Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 02 Jul 2015 17:16:38 +0200
From: Responsive Disclosure | HSASec <disclosure@...sec.de>
To: cve-assign@...re.org, 
 "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: CVE- Request for Wordpress Plugin Simple Ads Manager: DoS without
 authentication

Greetings,

we discovered a vulnerability in the following component and want to
request a CVE for it:

Product-Type:     
Wordpress Plugin

Product:         
Simple Ads Manager (https://wordpress.org/plugins/simple-ads-manager/)

Version:         
up to 2.9.3.114

Vendor:         
minimus (minimus@...plelib.com)

Fixed:             
2015-07-02
(reportet: 2015-06-29)

Changelog:         
https://wordpress.org/plugins/simple-ads-manager/changelog/

PoC available:     
yes (internal)

Description:
An input validation flow allows an attacker to perform simple file
system operations which can result in a denial of service of the current
instance. No authentication is required.

Researchers:
* Michael Kapfer (Michael.Kapfer@...augsburg.de)


Best regards,
 the HSASec-Team
 (https://www.hsasec.de)
 

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ