Information Security News and Exploits

# Exploit Title: Wordpress Age Verification plugin <= 0.4 Open Redirect
# Date: 2012/01/10
# Dork: inurl:wp-content/plugins/age-verification/age-verification.php
# Author: Gianluca Brindisi (gATbrindi.si @gbrindisi http://brindi.si/g/)
# Software Link: http://downloads.wordpress.org/plugin/age-verification.zip
# Version: 0.4
1) Via GET: http://server/wp-content/plugins/age-verification/age-verification.php?redirect_to=http%3A%2F%2Fwww.evil.com
[...]

# Exploit Title: Wordpress uCan Post plugin <= 1.0.09 Stored XSS
# Dork: inurl:/wp-content/plugins/ucan-post/
# Date: 2012/01/18
# Author: Gianluca Brindisi (gATbrindi.si @gbrindisi http://brindi.si/g/)
# Software Link: http://downloads.wordpress.org/plugin/ucan-post.1.0.09.zip
# Version: 1.0.09
1) You need permissions to [...]

<?php
/*
———————————————————————
appRain CMF <= 0.1.5 (uploadify.php) Unrestricted File Upload Exploit
———————————————————————
author…………: Egidio Romano aka EgiX
[...]

# Abysssec Public Exploit
# more info www.abysssec.com
# Avaya WinPDM UniteHostRouter <= 3.8.2 Remote Pre-Auth Command Execute
#A boundary error in the Unite Host Router service (UniteHostRouter.exe)
#when processing certain requests can be exploited to cause a stack-based buffer
[...]

#Exploit Title: AllWebMenus WordPress Menu Plugin Arbitrary file upload
#Version: < 1.1.9
#Date: 2012-01-19
#Author: 6Scan (http://6scan.com) security team
#Software Link: http://wordpress.org/extend/plugins/allwebmenus-wordpress-menu-plugin/
#Official fix: This advisory is released after the vendor was contacted and fixed the issue promptly.
[...]

Source: http://www.1337day.com/exploits/17420

Exploit code is here: http://git.zx2c4.com/CVE-2012-0056/plain/mempodipper.c
Blog post about it is here: http://blog.zx2c4.com/749
# Exploit Title: Mempodipper – Linux Local Root for >=2.6.39, 32-bit and 64-bit
# Date: Jan 21, 2012
# Author: zx2c4
# Tested on: Gentoo, Ubuntu
[...]

Trustwave’s SpiderLabs Security Advisory TWSL2012-002:
Multiple Vulnerabilities in WordPress
Published: 1/24/12
Version: 1.0
Vendor: WordPress (http://wordpress.org/)
Product: WordPress
Version affected: 3.3.1 and prior
Product description:
WordPress is a free and open [...]

+————————————————————————-+
# Exploit Title : Peel SHOPPING – version 2.8 and version 2.9 xss/sql inject Vulnerability
# version : v2.9
# Author : Cyber-Crystal
# Date [...]

require ‘msf/core’
class Metasploit3 < Msf::Exploit::Remote
include Msf::Exploit::Remote::HttpClient
def initialize(info = {})
super(update_info(info,
[...]

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

# Exploit Title: Wordpress Age Verification plugin <= 0.4 Open Redirect
# Date: 2012/01/10
# Dork: inurl:wp-content/plugins/age-verification/age-verification.php
# Author: Gianluca Brindisi (gATbrindi.si @gbrindisi http://brindi.si/g/)
# Software Link: http://downloads.wordpress.org/plugin/age-verification.zip
# Version: 0.4
1) Via GET: http://server/wp-content/plugins/age-verification/age-verification.php?redirect_to=http%3A%2F%2Fwww.evil.com
[...]

# Exploit Title: Wordpress uCan Post plugin <= 1.0.09 Stored XSS
# Dork: inurl:/wp-content/plugins/ucan-post/
# Date: 2012/01/18
# Author: Gianluca Brindisi (gATbrindi.si @gbrindisi http://brindi.si/g/)
# Software Link: http://downloads.wordpress.org/plugin/ucan-post.1.0.09.zip
# Version: 1.0.09
1) You need permissions to [...]

<?php
/*
———————————————————————
appRain CMF <= 0.1.5 (uploadify.php) Unrestricted File Upload Exploit
———————————————————————
author…………: Egidio Romano aka EgiX
[...]

# Abysssec Public Exploit
# more info www.abysssec.com
# Avaya WinPDM UniteHostRouter <= 3.8.2 Remote Pre-Auth Command Execute
#A boundary error in the Unite Host Router service (UniteHostRouter.exe)
#when processing certain requests can be exploited to cause a stack-based buffer
[...]

#Exploit Title: AllWebMenus WordPress Menu Plugin Arbitrary file upload
#Version: < 1.1.9
#Date: 2012-01-19
#Author: 6Scan (http://6scan.com) security team
#Software Link: http://wordpress.org/extend/plugins/allwebmenus-wordpress-menu-plugin/
#Official fix: This advisory is released after the vendor was contacted and fixed the issue promptly.
[...]

Source: http://www.1337day.com/exploits/17420

Exploit code is here: http://git.zx2c4.com/CVE-2012-0056/plain/mempodipper.c
Blog post about it is here: http://blog.zx2c4.com/749
# Exploit Title: Mempodipper – Linux Local Root for >=2.6.39, 32-bit and 64-bit
# Date: Jan 21, 2012
# Author: zx2c4
# Tested on: Gentoo, Ubuntu
[...]

Trustwave’s SpiderLabs Security Advisory TWSL2012-002:
Multiple Vulnerabilities in WordPress
Published: 1/24/12
Version: 1.0
Vendor: WordPress (http://wordpress.org/)
Product: WordPress
Version affected: 3.3.1 and prior
Product description:
WordPress is a free and open [...]

+————————————————————————-+
# Exploit Title : Peel SHOPPING – version 2.8 and version 2.9 xss/sql inject Vulnerability
# version : v2.9
# Author : Cyber-Crystal
# Date [...]