Posted by Nitin Venkatesh on Jun 15
# Title: Cross-Site Request Forgery Vulnerability in Users to CSV WordPress
Plugin v1.4.5
# Submitter: Nitin Venkatesh
# Product: Users to CSV WordPress Plugin
# Product URL: https://wordpress.org/plugins/users-to-csv/ (disabled)
# Plugin SVN URL: https://plugins.svn.wordpress.org/users-to-csv/ (active)
# Vulnerability Type: Cross-site Request Forgery [CWE-352]
# Affected Versions: v1.4.5 and possibly below.
# Tested versions: v1.4.5
# Fixed…
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
The WordPress Front-end Editor plugin contains an authenticated file upload vulnerability. We can upload arbitrary files to the upload folder, because the plugin also uses it’s own file upload mechanism instead of the wordpress api it’s possible to upload any file type.
TYPO3 Extension Akronymmanager versions 0.5.0 and below suffer from a remote SQL injection vulnerability.
Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.
Cross-site scripting (XSS) vulnerability in Elasticsearch Kibana 4.x before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
SQL injection vulnerability in monitor/show_sys_state.php in ISPConfig before 3.0.5.4p7 allows remote authenticated users with monitor permissions to execute arbitrary SQL commands via the server parameter. NOTE: this can be leveraged by remote attackers using CVE-2015-4119.2.
Multiple cross-site request forgery (CSRF) vulnerabilities in ISPConfig before 3.0.5.4p7 allow remote attackers to hijack the authentication of (1) administrators for requests that create an administrator account via a request to admin/users_edit.php or (2) arbitrary users for requests that conduct SQL injection attacks via the server parameter to monitor/show_sys_state.php.
The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow.