Full Disclosure
Posted by Simo Ben youssef on Nov 27
Ryan,
Those are the plugins main directories, the plugins create and extract the update zip folder inÂ
wordpress/wp-content/plugins/revslider/temp/update_extract/ then fails to clean up after successful exploitation.
So the shell is located in wordpress/wp-content/plugins/revslider/temp/update_extract/revslider/
===================================================
— Revslider/Showbiz shell upload exploit
— By: Simo Ben youssef…
Posted by Ryan Dewhurst on Nov 27
Do you know if revslider and showbiz create a /wp-content/plugins/revslider/
and /wp-content/plugins/showbiz/ directories?
It is so that we can add them as ‘slugs’ for WPScan (http://wpscan.org) and
WPVULNDB (https://wpvulndb.com).
On Tue, Nov 25, 2014 at 5:37 PM, Simo Ben youssef <simo () morxploit com>
wrote:
Posted by Susan Bradley on Nov 27
Be aware that any out of date Silverlight will be blocked as of
November’s IE release.
http://blogs.msdn.com/b/ie/archive/2014/10/14/october-2014-updates-and-a-preview-of-changes-to-out-of-date-activex-control-blocking.aspx
http://technet.microsoft.com/en-us/ie/dn818438.aspx
“This update notifies you when a Web page tries to load a Silverlight
ActiveX control older than (but not including) Silverlight 5.1.30514.0.”
It’s…
Posted by Nicolas A. Economou on Nov 27
Agafi/ROP is a Win32 command line tool chain useful to find gadgets and
build ROP-Chains used by x86 binary exploits.
* What is Agafi?
Agafi (Advanced Gadget Finder) is a x86 gadget-finder tool useful to
find gadgets in programs, modules and running processes.
The ROP search engine is based on 4 points:
1. Search by objective
2. An “executable/module/process/misc” snapshot
3. x86 code emulation (QEMU support)
4. Black box…
Posted by Jing Wang on Nov 27
*All Links in **Two Topics of Indiatimes (indiatimes.com
<http://indiatimes.com/>) Are Vulnerable to XSS (cross site scripting)
Attacks *
*Domain Description:*
“According to the Indian Readership Survey (IRS) 2012, the Times of India
is the most widely read English newspaper in India with a readership of
7.643 million. This ranks the Times of India as the top English daily in
India by readership.”…
Posted by Jing Wang on Nov 27
*CVE-2014-8754 WordPress “Ad-Manager Plugin†Dest Redirect Privilege
Escalation*
Exploit Title: WordPress Ad-Manager Plugin Dest Redirect Privilege
Escalation Vulnerability
Product: WordPress Ad-Manager Plugin
Vendor: CodeCanyon
Vulnerable Versions: 1.1.2
Tested Version: 1.1.2
Advisory Publication: Nov…
Posted by Jing Wang on Nov 27
*Exploit Title: Springshare LibCal XSS (Cross-Site Scripting) Vulnerability*
Product: LibCal
Vendor: Springshare
Vulnerable Versions: 2.0
Tested Version: 2.0
Advisory Publication: Nov 25, 2014
Latest Update: Nov 25, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-7291
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Solution Status:…
Posted by Jing Wang on Nov 27
*The Weather Channel weather.com <http://weather.com/> Almost All Links
Vulnerable to XSS Attacks*
Domain Description:
“The Weather Channel is an American basic cable and satellite television
channel which broadcasts weather forecasts and weather-related news and
analyses, along with documentaries and entertainment programming related to
weather.”
“As of August 2013, The Weather Channel was…
Posted by Hector Marco on Nov 27
CVE-2014-5439 – Root shell on Sniffit
Sniffit is a packet sniffer and monitoring tool.
The attacker can create a specially-crafted sniffit configuration file,
which is able
to bypass all three protection mechanisms:
– Non-eXecutable bit NX
– Stack Smashing Protector SSP
– Address Space Layout Randomisation ASLR
And execute arbitrary code with root privileges.
Exploit, fix and discussion in:…
Posted by DS MailingList on Nov 27
Hi list,
FileVista is an IIS package which installs a file server onto Windows
Server systems. More information can be obtained from their website at
http://www.gleamtech.com/filevista.
CVE-2014-8788: The zip file handling routines in FileVista leaks internal
paths when users attempt to write a zip file to a path in which the
FileVista user account does not have Write access to. The internal path is
the path at which FileVista is installed onto…