Exabytes Security Portal » File Inclusion

WordPress Work The Flow File Upload Plugin Arbitrary File Upload

April 29th, 2014

Comments Off

Application: WordPress
Affected Version: version 1.2.2 and other versions.
Vendor’s URL: Work The Flow File Upload Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

WordPress Business Intelligence Lite Plugin Arbitrary File Upload

March 30th, 2014

Comments Off

Application: WordPress
Affected Version: version 1.0.6 and other versions.
Vendor’s URL: Business Intelligence Lite Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 1.1.

Content Management, File Inclusion

WordPress The Cotton Theme Arbitrary File Upload

March 30th, 2014

Comments Off

Application: WordPress
Affected Version: version 1.1.4 and other versions.
Vendor’s URL: The Cotton Theme
Bug Type: File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

WordPress Kiddo Theme “uploadify.php” Arbitrary File Upload

February 28th, 2014

Comments Off

Application: WordPress
Affected Version:
Vendor’s URL: Kiddo Theme
Bug Type: File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

Joomla! PROJOOM Smart Flash Header Component Arbitrary File Upload

February 28th, 2014

Comments Off

Application: Joomla!
Affected Version: versions prior to 3.0.3.
Vendor’s URL: PROJOOM Smart Flash Header Component
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 3.0.3.

Content Management, File Inclusion

WordPress OptimizePress Plugin Arbitrary File Upload

December 30th, 2013

Comments Off

Application: WordPress
Affected Version: versions prior to 1.6.
Vendor’s URL: OptimizePress Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 1.6.

Content Management, File Inclusion

WordPress This Way Theme Arbitrary File Upload

November 29th, 2013

Comments Off

Application: WordPress
Affected Version: -
Vendor’s URL: This Way Theme
Bug Type: File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

WordPress Complete Gallery Manager Plugin Arbitrary File Upload

September 30th, 2013

Comments Off

Application: WordPress
Affected Version: version 3.3.3 and other versions.
Vendor’s URL: Complete Gallery Manager Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

WordPress Simple Dropbox Upload Plugin Arbitrary File Upload

September 30th, 2013

Comments Off

Application: WordPress
Affected Version: version 1.8.8 and other versions.
Vendor’s URL: Simple Dropbox Upload Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

AspxCommerce Logo Module Arbitrary File Upload

September 30th, 2013

Comments Off

Application: AspxCommerce
Affected Version: version 2.0 and other versions.
Vendor’s URL: Logo Module
Bug Type: File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

E-Commerce, File Inclusion

SocialEngine Timeline Plugin Arbitrary File Upload

August 26th, 2013

Comments Off

Application: SocialEngine
Affected Version: version 4.2.5p9 and other versions.
Vendor’s URL: Timeline Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 4.6.0.

Content Management, File Inclusion

Joomla! Arbitrary File Upload

August 26th, 2013

Comments Off

Application: Joomla!
Affected Version: version 3.1.4 and versions prior to 2.5.14 and 3.1.5.
Vendor’s URL: Joomla!
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 2.5.14 or 3.1.5.

Content Management, File Inclusion

WordPress Export To Text Plugin “download” Remote File Inclusion

June 28th, 2013

Comments Off

Application: WordPress
Affected Version: version 2.2 and prior versions.
Vendor’s URL: Export To Text Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 2.3.

Content Management, File Inclusion

YaBB “guestlanguage” Cookie Local File Inclusion

May 27th, 2013

Comments Off

Application: YaBB
Affected Version: version 2.5.2.
Vendor’s URL: YaBB
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Fixed in the SVN repository.

Discussion Boards, File Inclusion

WordPress Uploader Plugin Cross-Site Scripting and Arbitrary File Upload Vulnerabilities

March 28th, 2013

Comments Off

Application: WordPress
Affected Version: version 1.0.4 and other versions.
Vendor’s URL: Uploader Plugin
Bug Type: Cross-Site Scripting & File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting, File Inclusion

WordPress WP ecommerce Shop Styling Plugin “dompdf” Remote File Inclusion Vulnerability

February 26th, 2013

Comments Off

Application: WordPress
Affected Version: version 1.7.2 and other versions.
Vendor’s URL: WP ecommerce Shop Styling Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 1.8.

Content Management, File Inclusion

WordPress Gallery Plugin “load” Remote File Inclusion Vulnerability

February 26th, 2013

Comments Off

Application: WordPress
Affected Version: version 1.4 and other versions.
Vendor’s URL: Gallery Plugin
Bug Type: Critical
Risk Level: File Inclusion

Solution:
No official solution is currently available.

Content Management, File Inclusion

WordPress ReFlex Gallery Plugin Arbitrary File Upload

January 25th, 2013

Comments Off

Application: WordPress
Affected Version: version 1.4 and other versions
Vendor’s URL: ReFlex Gallery Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

WordPress Zingiri Forum Plugin “url” Arbitrary File Disclosure

January 25th, 2013

Comments Off

Application: WordPress
Affected Version: version 1.4.2 and other versions.
Vendor’s URL: Zingiri Forum Plugin
Bug Type: File Disclosure
Risk Level: Critical

Solution:
Update to version 1.4.4.

Content Management, File Inclusion

WordPress Browser Rejector Plugin “wppath” Remote File Inclusion

January 25th, 2013

Comments Off

Application: WordPress
Affected Version: version 2.10 and prior versions.
Vendor’s URL: Browser Rejector Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 2.11.

Content Management, File Inclusion

Archive

WordPress Work The Flow File Upload Plugin Arbitrary File Upload

WordPress Business Intelligence Lite Plugin Arbitrary File Upload

WordPress The Cotton Theme Arbitrary File Upload

WordPress Kiddo Theme “uploadify.php” Arbitrary File Upload

Joomla! PROJOOM Smart Flash Header Component Arbitrary File Upload

WordPress OptimizePress Plugin Arbitrary File Upload

WordPress This Way Theme Arbitrary File Upload

WordPress Complete Gallery Manager Plugin Arbitrary File Upload

WordPress Simple Dropbox Upload Plugin Arbitrary File Upload

AspxCommerce Logo Module Arbitrary File Upload

SocialEngine Timeline Plugin Arbitrary File Upload

Joomla! Arbitrary File Upload

WordPress Export To Text Plugin “download” Remote File Inclusion

YaBB “guestlanguage” Cookie Local File Inclusion

WordPress Uploader Plugin Cross-Site Scripting and Arbitrary File Upload Vulnerabilities

WordPress WP ecommerce Shop Styling Plugin “dompdf” Remote File Inclusion Vulnerability

WordPress Gallery Plugin “load” Remote File Inclusion Vulnerability

WordPress ReFlex Gallery Plugin Arbitrary File Upload

WordPress Zingiri Forum Plugin “url” Arbitrary File Disclosure

WordPress Browser Rejector Plugin “wppath” Remote File Inclusion

Categories

Archives