Hello list! Let's back to vulnerabilities, which I disclosed in April 2011, which can be used for DDoS attacks on other sites, e.g. with my DAVOSET (http://ift.tt/1Ir2i2I). In addition to hundreds of themes, which I wrote about in previous years, here is another theme for WordPress, which still didn't fix all holes and there are many sites with old version of theme (+ WAF bypass). I want to warn you about multiple vulnerabilities in Vulcan theme for WordPress. This is commercial theme for WP. These are Cross-Site Scripting, Full path disclosure, Abuse of Functionality, Denial of Service and Arbitrary File Upload vulnerabilities. In 2011 I wrote about Cross-Site Scripting, Full path disclosure, Abuse of Functionality and Denial of Service vulnerabilities in TimThumb and multiple themes for WordPress (http://ift.tt/1i9Hr6q), and later also was disclosed Arbitrary File Uploading vulnerability.
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment