mailing list archives
Vulnerabilities in theme Magaz een для WordPress and Dotclear
From: "MustLive" <mustlive () websecurity com ua>
Date: Tue, 3 May 2011 03:33:09 +0300
I want to warn you about Cross-Site Scripting, Full path disclosure, Abuse
of Functionality and Denial of Service vulnerabilities in theme Magazeen for
WordPress and Dotclear.
SecurityVulns ID: 11635.
Similarly to vulnerabilities in multiple themes for WordPress, Drupal,
ExpressionEngine and Joomla, also theme Magazeen for WordPress and Dotclear
is vulnerable. Just as earlier-mentioned themes for WordPress and other
engines, similarly other themes for Dotclear can be vulnerable (at using of
Vulnerable are versions of theme Magazeen (1.0 and next) for WP and DC with
TimThumb 1.24 and previous versions.
Cross-Site Scripting (WASC-08), Full path disclosure (WASC-13), Abuse of
Functionality (WASC-42) and Denial of Service (WASC-10) vulnerabilities are
similar to those in earlier mentioned themes for WordPress, Drupal,
ExpressionEngine and Joomla. Because these themes contain TimThumb, about
vulnerabilities in which I wrote earlier
Both versions of this theme are vulnerable to XSS, Full path disclosure,
Abuse of Functionality and DoS.
2011.02.08 - informed developer of TimThumb.
2011.02.13 - developer of TimThumb released version 1.25.
2011.04.30 - disclosed at my site about vulnerabilities in theme Magazeen.
2011.05.01 - informed both developers of theme Magazeen for WP and for DC
(if they still haven't updated from 13th of February).
I mentioned about these vulnerabilities at my site
Best wishes & regards,
Administrator of Websecurity web site
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Vulnerabilities in theme Magaz een для WordPress and Dotclear MustLive (May 03)