|
|
 |
| New User, Welcome! Login |
Vulnerabilities in Belavir for WordPress
| From: |
"MustLive" <mustlive websecurity com ua> |
| To: |
<bugtraq securityfocus com> |
| Cc: |
|
| Subject: |
Vulnerabilities in Belavir for WordPress |
| Date: |
Thu - Jun 10, 2010 09:21 AM |
Hello Bugtraq!
I want to warn you about security vulnerabilities in plugin Belavir for
WordPress. It's security plugin.
-----------------------------
Advisory: Vulnerabilities in Belavir for WordPress
-----------------------------
URL: http://websecurity.com.ua/4160/
-----------------------------
Affected products: all versions of plugin Belavir.
-----------------------------
Timeline:
15.10.2009 - found vulnerabilities.
24.04.2010 - announced at my site.
25.04.2010 - informed developers.
10.06.2010 - disclosed at my site.
-----------------------------
Details:
These are Information Leakage and Full path disclosure vulnerabilities.
Information Leakage and Full path disclosure:
http://site/wp-content/uploads/my-md5.txt
Information leakage about all php-files at the site and their full path at
the server (i.e. FPD for all php-files at the site).
Full path disclosure:
http://site/wp-content/plugins/belavir.php
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
|
|
|
Copyright © 1995-2012 LinuxRocket.net. All rights reserved.
Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!
