Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0

/master/mobile_plugin_exploit.sh URL: http://www.vapidlabs.com/advisory.php?v=178 Credit: Larry W. Cashdollar, @_larry0 https://github.com/lcashdol/Exploits/blob/master/mobile_plugin_exploit.sh

XSS and SQLi in huge IT gallery v1.1.5 for Joomla

Title: XSS and SQLi in huge IT gallery v1.1.5 for Joomla Fixed: v1.1.7 Author: Larry W. Cashdollar, @_larry0 and Elitza Neytcheva, @ElitzaNeytcheva Date: 2016-07-14 Download Site: http://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-pro Vendor: huge-it.com Vendor

SQL Injection in easy2map-photos wordpress plugin v1.09

Title: SQL Injection in easy2map-photos wordpress plugin v1.09 Author: Larry W. Cashdollar, @_larry0 Date: 2015-06-08 Download Site: https://wordpress.org/plugins/easy2map-photos Vendor: Steven Ellis Vendor Notified: 2015-06-08, fixed in v1.1.0 Vendor Contact: https://profiles.wordpress.org

Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5

Title: Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5 Author: Larry W. Cashdollar, @_larry0 Date: 2015-07-05 Download Site: https://wordpress.org/plugins/wp-ecommerce-shop-styling Vendor: https://profiles.wordpress.org/haet/ Vendor Notified: 2015-07-05

SQL Injection in easy2map wordpress plugin v1.24

Title: SQL Injection in easy2map wordpress plugin v1.24 Author: Larry W. Cashdollar, @_larry0 Date: 2015-06-08 Download Site: https://wordpress.org/plugins/easy2map Vendor: Steven Ellis Vendor Notified: 2015-06-08, fixed in v1.25 Vendor Contact: https://profiles.wordpress.org/stevenellis/ Advisory

Path Traversal vulnerability in Wordpress plugin se-html5-album-audio-player v1.1.0

Title: Path Traversal vulnerability in Wordpress plugin se-html5-album-audio-player v1.1.0 Author: Larry W. Cashdollar, @_larry0 Date: 2015-06-06 Advisory: http://www.vapid.dhs.org/advisory.php?v=124 Download Site: https://wordpress.org/plugins/se-html5-album-audio-player/ Vendor: https

Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin

Title: Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin Author: Larry W. Cashdollar, @_larry0 Date: 2015-06-07 Download Site: https://wordpress.org/plugins/aviary-image-editor-add-on-for-gravity-forms Vendor: Waters Edge Web Design

Xloner v3.1.2 wordpress plugin authenticated command execution and XSS

v3.1.2 wordpress plugin authenticated command execution and XSS Author: Larry W. Cashdollar, @_larry0 Date: 2015-05-10 Download Site: https://wordpress.org/plugins/xclonerbackupandrestore/ http://extensions.joomla.org/extensions/accessasecurity/sitesecurity/ backup/665 Advisory: http

Remote file upload vulnerability in wordpress plugin videowhisper-video-presentation v3.31.17

Title: Remote file upload vulnerability in wordpress plugin videowhisper-video-presentation v3.31.17 Author: Larry W. Cashdollar, @_larry0 Date: 2015-03-29 Download Site: https://wordpress.org/plugins/videowhisper-video-presentation/ Vendor: http://www.videowhisper.com/ Vendor Notified: 2015-03

Exploit for stealing backups on WP sites with WP-DB-Backup v2.2.4 plugin

#!/bin/bash #Larry W. Cashdollar, @_larry0 #Will brute force and search a Wordpress target site with WP-DB-Backup v2.2.4 plugin installed for any backups done on #20141031 assumes the wordpress database is wordpress and the table prefix is wp_ #http://www.vapid.dhs.org/advisories/wordpress

XCloner Wordpress/Joomla! backup Plugin v3.1.1 (Wordpress) v3.5.1 (Joomla!) Vulnerabilities

Title: XCloner Wordpress/Joomla! backup Plugin v3.1.1 (Wordpress) v3.5.1 (Joomla!) Vulnerabilities Author: Larry W. Cashdollar, @_larry0 Date: 10/17/2014 Download: https://wordpress.org/plugins/xcloner-backup-and-restore/ Download: http://extensions.joomla.org/extensions/access-a-security/site

Vulnerabilities in WordPress Database Manager v2.7.1

Title: Vulnerabilities in WordPress Database Manager v2.7.1 Author: Larry W. Cashdollar, @_larry0 Date: 10/13/2014 Download: https://wordpress.org/plugins/wp-dbmanager/ Downloads: 1,171,358 Vendor: Lester Chan, https://profiles.wordpress.org/gamerz/ Contacted: 10/13/2014, Vulnerabilities addressed

Remote Command Injection in Ruby Gem sfpagent 0.4.14

Title: Remote Command Injection in Ruby Gem sfpagent 0.4.14 Date: 4/15/2014 Author: Larry W. Cashdollar, @_larry0 CVE: 2014-2888 Download: http://rubygems.org/gems/sfpagent Vulnerability The list variable generated from the user supplied JSON[body] input is passed directly to the system

Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem

Title: Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem Author: Larry W. Cashdollar, @_larry0 Download Site: http://rubygems.org/gems/Arabic-Prawn CVE: 2014-2322 Date: 12/17/2013 In Arabic-Prawn-0.0.1/lib/string_utf_support.rb, the following lines pass unsanitized input to the shell

Persistent XSS in Media File Renamer V1.7.0 wordpress plugin

Title: Persistent XSS in Media File Renamer V1.7.0 wordpress plugin Date: 1/31/2014 Author: Larry W. Cashdollar, @_larry0 Vendor: Notified 2/4/2014 CVE: 2014-2040 Download: http://www.meow.fr/media-file-renamer/ Vulnerability: The following functions do not sanitize input before being echoed

Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line

Title: Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line Date: 11/15/2013 Author: Larry W. Cashdollar, @_larry0 Download: http://rubygems.org/gems/bio-basespace-sdk Description: BaseSpace Ruby SDK is a Ruby based Software Development Kit to be used in the development of Apps

Command injection vulnerability in Ruby Gem sprout 0.7.246

}) If the attacker can control zip_dir, zip_name or output then they can possibly execute shell commands by injecting shell meta characters as input. PoC: For example: filename;id;.zip I contacted the developer a few weeks ago but received no response. Thanks! Larry W. Cashdollar @_larry0 http

Command injection in Ruby Gem Webbynode 1.0.5.3

Title: Command injection in Ruby Gem Webbynode 1.0.5.3 Date: 11/11/2013 Author: Larry W. Cashdollar, @_larry0 Download: http://rubygems.org/gems/webbynode Vulnerability Description: The following code located in: ./webbynode-1.0.5.3/lib/webbynode/notify.rb doesn't fully sanitize user

TheServer log file access password in cleartext w/vendor resolution.

Vapid Labs Security Note A quick note on Fastlink Software's TheServer http server. I was not going to write this up since it is a silly problem but this server is listed in the netcraft survey so people are using it. TheServer is

OpenOffice 1.0.1 Race condition during installation.

Vapid Labs Larry W. Cashdollar 9/9/02 Summary: OpenOffice 1.0.1 Race condition during installation can overwrite system files. Severity: Low Description: A very simple and easy to exploit race condition exist during

Exploit for Tarantella Enterprise 3 installation (BID 3966)

Tarantella addressed these issues in a security bulletin: http://www.tarantella.com/security/bulletin-04.html #!/usr/bin/perl -w #Another Exploit for tarantella enterprise 3 installation. #Larry Cashdollar [EMAIL PROTECTED] 2/08/2002 #Exploits gunzip$$ binary being created in /tmp with perm

Re: OCE' 9400 plotters

There is, however, quite a bit of documentation in the hub's manual about setting a root password, and the importance of doing so.. don't know who decided to use this same firmware in plotters/printers or what their documentation is like, however it seems to come down to the general rule of

OCE' 9400 plotters

attacks =) syntax: ping [-s] IPNAME [DATASZ [NUMPKTS]] -- Larry W. Cashdollar Unix Administrator Security Operations