Archive

Archive for June, 2012

WordPress Google Maps Via Store Locator Plus Plugin Path Disclosure and SQL Injection

June 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 3.0.1 and other versions.
Vendor’s URL: Google Maps Via Store Locator Plus Plugin
Bug Type: SQL Injection & Path Disclosure
Risk Level: Critical

Solution:
Restrict access to the wp-content/plugins/store-locator-le/core/load_wp_config.php file (e.g. via .htaccess). Edit the source code to ensure that input is properly sanitised.

Content Management, Information Disclosure, SQL Injection

WordPress HTML5 AV Manager Plugin Arbitrary File Upload

June 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 0.2.7 and other versions.
Vendor’s URL: HTML5 AV Manager Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Restrict access to the wp-content/plugins/html5avmanager/lib/uploadify/custom.php file (e.g. via .htaccess).

Content Management, File Inclusion

WordPress Asset Manager Plugin Arbitrary File Upload

June 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 0.2 and other versions.
Vendor’s URL: Asset Manager Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Restrict access to the wp-content/plugins/asset-manager/upload.php file (e.g. via .htaccess).

Content Management, File Inclusion

WordPress FoxyPress Plugin Arbitrary File Upload

June 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 0.4.2.1 and other versions.
Vendor’s URL: FoxyPress Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 0.4.2.2.

Content Management, File Inclusion

WordPress Thinkun Remind Plugin “dirPath” Remote File Inclusion

June 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 1.1.3 and other versions.
Vendor’s URL: Thinkun Remind Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Content Management, File Inclusion

WordPress Simple Download Button Shortcode Plugin Arbitrary File Disclosure

June 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 1.0 and other versions.
Vendor’s URL: Simple Download Button Shortcode Plugin
Bug Type: File Disclosure
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Content Management, Information Disclosure

WordPress RBX Gallery Plugin Arbitrary File Upload

June 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 2.1 and other versions.
Vendor’s URL: RBX Gallery Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Restrict access to the wp-content/plugins/rbxgallery/uploader.php file (e.g. via .htaccess).

Content Management, File Inclusion

WordPress Top Quark Architecture Plugin Arbitrary File Upload

June 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 2.1.0 and prior versions.
Vendor’s URL: Top Quark Architecture Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 2.1.1.

Content Management, File Inclusion

WordPress Easy Contact Forms Export Plugin File Disclosure

June 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 1.1.0 and other versions.
Vendor’s URL: Easy Contact Forms Export Plugin
Bug Type: File Disclosure
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Content Management, Information Disclosure

WordPress wpStoreCart Plugin Arbitrary File Upload

June 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 2.5.29 and prior versions.
Vendor’s URL: wpStoreCart Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 2.5.30.

Content Management, E-Commerce, File Inclusion

WordPress Nmedia Member Conversation Plugin Arbitrary File Upload

June 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 1.3 and other versions.
Vendor’s URL: Nmedia Member Conversation Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Restrict access to the /wp-content/plugins/wordpress-member-private-conversation/doupload.php script (e.g. via .htaccess).

Content Management, File Inclusion

WordPress Font Uploader Plugin Arbitrary File Upload

June 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 1.2.4 and other versions.
Vendor’s URL: Font Uploader Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Content Management, File Inclusion

SugarCRM “unserialize()” PHP Code Execution

June 30th, 2012
Comments Off

Application: SugarCRM
Affected Version: versions prior to 6.4.0.
Vendor’s URL: SugarCRM
Bug Type: Code Execution
Risk Level:

Solution:
Update to version 6.4.0 or later.

Content Management, Remote Command Execution

WordPress SS Quiz Plugin Cross-Site Request Forgery and Security Bypass Vulnerabilities

June 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 1.11 and prior versions.
Vendor’s URL: SS Quiz Plugin
Bug Type: Cross Site Scripting and Security Bypass
Risk Level: Critical

Solution:
Update to version 1.12.

Access Bypass, Content Management, Cross Site Scripting

e107 Hupsi Fancybox Plugin Arbitrary File Upload Vulnerability

June 30th, 2012
Comments Off

Application: e107
Affected Version: version 1.4 and other versions.
Vendor’s URL: Hupsi Fancybox Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Restrict access to the e107_plugins/hupsi_fancybox/uploader/uploadify.php script (e.g. via .htaccess).

Content Management, File Inclusion

e107 Radio Plan Plugin Arbitrary File Upload Vulnerability

June 30th, 2012
Comments Off

Application: e107
Affected Version: version 2.06 and other versions.
Vendor’s URL: Radio Plan Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Restrict access to the e107_plugins/radio_plan/admin/upload.php script (e.g. via .htaccess).

Content Management, File Inclusion

e107 Hupsi Share Plugin Arbitrary File Upload

June 30th, 2012
Comments Off

Application: e107
Affected Version: version 1.1 and other versions.
Vendor’s URL: Hupsi Share Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Restrict access to the e107_plugins/hupsi_share/inc/uploader/uploadify.php script (e.g. via .htaccess).

Content Management, File Inclusion

Joomla! Easy Flash Uploader Module Arbitrary File Upload Vulnerability

June 30th, 2012
Comments Off

Application: Joomla!
Affected Version: version 2.0 and prior versions.
Vendor’s URL: Easy Flash Uploader Module
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 2.1.

Content Management, File Inclusion