Login

Tag Archives: Persistent Cross-Site Scripting (XSS)

7 Jun 2016

Arbitrary File Upload Vulnerability in Catpro Gallery

The Catpro Gallery plugin has an arbitrary file upload vulnerability (as well as a persistent cross-site scripting (XSS) vulnerability and possibly other security issues) as of version 3.8. The details of the underlying issue that causes this can be found in our post for a vulnerability in the plugin Vertical Slideshow, which shares the same vulnerable code.

Proof of Concept

The following proof of concept will create a new category in the plugin, with the selected file as the Category Image. If there are no pre-existing categories the uploaded file will be located in the directory /wp-content/uploads/catpro/1_uploadfolder/big/. [Read more]

7 Jun 2016

Arbitrary File Upload Vulnerability in Blaze Slideshow

The Blaze Slideshow plugin has an arbitrary file upload vulnerability (as well as a persistent cross-site scripting (XSS) vulnerability and possibly other security issues) as of version 2.7. The details of the underlying issue that causes this can be found in our post for a vulnerability in the plugin Vertical Slideshow, which shares the same vulnerable code.

Proof of Concept

The following proof of concept will create a new category in the plugin, with the selected file as the Category Image. If there are no pre-existing categories the uploaded file will be located in the directory /wp-content/uploads/blaze/1_uploadfolder/big/. [Read more]

7 Jun 2016

Arbitrary File Upload Vulnerability in Slideshow Pro

The Slideshow Pro plugin has an arbitrary file upload vulnerability (as well as a persistent cross-site scripting (XSS) vulnerability and possibly other security issues) as of version 2.4. The details of the underlying issue that causes this can be found in our post for a vulnerability in the plugin Vertical Slideshow, which shares the same vulnerable code.

Proof of Concept

The following proof of concept will create a new category in the plugin, with the selected file as the Category Image. If there are no pre-existing categories the uploaded file will be located in the directory /wp-content/uploads/slideshowpro/1_uploadfolder/big/. [Read more]

7 Jun 2016

Arbitrary File Upload Vulnerability in Smart Slideshow

The Smart Slideshow plugin has an arbitrary file upload vulnerability (as well as a persistent cross-site scripting (XSS) vulnerability and possibly other security issues) as of version 2.4. The details of the underlying issue that causes this can be found in our post for a vulnerability in the plugin Vertical Slideshow, which shares the same vulnerable code.

Proof of Concept

The following proof of concept will create a new category in the plugin, with the selected file as the Category Image. If there are no pre-existing categories the uploaded file will be located in the directory /wp-content/uploads/smart_slideshow/1_uploadfolder/big/. [Read more]

7 Jun 2016

Arbitrary File Upload Vulnerability in Homepage SlideShow

The Homepage SlideShow plugin has an arbitrary file upload vulnerability (as well as a persistent cross-site scripting (XSS) vulnerability and possibly other security issues) as of version 2.3. The details of the underlying issue that causes this can be found in our post for a vulnerability in the plugin Vertical Slideshow, which shares the same vulnerable code.

Proof of Concept

The following proof of concept will create a new category in the plugin, with the selected file as the Category Image. If there are no pre-existing categories the uploaded file will be located in the directory /wp-content/uploads/homepageslideshow/1_uploadfolder/big/. [Read more]

7 Jun 2016

Arbitrary File Upload Vulnerability in Power Zoomer

The Power Zoomer plugin has an arbitrary file upload vulnerability (as well as a persistent cross-site scripting (XSS) vulnerability and possibly other security issues) as of version 1.2. The details of the underlying issue that causes this can be found inour post for a vulnerability in the plugin Vertical Slideshow, which shares the same vulnerable code.

Proof of Concept

The following proof of concept will create a new category in the plugin, with the selected file as the Category Image. If there are no pre-existing categories the uploaded file will be located in the directory /wp-content/uploads/powerzoomer/1_uploadfolder/big/. [Read more]

7 Jun 2016

Arbitrary File Upload Vulnerability in Levo Slideshow

The Levo Slideshow plugin has an arbitrary file upload vulnerability (as well as a persistent cross-site scripting (XSS) vulnerability and possibly other security issues) as of version 2.3. The details of the underlying issue that causes this can be found in our post for a vulnerability in the plugin Vertical Slideshow, which shares the same vulnerable code.

Proof of Concept

The following proof of concept will create a new category in the plugin, with the selected file as the Category Image. If there are no pre-existing categories the uploaded file will be located in the directory /wp-content/uploads/levoslideshow/1_uploadfolder/big/. [Read more]

7 Jun 2016

Arbitrary File Upload Vulnerability in Carousel slideshow

The Carousel slideshow plugin has an arbitrary file upload vulnerability (as well as a persistent cross-site scripting (XSS) vulnerability and possibly other security issues) as of version 3.11. The details of the underlying issue that causes this can be found inour post for a vulnerability in the plugin Vertical Slideshow, which shares the same vulnerable code.

Proof of Concept

The following proof of concept will create a new category in the plugin, with the selected file as the Category Image. If there are no pre-existing categories the uploaded file will be located in the directory /wp-content/uploads/carousel/1_uploadfolder/big/. [Read more]

7 Jun 2016

Arbitrary File Upload Vulnerability in YAS Slideshow

The YAS Slideshow plugin has an arbitrary file upload vulnerability (as well as a persistent cross-site scripting (XSS) vulnerability and possibly other security issues) as of version 3.4. The details of the underlying issue that causes this can be found inour post for a vulnerability in the plugin Vertical Slideshow, which shares the same vulnerable code.

Proof of Concept

The following proof of concept will create a new category in the plugin, with the selected file as the Category Image. If there are no pre-existing categories the uploaded file will be located in the directory /wp-content/uploads/yass/1_uploadfolder/big/. [Read more]

7 Jun 2016

Arbitrary File Upload Vulnerability in Image News slider

The Image News slider plugin has an arbitrary file upload vulnerability (as well as a persistent cross-site scripting (XSS) vulnerability and possibly other security issues) as of version 3.5. The details of the underlying issue that causes this can be found in our post for a vulnerability in the plugin Vertical Slideshow, which shares the same vulnerable code.

Proof of Concept

The following proof of concept will create a new category in the plugin, with the selected file as the Category Image. If there are no pre-existing categories the uploaded file will be located in the directory /wp-content/uploads/image-news-slider/1_uploadfolder/big/. [Read more]