Date: Tue, 11 Nov 2014 20:51:08 +0200 From: Henri Salo <henri@...v.fi> To: oss-security@...ts.openwall.com Subject: Re: CVE request: Joomla component com_sexycontactform and WordPress plugin sexy-contact-form unrestricted file upload -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 References for the issue: - - http://www.exploit-db.com/exploits/35057/ - - http://osvdb.org/113669 - - http://packetstormsecurity.com/files/128822/WordPress-Joomla-Creative-Contact-Form-0.9.7-Shell-Upload.html Exploit-DB says "Vulnerability discovered by Gianni Angelozzi" and it is dated 2014-10-25, but from log files I can see that the attacks started 2014-10-02 in one of the sites I investigated. - --- Henri Salo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlRiWpwACgkQXf6hBi6kbk/HoQCeM/9NtPVP7ZY0x3Lg99WkK89u YFQAn3UnPpUI9ZRlNqsniLz8twANb/qz =nQsK -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ