Search the Community

*WordPress Daily Edition Theme v1.6.2 XSS (Cross-site Scripting) Security Vulnerabilities* Exploit Title: WordPress Daily Edition Theme /fiche-disque.php id Parameters XSS Security Vulnerabilities Product: WordPress Daily Edition Theme Vendor: WooThemes Vulnerable Versions: v1.6.* v1.5.* v1.4.* v1.3.* v1.2.* v1.1.* v.1.0.* Tested Version: v1.6.2 Advisory Publication: March 10, 2015 Latest Update: March 10, 2015 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: * Impact CVSS Severity (version 2.0): CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend) Impact Subscore: 2.9 Exploitability Subscore: 8.6 Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore] *Advisory Details:* *(1) Vendor & Product Description:* *Vendor:* WooThemes *Product & Vulnerable Versions:* WordPress Daily Edition Theme version 1.6.7 version 1.6.6 version 1.6.5 version 1.6.4 version 1.6.3 version 1.6.2 version 1.6.1 version 1.6 version 1.5 version 1.4.11 version 1.4.10 version 1.4.9 version 1.4.8 version 1.4.7 version 1.4.6 version 1.4.5 version 1.4.4 version 1.4.3 version 1.4.2 version 1.4.1 version 1.4.0 version 1.3.2 version 1.3.1 version 1.3 version 1.2.1 version 1.2 version 1.1.2 version 1.1.1 version 1.1 version 1.0.12 version 1.0.11 version 1.0.10 version 1.0.9 version 1.0.8 version 1.0.7 version 1.0.6 version 1.0.5 version 1.0.4 version 1.0.3 version 1.0.2 version 1.0.1 version 1.0 *Vendor URL & buy:* WordPress Daily Edition Theme can be got from here, http://www.woothemes.com/products/daily-edition/ http://dzv365zjfbd8v.cloudfront.net/changelogs/dailyedition/changelog.txt *Product Introduction:* "Daily Edition WordPress Theme developed by wootheme team and Daily Edition is a clean, spacious newspaper/magazine theme designed by Liam McKay. With loads of home page modules to enable/disable and a unique java script-based featured scroller and video player the theme oozes sophistication" "The Daily Edition theme offers users many options, controlled from the widgets area and the theme options page – it makes both the themes appearance and functions flexible. From The Daily Edition 3 option pages you can for example add your Twitter and Google analytics code, some custom CSS and footer content – and in the widgets area you find a practical ads management." "Unique Features These are some of the more unique features that you will find within the theme: A neat javascript home page featured slider, with thumbnail previews of previous/next slides on hover over the dots. A “talking points” home page that can display posts according to tags, in order of most commented to least commented. A great way to highlight posts gathering dust in the archives. A customizable home page layout with options to specify how many full width blog posts and how many “box” posts you would like to display. A javascript home page video player with thumbnail hover effect. 16 delicious colour schemes to choose from!" *(2) Vulnerability Details:* WordPress Daily Edition Theme web application has a security bug problem. It can be exploited by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. *(2.1) *The code programming flaw occurs at "fiche-disque.php?" page with "id" parameters. *References:* http://tetraph.com/security/xss-vulnerability/wordpress-daily-edition-theme-v1-6-2-xss-cross-site-scripting-security-vulnerabilities/ http://securityrelated.blogspot.com/2015/03/wordpress-daily-edition-theme-v162-xss.html http://www.inzeed.com/kaleidoscope/computer-web-security/wordpress-daily-edition-theme-v1-6-2-xss-cross-site-scripting-security-vulnerabilities/ http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/wordpress-daily-edition-theme-v1-6-2-xss-cross-site-scripting-security-vulnerabilities/ https://webtechwire.wordpress.com/2015/03/10/wordpress-daily-edition-theme-v1-6-2-xss-cross-site-scripting-security-vulnerabilities/ http://static-173-79-223-25.washdc.fios.verizon.net/?l=full-disclosure&m=142426561507008&w=2 https://cxsecurity.com/issue/WLB-2015030029 -- Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. http://www.tetraph.com/wangjing/ https://twitter.com/tetraphibious Source

*WordPress Daily Edition Theme v1.6.2 SQL Injection Security Vulnerabilities* Exploit Title: WordPress Daily Edition Theme v1.6.2 /fiche-disque.php id Parameters SQL Injection Security Vulnerabilities Product: WordPress Daily Edition Theme Vendor: WooThemes Vulnerable Versions: v1.6.2 Tested Version: v1.6.2 Advisory Publication: Mar 07, 2015 Latest Update: Mar 07, 2015 Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') [CWE-89] CVE Reference: * Impact CVSS Severity (version 2.0): CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend) Impact Subscore: 6.4 Exploitability Subscore: 10.0 Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore] *Advisory Details:* *(1) Vendor & Product Description:* *Vendor:* WooThemes *Product & Version:* WordPress Daily Edition Theme v1.6.2 *Vendor URL & Download:* WordPress Daily Edition Theme can be got from here, http://www.woothemes.com/products/daily-edition/ *Product Introduction:* "Daily Edition WordPress Theme developed by wootheme team and Daily Edition is a clean, spacious newspaper/magazine theme designed by Liam McKay. With loads of home page modules to enable/disable and a unique java script-based featured scroller and video player the theme oozes sophistication" "The Daily Edition theme offers users many options, controlled from the widgets area and the theme options page – it makes both the themes appearance and functions flexible. From The Daily Edition 3 option pages you can for example add your Twitter and Google analytics code, some custom CSS and footer content – and in the widgets area you find a practical ads management." "Unique Features These are some of the more unique features that you will find within the theme: A neat javascript home page featured slider, with thumbnail previews of previous/next slides on hover over the dots. A “talking points” home page that can display posts according to tags, in order of most commented to least commented. A great way to highlight posts gathering dust in the archives. A customizable home page layout with options to specify how many full width blog posts and how many “box” posts you would like to display. A javascript home page video player with thumbnail hover effect. 16 delicious colour schemes to choose from!" *(2) Vulnerability Details:* WordPress Daily Edition Theme web application has a security bug problem. It can be exploited by SQL Injection attacks. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. *(2.1)* The code flaw occurs at "fiche-disque.php?" page with "&id" parameter. *References:* http://www.tetraph.com/security/sql-injection-vulnerability/wordpress-daily-edition-theme-v1-6-2-sql-injection-security-vulnerabilities/ http://securityrelated.blogspot.com/2015/03/wordpress-daily-edition-theme-v162-sql.html http://www.inzeed.com/kaleidoscope/computer-web-security/wordpress-daily-edition-theme-v1-6-2-sql-injection-security-vulnerabilities/ http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/wordpress-daily-edition-theme-v1-6-2-sql-injection-security-vulnerabilities/ https://itswift.wordpress.com/2015/03/07/wordpress-daily-edition-theme-v1-6-2-sql-injection-security-vulnerabilities/ http://seclists.org/fulldisclosure/2015/Mar/27 http://packetstormsecurity.com/files/130075/SmartCMS-2-SQL-Injection.html -- Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. http://www.tetraph.com/wangjing/ https://plus.google.com/u/0/+JingWang-tetraph-justqdjing/posts Source *WordPress Daily Edition Theme v1.6.2 Unrestricted Upload of File Security Vulnerabilities* Exploit Title: WordPress Daily Edition Theme v1.6.2 /thumb.php src Parameter Unrestricted Upload of File Security Vulnerabilities Product: WordPress Daily Edition Theme Vendor: WooThemes Vulnerable Versions: v1.6.2 Tested Version: v1.6.2 Advisory Publication: Mar 07, 2015 Latest Update: Mar 07, 2015 Vulnerability Type: Unrestricted Upload of File with Dangerous Type [CWE-434] CVE Reference: * Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore] *Advisory Details:* *(1) Vendor & Product Description:* *Vendor:* WooThemes *Product & Version:* WordPress Daily Edition Theme v1.6.2 *Vendor URL & Download:* WordPress Daily Edition Theme can be got from here, http://www.woothemes.com/products/daily-edition/ *Product Introduction:* "Daily Edition WordPress Theme developed by wootheme team and Daily Edition is a clean, spacious newspaper/magazine theme designed by Liam McKay. With loads of home page modules to enable/disable and a unique java script-based featured scroller and video player the theme oozes sophistication" "The Daily Edition theme offers users many options, controlled from the widgets area and the theme options page – it makes both the themes appearance and functions flexible. From The Daily Edition 3 option pages you can for example add your Twitter and Google analytics code, some custom CSS and footer content – and in the widgets area you find a practical ads management." "Unique Features These are some of the more unique features that you will find within the theme: A neat javascript home page featured slider, with thumbnail previews of previous/next slides on hover over the dots. A “talking points” home page that can display posts according to tags, in order of most commented to least commented. A great way to highlight posts gathering dust in the archives. A customizable home page layout with options to specify how many full width blog posts and how many “box” posts you would like to display. A javascript home page video player with thumbnail hover effect. 16 delicious colour schemes to choose from!" *(2) Vulnerability Details:* WordPress Daily Edition Theme web application has a security bug problem. It can be exploited by "Unrestricted Upload of File" (Arbitrary File Uploading) attacks. With a specially crafted request, a remote attacker can include arbitrary files from the targeted host or from a remote or local host . This may allow disclosing file contents or executing files like PHP scripts. Such attacks are limited due to the script only calling files already on the target host. *(2.1)* The code flaw occurs at "thumb.php?" page with "src" parameters. *References:* http://tetraph.com/security/unrestricted-upload-of-file-arbitrary/wordpress-daily-edition-theme-v1-6-2-unrestricted-upload-of-file-security-vulnerabilities/ http://securityrelated.blogspot.com/2015/03/wordpress-daily-edition-theme-v162.html http://www.inzeed.com/kaleidoscope/computer-web-security/wordpress-daily-edition-theme-v1-6-2-unrestricted-upload-of-file-security-vulnerabilities/ http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/wordpress-daily-edition-theme-v1-6-2-unrestricted-upload-of-file-security-vulnerabilities/ https://itswift.wordpress.com/2015/03/07/wordpress-daily-edition-theme-v1-6-2-unrestricted-upload-of-file-security-vulnerabilities/ http://seclists.org/fulldisclosure/2015/Mar/4 http://packetstormsecurity.com/files/130653/Webshop-Hun-1.062S-Directory-Traversal.html -- Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. http://www.tetraph.com/wangjing/ https://plus.google.com/u/0/+JingWang-tetraph-justqdjing/posts Source

Salut tuturor celor din rst eu folosesc in prezent un avast free edition si ma gandeam sa fac schimbarea cu bitefender free edition dar ma paste gandurile ca avast ar fi mai bun as vrea si eu sa stiu care sunt optiuniile voastre si de ce .

Skype Spy USB Edition software allows you to monitor and track all Skype chats and activities, such as file transfers or calls. You can search monitored Skype data, make copies of data, and restore the data as well. Best of all, Skype Spy USB Edition is portable — you can easily run it from USB flash drive and use it on any computer without installation. In this way the app stays completely undetectable. It is a great option for anyone looking for an effective parental control solution or employee monitoring software. Free Skype Spy USB Edition (100% discount) Inca 4 zile si expira.

FL Studio Producer Edition 11.1.0 R2 (32-64 bit) Plugins.PK FL Studio Producer Edition 11.1.0 R2 (32-64 bit) Plugins.PK | 794 MB FL Studio 11 is a complete software music production environment, representing more than 14 years of innovative developments and our commitment to Lifetime Free Updates. Everything you need in one package to compose, arrange, record, edit, mix and master professional quality music. FL Studio 11 is the fastest way from your brain to your speakers. What can FL Studio 11 do? * Audio editing and manipulation including pitch correction, pitch shifting, harmonization, time-stretching, beat-detection & slicing, audio warping and standard audio manipulation (cut/paste etc). * Automate most interface and all plugin parameters by recording, drawing, spline-based automation curves, automation generators with formula based control of links. * Be hosted in other DAWs as a VST or connected through ReWire. * Live music performance including video effect visualization. * Mix and remix audio including apply real-time audio effects including delay, reverb & filtering. * Multi-track audio recording up to the limit of your audio-interface inputs. * Record & play MIDI input recording from keyboards, drum pads and controllers. * Sequencing and arranging with pattern and linear workflow possible. * Synthesizer & effect plugin hosting VST 32 & 64 bit, DX and FL Native formats. Notable New Features - Performance mode - Trigger Playlist Clips live using a mouse, touch screen, typing keyboard or MIDI controller. Supports APC20/40, Launchpad, Lemur, Block, Maschine/Mikro, padKONTROL, Traktor Kontrol (and more). - Multi-touch support - FL Studio and some plugins now respond to Multi-touch with Microsoft gesture functions supported. - Playlist - 199 Playlist tracks, increased from 99. - Linking includes MIDI input port - Links now remember the MIDI input port used to avoid conflict between controllers. - Playlist & Piano roll - Horizontal & vertical movement locking. Shift is horizontal lock & Ctrl is vertical lock when dragging items. - Piano roll - Glue notes, Mouse wheel velocity, Monophonic step entry mode & Chop chords tool. - Right-click data entry - Most controls now allow a Right-click option to type in values. - Plugin Picker - Right-click to open a plugin and its presets in the Browser. Start typing plugin names to highlight entries. - Mixer - Page Up/Down keyboard keys cycle through the current mixer track's plugin windows. - Options - Play truncated notes in clips restores notes overlapping slice points in Pattern Clips. Click and hold functions. GUI animation level now selectable from sober to entertaining. New Plugins - BassDrum - Deep Kick-Bass percussion synthesizer with sample layering. BassDrum was developed due to strong and loud customer demand for punchy kicks with a big bottom end. Our solution was to take a hybrid synthesis/sample route to provide unlimited customization for the perfect kick sound. - GMS (Groove Machine Synth) - Multi-timbral hybrid synthesizer & FX channel lifted from Groove Machine. Another plugin by popular demand. - Effector - 12 performance oriented effects: Distortion, Lo-Fi bit reduction, Flanging, Phasing, Filter (low/high pass), Delay, Reverb, Stereo panning & binaural effect, Gating, Granulizer, Vocal formant and Ring modulation effects. Effector was introduced to compliment Performance Mode and is perfect for use with multi-touch displays & controllers. - Patcher - Introduced with FL Studio 10 to provide a means of saving and recalling commonly used effects and plugin chains. Itâ?™s in the new section as, aside from being overhauled with animated connections and a fresh interface, patcher has gained two, of many more to come, Voice Effects (VFX). - VFX Key Mapper - Allows note inputs, live or from the Piano roll, to be transposed, keychanged, chorded or creatively remapped. - VFX Color Mapper - Leverages FL Studioâ?™s 16 Piano roll note colors that have traditionally mapped to MIDI channels. Now inside Patcher note colors can control 16 independent generators/instruments or groups of generators Updated Plugins - FL Flowstone - Flowstone is the successor to the original Synthmaker program. Now including the Ruby high level programming language. Not only can you still create Synths, Effects but also control external hardware with support for USB devices, I/O cards, Wi-Fi, webcams and audio hardware. Itâ?™s true… connected to the right robot, FL Studio is the first DAW in the world that can now make you a coffee! - Newtone 2 - Has been completely re-written with a new analysis and pitch engine for more accuracy, while also brushing up the workflow. Shortcuts & mouse actions now harmonize with FL Studioâ?™s Piano roll and Playlist, where possible. Most exciting are the new Vibrato and Warp editors. The Vibrato editor allows users to create vibrato effects from scratch with controls including start/end amount and frequency. The editor even detects existing vibrato and displays this value so users can match the singers natural tendency, if desired. The Warp editor is designed to work with mono or polyphonic material and is perfect for slicing and re-timing/quantizing drum-loops, vocal performances and is great for sounddesign experimentation. Importantly, Newtone 2 is a free update for existing customers. - Harmor - Rising star of the Electro and Dubstep scene, voted in the top 10 plugins of 2013 by MusicRadar readers, now supports Komplexer WT wavetables & 'Map audio regions to keys' for sampler like functionality and auto-dump to score for Slicex like drum handling. The preset count continues to rise too as patches keep flooding in from the thriving user base. - ZGameEditor Visualizer - Based on the free open source ZGameEditor that can be used to create 2D & 3D video game style visualization objects for the plugin. ZGE Visualizer can create real-time or rendered HD video effects in automated or automatic sync with FL Studio projects to support live performances or YouTube videos. Under FL Studio 11 the plugin receives a slew of new shadier modules for stunning HD video effects. - DirectWave - Added multi-timbral mode to the FL native version so you can load and play more than one patch from note colors in the Piano roll. Thereâ?™s also a new live 16 point sincinterpolation mode for lower CPU usage when using DirectWave in multi-timbral mode. FL Studio system requirements: * 2Ghz Intel Pentium 4 / AMD Athlon 64 (or later) compatible CPU with full SSE2 support. The faster your CPU and more cores it has the more you will be able to do simultaneously. Download and test the demo! * 32 or 64 Bit versions of Windows 8, Windows 7, Vista, XP (with service pack 3) * (or) Intel Mac with Boot Camp / Windows. Running XP (with service pack 3), Vista or Windows 7 (in 32 or 64 Bit) * 1 Gb or more RAM recommended * 1 Gb free disk space * Soundcard with DirectSound drivers. ASIO/ASIO2 compatible required for audio recording (FL Studio installs with generic ASIO4ALL drivers) DOWNLOAD LINKS: http://u19822771.letitbit.net/download/13983.1909e6f158d6cc2268d043d2bc5a/FL_Studio_Producer_Edition_11.1.0_R2_%2832-64_bit%29_Plugins.PK.part1.rar.html http://u19822771.letitbit.net/download/83987.83a71530e59f67ed7a4fa552e1c4/FL_Studio_Producer_Edition_11.1.0_R2_%2832-64_bit%29_Plugins.PK.part2.rar.html http://u19822771.letitbit.net/download/02242.03ad71adf8a6fac25cd70ce534dd/FL_Studio_Producer_Edition_11.1.0_R2_%2832-64_bit%29_Plugins.PK.part3.rar.html http://u19822771.letitbit.net/download/89098.8e8f78ee9ce9492ea34cd8966de5/FL_Studio_Producer_Edition_11.1.0_R2_%2832-64_bit%29_Plugins.PK.part4.rar.html http://u19822771.letitbit.net/download/12855.156adced20e8eff3e1b60f0ce214/FL_Studio_Producer_Edition_11.1.0_R2_%2832-64_bit%29_Plugins.PK.part5.rar.html http://u19822771.letitbit.net/download/86693.80172a58cf87f187ac793c55b2bb/FL_Studio_Producer_Edition_11.1.0_R2_%2832-64_bit%29_Plugins.PK.part6.rar.html http://uploaded.net/file/2nzkxfab/FL_Studio_Producer_Edition_11.1.0_R2_%2832-64_bit%29_Plugins.PK.part1.rar http://uploaded.net/file/4ubto9be/FL_Studio_Producer_Edition_11.1.0_R2_%2832-64_bit%29_Plugins.PK.part2.rar http://uploaded.net/file/u1yoldcy/FL_Studio_Producer_Edition_11.1.0_R2_%2832-64_bit%29_Plugins.PK.part3.rar http://uploaded.net/file/3414vqsy/FL_Studio_Producer_Edition_11.1.0_R2_%2832-64_bit%29_Plugins.PK.part4.rar http://uploaded.net/file/10poseg7/FL_Studio_Producer_Edition_11.1.0_R2_%2832-64_bit%29_Plugins.PK.part5.rar http://uploaded.net/file/4w4lp1gt/FL_Studio_Producer_Edition_11.1.0_R2_%2832-64_bit%29_Plugins.PK.part6.rar http://rapidgator.net/file/c25c5094d502824a57f94e9c37ccb73b/FL_Studio_Producer_Edition_11.1.0_R2_(32-64_bit)_Plugins.PK.part1.rar.html http://rapidgator.net/file/c9b958852f31f001e1e8b3ab5f9fd3b4/FL_Studio_Producer_Edition_11.1.0_R2_(32-64_bit)_Plugins.PK.part2.rar.html http://rapidgator.net/file/703035dc2778f881aa25c97d47d749ab/FL_Studio_Producer_Edition_11.1.0_R2_(32-64_bit)_Plugins.PK.part3.rar.html http://rapidgator.net/file/de3cceb19df9aace47b5f4bb8315d777/FL_Studio_Producer_Edition_11.1.0_R2_(32-64_bit)_Plugins.PK.part4.rar.html http://rapidgator.net/file/27d99205d3da513e025cd9de3cd1d1eb/FL_Studio_Producer_Edition_11.1.0_R2_(32-64_bit)_Plugins.PK.part5.rar.html http://rapidgator.net/file/6a2b8b445cecd2716d663f2e4618b7a2/FL_Studio_Producer_Edition_11.1.0_R2_(32-64_bit)_Plugins.PK.part6.rar.html http://www.uploadable.ch/file/JpKex8Vhm6Xk/FL_Studio_Producer_Edition_11.1.0_R2_(32-64_bit)_Plugins.PK.part1.rar http://www.uploadable.ch/file/q7yahd9h6nUJ/FL_Studio_Producer_Edition_11.1.0_R2_(32-64_bit)_Plugins.PK.part2.rar http://www.uploadable.ch/file/HDbWNWSJ2ZGE/FL_Studio_Producer_Edition_11.1.0_R2_(32-64_bit)_Plugins.PK.part3.rar http://www.uploadable.ch/file/Hqsdjqx684vK/FL_Studio_Producer_Edition_11.1.0_R2_(32-64_bit)_Plugins.PK.part4.rar http://www.uploadable.ch/file/pkWTEGkb7HUB/FL_Studio_Producer_Edition_11.1.0_R2_(32-64_bit)_Plugins.PK.part5.rar http://www.uploadable.ch/file/dPBHFUHHNeCx/FL_Studio_Producer_Edition_11.1.0_R2_(32-64_bit)_Plugins.PK.part6.rar