugin Simple Ads Manager
#Vendor: https://profiles.wordpress.org/minimus/
#Affected version: Simple Ads Manager 2.5.94 and 2.5.96
#Download link: https://wordpress.org/plugins/simple-ads-manager/
#CVE ID: CVE-2015-2824
#Author: Le Hong Minh (minh.h.le () itas vn) & ITAS Team

::PROOF OF CONCEPT::

—SQL INJECTION 1—

+ REQUEST:

POST…

Full Disclosure

Multiple SQL Injection

Posted by ITAS Team on Apr 05

#Vulnerability title: WordPress plugin Simple Ads Manager – Multiple SQL
Injection
#Product: WordPress plugin Simple Ads Manager
#Vendor: https://profiles.wordpress.org/minimus/
#Affected version: Simple Ads Manager 2.5.94 and 2.5.96 #Download link:
https://wordpress.org/plugins/simple-ads-manager/
#CVE ID: CVE-2015-2824
#Author: Le Hong Minh (minh.h.le () itas vn) & ITAS Team

::PROOF OF CONCEPT::

—SQL INJECTION 1—

+ REQUEST:

POST…