Date: Thu, 02 Jul 2015 17:16:38 +0200 From: Responsive Disclosure | HSASec <disclosure@...sec.de> To: cve-assign@...re.org, "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: CVE- Request for Wordpress Plugin Simple Ads Manager: DoS without authentication Greetings, we discovered a vulnerability in the following component and want to request a CVE for it: Product-Type: Wordpress Plugin Product: Simple Ads Manager (https://wordpress.org/plugins/simple-ads-manager/) Version: up to 220.127.116.11 Vendor: minimus (minimus@...plelib.com) Fixed: 2015-07-02 (reportet: 2015-06-29) Changelog: https://wordpress.org/plugins/simple-ads-manager/changelog/ PoC available: yes (internal) Description: An input validation flow allows an attacker to perform simple file system operations which can result in a denial of service of the current instance. No authentication is required. Researchers: * Michael Kapfer (Michael.Kapfer@...augsburg.de) Best regards, the HSASec-Team (https://www.hsasec.de)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.