CVE

Id
77036  
CVE No.
CVE-2014-9735  
Status
Candidate  
Description
The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to (1) upload and execute arbitrary files via an update_plugin action; (2) delete arbitrary sliders via a delete_slider action; and (3) create, (4) update, (5) import, or (6) export arbitrary sliders via unspecified vectors.  
Phase
Assigned (20150630)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
706776 77036 CVE-2014-9735 FULLDISC:20151125 Slider Revolution/Showbiz Pro shell upload exploit  View
706777 77036 CVE-2014-9735 URL:http://seclists.org/fulldisclosure/2014/Nov/78  View
706778 77036 CVE-2014-9735 MISC:https://blog.sucuri.net/2014/12/revslider-vulnerability-leads-to-massive-wordpress-soaksoak-compromise.html  View
706779 77036 CVE-2014-9735 MISC:https://plugins.trac.wordpress.org/browser/patch-for-revolution-slider/trunk/revsliderpatch.php  View
706780 77036 CVE-2014-9735 MISC:https://whatisgon.wordpress.com/2014/11/30/another-revslider-vulnerability/  View
706781 77036 CVE-2014-9735 MISC:https://wpvulndb.com/vulnerabilities/7954  View
706782 77036 CVE-2014-9735 CONFIRM:http://www.themepunch.com/products/old-revolution-slider-pre-4-2-vulnerabilty-explained/  View
706783 77036 CVE-2014-9735 BID:71306  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
19229 JVNDB-2014-008106 VideoLAN VLC Media Player の Web インターフェースの network/httpd.c の httpd_HtmlError 関数におけるクロスサイトスクリプティングの脆弱性 VideoLAN VLC Media Player の Web インターフェースの network/httpd.c の httpd_HtmlError 関数には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2014-9743 77036 4.3 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-008106.html  View