Date: Tue, 11 Nov 2014 20:51:08 +0200 From: Henri Salo <henri@...v.fi> To: oss-security@...ts.openwall.com Subject: Re: CVE request: Joomla component com_sexycontactform and WordPress plugin sexy-contact-form unrestricted file upload -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 References for the issue: - - http://www.exploit-db.com/exploits/35057/ - - http://osvdb.org/113669 - - http://packetstormsecurity.com/files/128822/WordPress-Joomla-Creative-Contact-Form-0.9.7-Shell-Upload.html Exploit-DB says "Vulnerability discovered by Gianni Angelozzi" and it is dated 2014-10-25, but from log files I can see that the attacks started 2014-10-02 in one of the sites I investigated. - --- Henri Salo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlRiWpwACgkQXf6hBi6kbk/HoQCeM/9NtPVP7ZY0x3Lg99WkK89u YFQAn3UnPpUI9ZRlNqsniLz8twANb/qz =nQsK -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.