Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 3 Jul 2015 16:26:23 +0800
From: Ryan King <tetraphibious@...il.com>
To: oss-security@...ts.openwall.com, cve-assign@...re.org
Subject: Newsletter Plugin for WordPress Unvalidated Redirects and Forwards
 URL Vulnerability - CVE Request

Hello,

Could you assign a CVE reference ID for the following vulnerability?
Thank you very much.


http://seclists.org/fulldisclosure/2015/Mar/23http://www.osvdb.org/show/osvdb/119170http://tetraph.com/security/open-redirect/wordpress-newsletter-plug-in-url-redirection-open-redirect-security-vulnerabilities/http://packetstormsecurity.com/files/130647/wpnewsletter-openredirect.txthttp://lists.openwall.net/full-disclosure/2015/03/05/2http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1663




=======
Exploit Title:
The Newsletter Plugin for WordPress do.php nr Parameter Open Redirect

Product:
WordPress Newsletter Plug-in

Vendor:
Satollo.net


Vendor Link:http://www.satollo.net/downloadshttp://www.thenewsletterplugin.com/https://wordpress.org/plugins/newsletter/https://github.com/WordPress-Plugins-Themes/newsletter



Vulnerable Versions:
Version 2.6.4.4
version 2.6.4.3
version 2.6.4.2
version 2.6.4.1
version 2.6.4
version 2.6.3
version 2.5.3.3
version 2.5.3.2
version 2.5.3.1
version 2.5.3
version 2.5.2.3
version 2.5.2.2
version 2.5.2.1
version 2.5.2
version 2.5.1.5
version 2.5.1.4
Version 2.5.1.3
Version 2.5.1.2
Version 2.5.1.1
Version 2.5.1
Version 2.5.0.1
Version 2.5.0




Tested Versions:
Check All Related Versions' Source Code





=======


Best Regards,
Wang Jing




--
Jing Wang,
Division of Mathematical Sciences (MAS),
School of Physical and Mathematical Sciences (SPMS),
Nanyang Technological University (NTU),
Singapore.http://www.tetraph.com/wangjing/https://twitter.com/justqdjing

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ