Henri Salo

6 exploits Active since Jan 2014
CVE-2014-3854 EXPLOITDB html WORKING POC
Pyplate - CSRF
Cross-site request forgery (CSRF) vulnerability in admin/addScript.py in Pyplate 0.08 allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the title parameter.
CVE-2013-1765 EXPLOITDB text WORKING POC
Smart-flv - XSS
Multiple cross-site scripting (XSS) vulnerabilities in jwplayer.swf in the smart-flv plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) link or (2) playerready parameter.
CVE-2014-5368 EXPLOITDB text WORKING POC
WP Content Source Control < 3.0.0 - Path Traversal
Directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter.
CVE-2013-7240 EXPLOITDB text WRITEUP
Advanced Dewplayer <1.2 - Path Traversal
Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter.
CVE-2013-2107 EXPLOITDB html WORKING POC
Mail ON Update < 5.1.0 - CSRF
Cross-site request forgery (CSRF) vulnerability in the Mail On Update plugin before 5.2.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change the "List of alternative recipients" via the mailonupdate_mailto parameter in the mail-on-update page to wp-admin/options-general.php. NOTE: a third party claims that 5.2.1 and 5.2.2 are also vulnerable, but the issue might require a separate CVE identifier since this might reflect an incomplete fix.
CVE-2013-0161 EXPLOITDB MEDIUM text WORKING POC
Havalite - XSS
Havalite CMS 1.1.7 has a stored XSS vulnerability
CVSS 5.4