CVE-2017-20095 – Simple Ads Manager Plugin code injection
https://notcve.org/view.php?id=CVE-2017-20095
A vulnerability classified as critical was found in Simple Ads Manager Plugin. This vulnerability affects unknown code. The manipulation leads to code injection. The attack can be initiated remotely. Se ha encontrado una vulnerabilidad clasificada como crítica en el plugin Simple Ads Manager. • http://seclists.org/fulldisclosure/2017/Feb/80 https://vuldb.com/?id.97372 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2015-2826 – Simple Ads Manager 2.5.94 & 2.5.96 - Information Disclosure
https://notcve.org/view.php?id=CVE-2015-2826
WordPress Simple Ads Manager plugin 2.5.94 and 2.5.96 allows remote attackers to obtain sensitive information. El plugin Simple Ads Manager para WordPress en sus versiones 2.5.94 y 2.5.96 permite que los atacantes remotos obtengan información sensible. WordPress Simple Ads Manager plugin versions 2.5.94 and 2.5.96 suffer from an information disclosure vulnerability. • https://www.exploit-db.com/exploits/36615 http://packetstormsecurity.com/files/131281/WordPress-Simple-Ads-Manager-2.5.94-2.5.96-Information-Disclosure.html http://seclists.org/fulldisclosure/2015/Apr/10 http://www.itas.vn/news/ITAS-Team-found-out-multiple-critical-vulnerabilities-in-Hakin9-IT-Security-Magazine-78.html http://www.securityfocus.com/archive/1/535170/100/1200/threaded http://www.securityfocus.com/bid/73924 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-2824 – Simple Ads Manager < 2.7.97 - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2015-2824
Multiple SQL injection vulnerabilities in the Simple Ads Manager plugin before 2.7.97 for WordPress allow remote attackers to execute arbitrary SQL commands via a (1) hits[][] parameter in a sam_hits action to sam-ajax.php; the (2) cstr parameter in a load_posts action to sam-ajax-admin.php; the (3) searchTerm parameter in a load_combo_data action to sam-ajax-admin.php; or the (4) subscriber, (5) contributor, (6) author, (7) editor, (8) admin, or (9) sadmin parameter in a load_users action to sam-ajax-admin.php. Múltiples vulnerabilidades de inyección SQL en el plugin Simple Ads Manager en versiones anteriores a 2.7.97 para WordPress permiten a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro (1) hits[][] en una acción sam_hits para sam-ajax.php; (2) cstr en una acción load_posts para sam-ajax-admin.php; (3) searchTerm en una acción load_combo_data para sam-ajax-admin.php o el parámetro (4) subscriptor, (5) contribuyente, (6) autor, (7) editor, (8) administrador o (9) sadmin en una acción load_users para sam-ajax-admin.php. WordPress Simple Ads Manager plugin versions 2.5.94 and 2.5.96 suffer from multiple remote SQL injection vulnerabilities. • https://www.exploit-db.com/exploits/36613 http://packetstormsecurity.com/files/131280/WordPress-Simple-Ads-Manager-2.5.94-2.5.96-SQL-Injection.html http://seclists.org/fulldisclosure/2015/Apr/6 http://seclists.org/fulldisclosure/2015/Apr/7 http://www.itas.vn/news/ITAS-Team-found-out-multiple-critical-vulnerabilities-in-Hakin9-IT-Security-Magazine-78.html http://www.securityfocus.com/archive/1/535165/100/0/threaded http://www.securityfocus.com/archive/1/535168/100/0/threaded http: • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2015-2825 – Simple Ads Manager <= 2.5.94 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2015-2825
Unrestricted file upload vulnerability in sam-ajax-admin.php in the Simple Ads Manager plugin before 2.5.96 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the path parameter. Vulnerabilidad de la subida de ficheros sin restricciones en sam-ajax-admin.php en el plugin Simple Ads Manager anterior a 2.5.96 para WordPress permite a atacantes remotos ejecutar código arbitrario mediante la subida de un fichero con una extensión ejecutable, y posteriormente accediendo a ello a través de una solicitud directa al fichero en el directorio especificado por el parámetro de ruta. WordPress Simple Ads Manager version 2.5.94 suffers from an arbitrary file upload vulnerability. • https://www.exploit-db.com/exploits/36614 http://packetstormsecurity.com/files/131282/WordPress-Simple-Ads-Manager-2.5.94-File-Upload.html http://seclists.org/fulldisclosure/2015/Apr/8 http://www.itas.vn/news/ITAS-Team-found-out-multiple-critical-vulnerabilities-in-Hakin9-IT-Security-Magazine-78.html https://wordpress.org/plugins/simple-ads-manager/changelog • CWE-434: Unrestricted Upload of File with Dangerous Type •