oss-security - CVE- Request for Wordpress Plugin Simple Ads Manager: DoS without authentication

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [day] [month] [year] [list]

Message-ID: <559555D6.50606@hsasec.de>
Date: Thu, 02 Jul 2015 17:16:38 +0200
From: Responsive Disclosure | HSASec <disclosure@...sec.de>
To: cve-assign@...re.org, 
 "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: CVE- Request for Wordpress Plugin Simple Ads Manager: DoS without
 authentication

Greetings,

we discovered a vulnerability in the following component and want to
request a CVE for it:

Product-Type:     
Wordpress Plugin

Product:         
Simple Ads Manager (https://wordpress.org/plugins/simple-ads-manager/)

Version:         
up to 2.9.3.114

Vendor:         
minimus (minimus@...plelib.com)

Fixed:             
2015-07-02
(reportet: 2015-06-29)

Changelog:         
https://wordpress.org/plugins/simple-ads-manager/changelog/

PoC available:     
yes (internal)

Description:
An input validation flow allows an attacker to perform simple file
system operations which can result in a denial of service of the current
instance. No authentication is required.

Researchers:
* Michael Kapfer (Michael.Kapfer@...augsburg.de)


Best regards,
 the HSASec-Team
 (https://www.hsasec.de)

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.