Date: Thu, 02 Jul 2015 17:16:38 +0200 From: Responsive Disclosure | HSASec <disclosure@...sec.de> To: cve-assign@...re.org, "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: CVE- Request for Wordpress Plugin Simple Ads Manager: DoS without authentication Greetings, we discovered a vulnerability in the following component and want to request a CVE for it: Product-Type: Wordpress Plugin Product: Simple Ads Manager (https://wordpress.org/plugins/simple-ads-manager/) Version: up to 18.104.22.168 Vendor: minimus (minimus@...plelib.com) Fixed: 2015-07-02 (reportet: 2015-06-29) Changelog: https://wordpress.org/plugins/simple-ads-manager/changelog/ PoC available: yes (internal) Description: An input validation flow allows an attacker to perform simple file system operations which can result in a denial of service of the current instance. No authentication is required. Researchers: * Michael Kapfer (Michael.Kapfer@...augsburg.de) Best regards, the HSASec-Team (https://www.hsasec.de)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ