oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE- Request for Wordpress Plugin Simple Ads Manager: DoS without authentication

From: Responsive Disclosure | HSASec <disclosure () hsasec de>
Date: Thu, 02 Jul 2015 17:16:38 +0200
Greetings,

we discovered a vulnerability in the following component and want to
request a CVE for it:

Product-Type:     
Wordpress Plugin

Product:         
Simple Ads Manager (https://wordpress.org/plugins/simple-ads-manager/)

Version:         
up to 2.9.3.114

Vendor:         
minimus (minimus () simplelib com)

Fixed:             
2015-07-02
(reportet: 2015-06-29)

Changelog:         
https://wordpress.org/plugins/simple-ads-manager/changelog/

PoC available:     
yes (internal)

Description:
An input validation flow allows an attacker to perform simple file
system operations which can result in a denial of service of the current
instance. No authentication is required.

Researchers:
* Michael Kapfer (Michael.Kapfer () hs-augsburg de)


Best regards,
 the HSASec-Team
 (https://www.hsasec.de)
Previous By Date Next
Previous By Thread Next

Current thread: