lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 27 Apr 2019 00:43:38 +0300
From: Henri Salo <henri@...v.fi>
To: Panagiotis Vagenas <pan.vagenas@...il.com>
Cc: fulldisclosure@...lists.org
Subject: Re: [FD] WordPress Plugin Contact Form Builder [CSRF → LFI]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Sat, Apr 20, 2019 at 07:22:25AM +0300, Panagiotis Vagenas wrote:
> # Exploit Title: Contact Form Builder [CSRF → LFI]
> # Date: 2019-03-17
> # Exploit Author: Panagiotis Vagenas
> # Vendor Homepage: http://web-dorado.com/
> # Software Link: https://wordpress.org/plugins/contact-form-builder
> # Version: 1.0.67
> # Tested on: WordPress 5.1.1

MITRE assigned CVE-2019-11557 for this vulnerability.

- -- 
Henri Salo
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE/aVSDznAZReWTkxKJ633pE6qdXQFAlzDe4kACgkQJ633pE6q
dXRxjg//V58vQe1Qy9ziON4Z3fPFeN+i/GT2qBh1e3HLcfEzwblGmTPHMF1yIU1/
bLrvA+s1DcWVz060S0Mlf9F2pFH2OFiAgttcl6zNsQQjU3SihXmA5FlCPUJrhOXP
1rMAf4zV7nUFpNnERe9ucx+RP3/F3yH8ncnSLzXPciL+z/Ro66hEUkyCoDhIL52m
UH7no3XMFPXtg514Fk5o9THmGCVRApp+JTMfdi/eFQlFNYUDOsmX8KD8PoaYTAT6
sKpzfJ/wVc5PKEsXbi5O/k5S08R8OoKlGQ+hzQFU35Eoprpdn0H+IZtC6Ft6wQyQ
b5CfU/7D6F2pDBvl2GUZPHBg1iwLOiBLIJl+YHBoFMOI+wiJeonwJ7JEml/uhv3O
7parMoY8GWgqNUl1L23fiMXzllhMWbbTV0Gin14EKsFC/dOPmlHRmrnRkZO0EeWm
6XpaZbnyTKVzLDF7JnnkB0uBXxL83ARem/tP0Gdt/zQsvzEtkC6mRnpelY2O/2fy
9ylqYenDzLHJ6+EM2PVGGQJjuyuPAsgrrcmkj7td09nF45J6aGcFOr7GcdyXeTXI
n0mNtl0fjjjAi6HZg4MM3gHZ7sbWESNq92ePxNwj7KhVWyTSb67nbkObs2g59B09
bK56Pf4h3nVupTdCvFXlerADSFhsQrQxR1Q8zWPjjgaW+4b03Jc=
=00mC
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists