oss-sec mailing list archives
Re: CVE request: Joomla component com_sexycontactform and WordPress plugin sexy-contact-form unrestricted file upload
From: Henri Salo <henri () nerv fi>
Date: Tue, 11 Nov 2014 20:51:08 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 References for the issue: - - http://www.exploit-db.com/exploits/35057/ - - http://osvdb.org/113669 - - http://packetstormsecurity.com/files/128822/WordPress-Joomla-Creative-Contact-Form-0.9.7-Shell-Upload.html Exploit-DB says "Vulnerability discovered by Gianni Angelozzi" and it is dated 2014-10-25, but from log files I can see that the attacks started 2014-10-02 in one of the sites I investigated. - --- Henri Salo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlRiWpwACgkQXf6hBi6kbk/HoQCeM/9NtPVP7ZY0x3Lg99WkK89u YFQAn3UnPpUI9ZRlNqsniLz8twANb/qz =nQsK -----END PGP SIGNATURE-----
Current thread:
- CVE request: Joomla component com_sexycontactform and WordPress plugin sexy-contact-form unrestricted file upload Henri Salo (Nov 11)
- Re: CVE request: Joomla component com_sexycontactform and WordPress plugin sexy-contact-form unrestricted file upload Henri Salo (Nov 11)
- Re: CVE request: Joomla component com_sexycontactform and WordPress plugin sexy-contact-form unrestricted file upload cve-assign (Nov 12)