lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <201408301419.s7UEJYRu030414@sf01web3.securityfocus.com>
Date: Sat, 30 Aug 2014 14:19:34 GMT
From: jesus.ramirez.pichardo@...il.com
To: bugtraq@...urityfocus.com
Subject: WordPress Slideshow Gallery 1.4.6 Shell Upload Vulnerability
 (CVE-2014-5460)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> I found a serious security vulnerability in the Slideshow Gallery
> plugin. This bug allows an attacker to upload any php file remotely to
> the vulnerable website (administrator by default).
>
> I have tested and verified that having the current version of the
> plugin installed in a WordPress installation will allow any registered
> user (Administrator, Editor, Author, Contributor and Subscriber), to
> upload a PHP shell to exploit the host system.
>
> Today (2014-08-29), I did the notification to vendor and they gave me
> feedback about the vulnerability by email. The vendor has released a
> patch a few hours ago. (SlideShow Gallery version 1.4.7 at
> https://wordpress.org/plugins/slideshow-gallery/changelog).

> 1.4.7
>  FIX: Possible shell exploit by uploading PHP file as slide

> POST http://192.168.31.128/wordpress/wp-admin/admin.php?page=slideshow-slides&method=save
> Content-Type: multipart/form-data
>
> WordPress Slideshow Gallery plugin version 1.4.6 suffers from a remote shell upload vulnerability.
>  @jesusrpichardo
>  @whitexploit
>  http://whitexploit.blogspot.mx/
> Vendor Homepage: http://tribulant.com/
> Software Link: http://downloads.wordpress.org/plugin/slideshow-gallery.1.4.6.zip

Use CVE-2014-5460.

- --
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJUAUSGAAoJEKllVAevmvmsfgsH/1wdmz8/fK6/c5esD/XchVeZ
+PNY6HY4w6Aq37s+QzGJilwK+/lhPIkpQbwlF1dhqTXhRY1B2M12EWjkZiewtha8
0Tmm0AT/itJpt0IIGQc5xKDz3ftFqwIjvnFRTu+UPGPpnL+FA+Kfsl8gi+dFbpyS
HHkccUv793w39x2s8ynnBxtzPjHKKhCmya68cB2hAzHgmfg8rV/ydgxAgi1Kb3Kc
2TeK5LZ2iMPijXqBmrMd8IaGmf49FElpKBAx1tj9fPDTgepMKQxSOk5g+cnzZ/Zm
k6DcZmxPmwuJUBDJdsWkVVxJsP8ofmMdH1yMiHqLLGYxtvlItfOb8FHCbhcCKAE=
=Xmvx
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ