Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 11 Nov 2014 20:51:08 +0200
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: Joomla component com_sexycontactform
 and WordPress plugin sexy-contact-form unrestricted file upload

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

References for the issue:
- - http://www.exploit-db.com/exploits/35057/
- - http://osvdb.org/113669
- - http://packetstormsecurity.com/files/128822/WordPress-Joomla-Creative-Contact-Form-0.9.7-Shell-Upload.html

Exploit-DB says "Vulnerability discovered by Gianni Angelozzi" and it is dated
2014-10-25, but from log files I can see that the attacks started 2014-10-02 in
one of the sites I investigated.

- ---
Henri Salo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlRiWpwACgkQXf6hBi6kbk/HoQCeM/9NtPVP7ZY0x3Lg99WkK89u
YFQAn3UnPpUI9ZRlNqsniLz8twANb/qz
=nQsK
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ