Archive

Archive for the ‘File Inclusion’ Category

WordPress WPScientist Multiple Themes Arbitrary File Upload

January 25th, 2013
Comments Off

Application: WordPress
Affected Version:
* Lightspeed version 1.1.2
* Eptonic version 1.4.3
* Nuance version 1.2.3
Vendor’s URL: WPScientist Multiple Themes
* Lightspeed version 1.1.2
* Eptonic version 1.4.3
* Nuance version 1.2.3
Bug Type: File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

WordPress Google Doc Embedder Plugin Arbitrary File Disclosure

January 25th, 2013
Comments Off

Application: WordPress
Affected Version: version 2.4.6 and other versions.
Vendor’s URL: Google Doc Embedder Plugin
Bug Type: File Disclosure
Risk Level: Critical

Solution:
Update to version 2.5.4.

Content Management, File Inclusion

WordPress Xerte Online Plugin Arbitrary File Upload

January 25th, 2013
Comments Off

Application: WordPress
Affected Version: version 0.32 and other versions.
Vendor’s URL: Xerte Online Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

WordPress Floating Social Media Links Plugin “wpp” Remote File Inclusion

December 24th, 2012
Comments Off

Application: WordPress
Affected Version: version 1.4.2 and prior versions.
Vendor’s URL: Floating Social Media Links Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 1.4.3.

Content Management, File Inclusion

WordPress Advanced Custom Fields Plugin “acf_abspath” Remote File Inclusion

November 26th, 2012
Comments Off

Application: WordPress
Affected Version: version 3.5.1 and prior versions.
Vendor’s URL: Advanced Custom Fields Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 3.5.2.

Content Management, File Inclusion

WordPress Crayon Syntax Highlighter Plugin “wp_load” Remote File Inclusion Vulnerability

October 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 1.12.1 and prior versions.
Vendor’s URL: Crayon Syntax Highlighter Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 1.13.

Content Management, File Inclusion

Joomla! En Masse Component Remote File Inclusion

August 30th, 2012
Comments Off

Application: Joomla!
Affected Version: versions prior to 3.1.3.
Vendor’s URL: En Masse Component
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Update to version 3.1.3.

Content Management, File Inclusion

WordPress Cimy User Extra Fields Plugin Arbitrary File Upload

July 26th, 2012
Comments Off

Application: WordPress
Affected Version: version 2.3.7 and other versions.
Vendor’s URL: Cimy User Extra Fields Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

WordPress Nmedia Users File Uploader Plugin Arbitrary File Upload

July 26th, 2012
Comments Off

Application: WordPress
Affected Version: version 1.8 and other versions.
Vendor’s URL: Nmedia Users File Uploader Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Upgrade to version 2.0.

Content Management, File Inclusion

WordPress Resume Submissions & Job Postings Plugin Arbitrary File Upload

July 26th, 2012
Comments Off

Application: WordPress
Affected Version: version 2.5.1 and other versions.
Vendor’s URL: Resume Submissions & Job Postings Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

WordPress Post Recommendations Plugin “abspath” File Inclusion

July 26th, 2012
Comments Off

Application: WordPress
Affected Version: version 1.1.2 and other versions.
Vendor’s URL: Post Recommendations Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

Joomla! OS Property Component File Upload

July 26th, 2012
Comments Off

Application: Joomla!
Affected Version: version 2.0 and other versions.
Vendor’s URL: OS Property Component
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 2.0.3.

Content Management, File Inclusion

WordPress A Page Flip Book Plugin “pageflipbook_language” File Inclusion

July 26th, 2012
Comments Off

Application: WordPress
Affected Version: version 2.3 and other versions.
Vendor’s URL: A Page Flip Book Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

WordPress Flip Book Plugin Arbitrary File Upload

July 26th, 2012
Comments Off

Application: WordPress
Affected Version: version 1.0 and other versions.
Vendor’s URL: Flip Book Plugin
Bug Type: File upload
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, File Inclusion

WordPress HTML5 AV Manager Plugin Arbitrary File Upload

June 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 0.2.7 and other versions.
Vendor’s URL: HTML5 AV Manager Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Restrict access to the wp-content/plugins/html5avmanager/lib/uploadify/custom.php file (e.g. via .htaccess).

Content Management, File Inclusion

WordPress Asset Manager Plugin Arbitrary File Upload

June 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 0.2 and other versions.
Vendor’s URL: Asset Manager Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Restrict access to the wp-content/plugins/asset-manager/upload.php file (e.g. via .htaccess).

Content Management, File Inclusion

WordPress FoxyPress Plugin Arbitrary File Upload

June 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 0.4.2.1 and other versions.
Vendor’s URL: FoxyPress Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 0.4.2.2.

Content Management, File Inclusion

WordPress Thinkun Remind Plugin “dirPath” Remote File Inclusion

June 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 1.1.3 and other versions.
Vendor’s URL: Thinkun Remind Plugin
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Content Management, File Inclusion

WordPress RBX Gallery Plugin Arbitrary File Upload

June 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 2.1 and other versions.
Vendor’s URL: RBX Gallery Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Restrict access to the wp-content/plugins/rbxgallery/uploader.php file (e.g. via .htaccess).

Content Management, File Inclusion

WordPress Top Quark Architecture Plugin Arbitrary File Upload

June 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 2.1.0 and prior versions.
Vendor’s URL: Top Quark Architecture Plugin
Bug Type: File Upload
Risk Level: Critical

Solution:
Update to version 2.1.1.

Content Management, File Inclusion