[FD] Remote file upload vulnerability in mailcwp v1.99 wordpress plugin

Title: Remote file upload vulnerability in mailcwp v1.99 wordpress plugin Author: Larry W. Cashdollar, @_larry0 Date: 2015-07-09 Download Site: https://wordpress.org/plugins/mailcwp/ Vendor: CadreWorks Pty Ltd Vendor Notified: 2015-07-09 fixed in v1.110 Vendor Contact: Contact Page via WP site

Re: [FD] Remote file upload vulnerability in mailcwp v1.99 wordpress plugin

> On Jul 16, 2015, at 8:18 PM, Larry W. Cashdollar wrote: > > Title: Remote file upload vulnerability in mailcwp v1.99 wordpress plugin > Author: Larry W. Cashdollar, @_larry0 > Date: 2015-07-09 > Download Site: https://wordpress.org/plugins/mailcwp/ > Vendor: CadreW

[FD] Local root vulnerability in DeleGate v9.9.13

Title: Local root vulnerability in DeleGate v9.9.13 Author: Larry W. Cashdollar, @_larry0 Date: 2015-12-17 Advisory: http://www.vapidlabs.com/advisory.php?v=159 Download Sites: http://delegate.hpcc.jp/delegate/ http://delegate.org/delegate/ Vendor: National Institute of Advanced Industrial

[FD] XSS and SQLi in huge IT gallery v1.1.5 for Joomla

Title: XSS and SQLi in huge IT gallery v1.1.5 for Joomla Fixed: v1.1.7 Author: Larry W. Cashdollar, @_larry0 and Elitza Neytcheva, @ElitzaNeytcheva Date: 2016-07-14 Download Site: http://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-pro Vendor: huge-it.com Vendor

[FD] Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla

Title: Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla Author: Larry W. Cashdollar, @_larry0 Date: 2016-09-15 Download Site: http://huge-it.com/joomla-video-gallery/ Vendor: www.huge-it.com, fixed v1.1.0 Vendor Notified: 2016-09-17 Vendor Contact: i...@huge-it.com

[FD] Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla

Title: Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla Author: Larry W. Cashdollar, @_larry0 Date: 2016-09-16 Download Site: http://huge-it.com/joomla-catalog/ Vendor: huge-it.com Vendor Notified: 2016-09-17 Vendor Contact: i...@huge-it.com Description: Huge-IT Product Catalog

[FD] Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6

Title: Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6 Author: Larry W. Cashdollar, @_larry0 Date: 2016-09-16 Download Site: http://huge-it.com/joomla-portfolio-gallery/ Vendor: huge-it.com Vendor Notified: 2016-09-17 Vendor Contact: i...@huge-it.com Description: Huge-IT

[FD] Teradata Virtual Machine Community Edition v15.10 has insecure file permission

Title: Teradata Virtual Machine Community Edition v15.10 has insecure file permission Author: Larry W. Cashdollar, @_larry0 Date: 2016-10-01 Download Site: http://downloads.teradata.com/download/database/teradata-virtual-machine-community-edition-for-vmware <http://downloads.teradata.

[FD] Teradata Virtual Machine Community Edition v15.10 Insecure creation of files in /tmp

Title: Teradata Virtual Machine Community Edition v15.10 Insecure creation of files in /tmp Author: Larry W. Cashdollar, @_larry0 Date: 2016-10-01 Download Site: http://downloads.teradata.com/download/database/teradata-virtual-machine-community-edition-for-vmware Vendor: Teradata Vendor Notified

[FD] /tmp race condition in Teradata Studio Express v15.12.00.00 studioexpressinstall

Title: /tmp race condition in Teradata Studio Express v15.12.00.00 studioexpressinstall Author: Larry W. Cashdollar, @_larry0 Date: 2016-10-03 Download Site: http://downloads.teradata.com/download/tools/teradata-studio-express Vendor: Teradata Vendor Notified: 2016-10-03 Vendor Contact: web form

Re: [FD] Stored Cross-Site Scripting in WP Canvas - Shortcodes WordPress Plugin

Hello All, These are really great advisories, my only wish is that they were copied to the security lists in their entirety. This way we aren't relying on a single point of failure (your website) when looking for the data in the future. Thanks! Larry > On Nov 19, 2016, at 5:48 AM, Summer of P

[FD] Remote Command Injection in Ruby Gem sfpagent 0.4.14

Title: Remote Command Injection in Ruby Gem sfpagent 0.4.14 Date: 4/15/2014 Author: Larry W. Cashdollar, @_larry0 CVE: 2014-2888 Download: http://rubygems.org/gems/sfpagent Vulnerability The list variable generated from the user supplied JSON[body] input is passed directly to the system

[FD] Rooted SSH/SFTP Daemon Default Login Credentials

I stumbled on to this while setting up an android vulnerability testing lab. Title: Rooted SSH/SFTP Daemon Default Login Credentials Author: Larry W. Cashdollar, @_larry0 OSVDB-ID: 110742 Date: 9/2/2014 Download: https://play.google.com/store/apps/details?id=web.oss.sshsftpDaemon

[FD] Vulnerabilities in WordPress Database Manager v2.7.1

Title: Vulnerabilities in WordPress Database Manager v2.7.1 Author: Larry W. Cashdollar, @_larry0 Date: 10/13/2014 Download: https://wordpress.org/plugins/wp-dbmanager/ Downloads: 1,171,358 Vendor: Lester Chan, https://profiles.wordpress.org/gamerz/ Contacted: 10/13/2014, Vulnerabilities addressed

[FD] XCloner Wordpress/Joomla! backup Plugin v3.1.1 (Wordpress) v3.5.1 (Joomla!) Vulnerabilities

Title: XCloner Wordpress/Joomla! backup Plugin v3.1.1 (Wordpress) v3.5.1 (Joomla!) Vulnerabilities Author: Larry W. Cashdollar, @_larry0 Date: 10/17/2014 Download: https://wordpress.org/plugins/xcloner-backup-and-restore/ Download: http://extensions.joomla.org/extensions/access-a-security/site

[FD] Exploit for stealing backups on WP sites with WP-DB-Backup v2.2.4 plugin

#!/bin/bash #Larry W. Cashdollar, @_larry0 #Will brute force and search a Wordpress target site with WP-DB-Backup v2.2.4 plugin installed for any backups done on #20141031 assumes the wordpress database is wordpress and the table prefix is wp_ #http://www.vapid.dhs.org/advisories/wordpress

[FD] xaviershay-dm-rails v0.10.3.8 mysql credential exposure

Title: xaviershay-dm-rails v0.10.3.8 mysql credential exposure Author: Larry W. Cashdollar, @_larry0 Date: 2015-02-17 Download Site: https://rubygems.org/gems/xaviershay-dm-rails Vendor: Martin Gamsjaeger, Dan Kubb Vendor Notified: 2015-02-17 Vendor Contact: notreal [at] rhnh.net Description: This

[FD] Remote file upload vulnerability in videowhisper-video-conference-integration wordpress plugin v4.91.8

Title: Remote file upload vulnerability in videowhisper-video-conference-integration wordpress plugin v4.91.8 Author: Larry W. Cashdollar, @_larry0 Date: 2015-03-29 Download Site: https://wordpress.org/support/plugin/videowhisper-video-conference-integration Vendor: http://www.videowhisper.com

[FD] Remote file upload vulnerability in wordpress plugin videowhisper-video-presentation v3.31.17

Title: Remote file upload vulnerability in wordpress plugin videowhisper-video-presentation v3.31.17 Author: Larry W. Cashdollar, @_larry0 Date: 2015-03-29 Download Site: https://wordpress.org/plugins/videowhisper-video-presentation/ Vendor: http://www.videowhisper.com/ Vendor Notified: 2015-03

Re: [FD] Remote file upload vulnerability in videowhisper-video-conference-integration wordpress plugin v4.91.8

on/x-httpd-php3-preprocessed php3p #application/x-httpd-php4 php4 #application/x-httpd-php5 php5 > On Mar 31, 2015, at 9:54 PM, Larry W. Cashdollar wrote: > > Title: Remote file upload vulnerability in > videowhisper-video-conference-i

[FD] Xloner v3.1.2 wordpress plugin authenticated command execution and XSS

v3.1.2 wordpress plugin authenticated command execution and XSS Author: Larry W. Cashdollar, @_larry0 Date: 2015-05-10 Download Site: https://wordpress.org/plugins/xclonerbackupandrestore/ http://extensions.joomla.org/extensions/accessasecurity/ sitesecurity/ backup/665 Advisory: http

[FD] Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin

Title: Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin Author: Larry W. Cashdollar, @_larry0 Date: 2015-06-07 Download Site: https://wordpress.org/plugins/aviary-image-editor-add-on-for-gravity-forms Vendor: Waters Edge Web Design and

[FD] Remote file download vulnerability in download-zip-attachments v1.0

Title: Remote file download vulnerability in download-zip-attachments v1.0 Author: Larry W. Cashdollar, @_larry0 Date: 2015-06-10 Download Site: https://wordpress.org/plugins/download-zip-attachments/ Vendor: rivenvirus Vendor Notified: 2015-06-15 Vendor Contact: https://profiles.wordpress.org

[FD] Arbitrary File download in wordpress plugin wp-instance-rename v1.0

Title: Arbitrary File download in wordpress plugin wp-instance-rename v1.0 Author: Larry W. Cashdollar, @_larry0 Date: 2015-06-12 Download Site: https://wordpress.org/plugins/wp-instance-rename/ Vendor: Vlajo Vendor Notified: 2015-06-12 Advisory: http://www.vapid.dhs.org/advisory.php?v=127 Vendor

[FD] SQL Injection in easy2map wordpress plugin v1.24

Title: SQL Injection in easy2map wordpress plugin v1.24 Author: Larry W. Cashdollar, @_larry0 Date: 2015-06-08 Download Site: https://wordpress.org/plugins/easy2map Vendor: Steven Ellis Vendor Notified: 2015-06-08, fixed in v1.25 Vendor Contact: https://profiles.wordpress.org/stevenellis/ Advisory

[FD] Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5

Title: Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5 Author: Larry W. Cashdollar, @_larry0 Date: 2015-07-05 Download Site: https://wordpress.org/plugins/wp-ecommerce-shop-styling Vendor: https://profiles.wordpress.org/haet/ Vendor Notified: 2015-07-05

[FD] Remote file download in Wordpress Plugin mdc-youtube-downloader v2.1.0

Title: Remote file download in Wordpress Plugin mdc-youtube-downloader v2.1.0 Author: Larry W. Cashdollar, @_larry0 Date: 2015-07-01 Download Site: https://wordpress.org/plugins/mdc-youtube-downloader Vendor: https://profiles.wordpress.org/mukto90/ Vendor Notified: 2015-07-01, removed vulnerable

[FD] Remote file download vulnerability in Wordpress Plugin wp-swimteam v1.44.10777

Title: Remote file download vulnerability in Wordpress Plugin wp-swimteam v1.44.10777 Author: Larry W. Cashdollar, @_larry0 Date: 2015-07-02 Download Site: https://wordpress.org/plugins/wp-swimteam Vendor: Mike Walsh www.MichaelWalsh.org Vendor Notified: 2015-07-02, fixed in v1.45beta3 Vendor

[FD] SQL Injection in easy2map-photos wordpress plugin v1.09

Title: SQL Injection in easy2map-photos wordpress plugin v1.09 Author: Larry W. Cashdollar, @_larry0 Date: 2015-06-08 Download Site: https://wordpress.org/plugins/easy2map-photos Vendor: Steven Ellis Vendor Notified: 2015-06-08, fixed in v1.1.0 Vendor Contact: https://profiles.wordpress.org

[FD] Remote file upload vulnerability & SQLi in wordpress plugin wp-powerplaygallery v3.3

Title: Remote file upload vulnerability & SQLi in wordpress plugin wp-powerplaygallery v3.3 Author: Larry W. Cashdollar, @_larry0 Date: 2015-06-27 Download Site: https://wordpress.org/plugins/wp-powerplaygallery Vendor: WP SlideShow Vendor Notified: 2015-06-29 Advisory: http://www.vapid.dhs

[FD] Remote file download vulnerability in Wordpress Plugin image-export v1.1

Title: Remote file download vulnerability in Wordpress Plugin image-export v1.1 Author: Larry W. Cashdollar, @_larry0 Date: 2015-07-01 Download Site: https://wordpress.org/plugins/image-export Vendor: www.1efthander.com Vendor Notified: 2015-07-05 Vendor Contact: https://twitter.com/1eftHander

[FD] Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0

its/blob/master/mobile_plugin_exploit.sh URL: http://www.vapidlabs.com/advisory.php?v=178 Credit: Larry W. Cashdollar, @_larry0 ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS:

[FD] Insecure /tmp file use in Oracle Solaris 11 Device Driver Utility v1.3.1 leads to root

Title: Insecure /tmp file use in Oracle Solaris 11 Device Driver Utility v1.3.1 leads to root Author: Larry W. Cashdollar, @_larry0 Date: 2020-02-02 CVE-2020-14724 Download Site: https://docs.oracle.com/cd/E37838_01/html/E69250/useddu.html Vendor: Oracle, fixed in July 14 2020 CPU https