Web application abuses : WordPress Advanced Dewplayer 'dew_file' Directory Traversal Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.804058

Categoría: Web application abuses

Título: WordPress Advanced Dewplayer 'dew_file' Directory Traversal Vulnerability

Resumen: WordPress Advanced Dewplayer Plugin is prone to a directory traversal vulnerability.

Descripción: Summary:
WordPress Advanced Dewplayer Plugin is prone to a directory traversal vulnerability.

Vulnerability Insight:
Flaw is due to the 'download-file.php' script not properly sanitizing user
input, specifically path traversal style attacks (e.g. '../') supplied via
the 'dew_file' parameter.

Vulnerability Impact:
Successful exploitation will allow remote attackers to read arbitrary files
on the target system.

Affected Software/OS:
WordPress Advanced Dewplayer 1.2, Other versions may also be affected.

Solution:
Update to WordPress Advanced Dewplayer 1.3 or later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-7240
BugTraq ID: 64587
http://www.securityfocus.com/bid/64587
http://wordpress.org/support/topic/security-vulnerability-cve-2013-7240-directory-traversal
http://seclists.org/oss-sec/2013/q4/566
http://seclists.org/oss-sec/2013/q4/570

Copyright Copyright (C) 2014 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.804058
Categoría:	Web application abuses
Título:	WordPress Advanced Dewplayer 'dew_file' Directory Traversal Vulnerability
Resumen:	WordPress Advanced Dewplayer Plugin is prone to a directory traversal vulnerability.
Descripción:	Summary: WordPress Advanced Dewplayer Plugin is prone to a directory traversal vulnerability. Vulnerability Insight: Flaw is due to the 'download-file.php' script not properly sanitizing user input, specifically path traversal style attacks (e.g. '../') supplied via the 'dew_file' parameter. Vulnerability Impact: Successful exploitation will allow remote attackers to read arbitrary files on the target system. Affected Software/OS: WordPress Advanced Dewplayer 1.2, Other versions may also be affected. Solution: Update to WordPress Advanced Dewplayer 1.3 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-7240 BugTraq ID: 64587 http://www.securityfocus.com/bid/64587 http://wordpress.org/support/topic/security-vulnerability-cve-2013-7240-directory-traversal http://seclists.org/oss-sec/2013/q4/566 http://seclists.org/oss-sec/2013/q4/570
Copyright	Copyright (C) 2014 Greenbone AG