what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 30 RSS Feed

Files from Ron Jost

First Active2021-05-24
Last Active2022-02-21
WordPress Perfect Survey 1.5.1 SQL Injection
Posted Feb 21, 2022
Authored by Ron Jost

WordPress Perfect Survey plugin version 1.5.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2021-24762
SHA-256 | ab5b6dcc9f080add826ddde39b1034b8a2169f9e05ade5e04cba6ab0dd330869
WordPress WP User Frontend 3.5.25 SQL Injection
Posted Feb 21, 2022
Authored by Ron Jost

WordPress WP User Frontend plugin version 3.5.25 suffers from an authenticated remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2021-25076
SHA-256 | 280867a4c60d20510ff5bcaa423c881cbcd213e1b2b74568a593019331132f17
WordPress Secure Copy Content Protection And Content Locking 2.8.1 SQL Injection
Posted Feb 10, 2022
Authored by Ron Jost

WordPress Secure Copy Content Protection and Content Locking plugin version 2.8.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2021-24931
SHA-256 | cb1ff4a94966973a9f9745f4956453fdb970465f7f6d6d0343ce60a252705807
WordPress Download Monitor WordPress 4.4.4 SQL Injection
Posted Feb 2, 2022
Authored by Ron Jost

WordPress Download Monitor WordPress plugin versions prior to 4.4.5 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2021-24786
SHA-256 | 500a8c4ca8705305ded030ce7ad67e47e62f151c0f0598358986d31b63089709
WordPress 404 To 301 2.0.2 SQL Injection
Posted Feb 2, 2022
Authored by Ron Jost

WordPress 404 to 301 plugin version 2.l0.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2015-9323
SHA-256 | 560479e379eb19da8b9dcced3bcc9ff7be02be670bdce171a13c96832f6f6f7f
WordPress RegistrationMagic V 5.0.1.5 SQL Injection
Posted Jan 27, 2022
Authored by Ron Jost

WordPress RegistrationMagic V plugin versions 5.0.1.5 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2021-24862
SHA-256 | fc704ca5ead8ef607cb727b84f02e144261f21080490cda78592accedd147834
WordPress Modern Events Calendar 6.1 SQL Injection
Posted Jan 27, 2022
Authored by Ron Jost

WordPress Modern Events Calendar plugin versions 6.1 and below suffer from an unauthenticated remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2021-24946
SHA-256 | 2a932ef31add8a8654da477a713636c2c7a4dce620d21c2f35410be6a9281339
WordPress Catch Themes Demo Import Shell Upload
Posted Jan 5, 2022
Authored by h00die, Thinkland Security Team, Ron Jost | Site metasploit.com

WordPress Catch Themes Demo Import plugin versions prior to 1.8 suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2021-39352
SHA-256 | 999305fb949e529f94cd8317c66ad4e660226106492dac5ff2bb180f31a8f911
WordPress WP Visitor Statistics 4.7 SQL Injection
Posted Jan 5, 2022
Authored by Ron Jost

WordPress WP Visitor Statistics plugin versions 4.7 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2021-24750
SHA-256 | c30e79d3378b88e8f60f69bc5a6ea89e055ee7c9573196ec41e66669ea908499
WordPress Catch Themes Demo Import 1.6.1 Shell Upload
Posted Dec 9, 2021
Authored by Ron Jost

WordPress Catch Themes Demo Import plugin versions 1.6.1 and below suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2021-39352
SHA-256 | aa2a40ca6681466ee19bd0785086d5094e88640579441d6538e0001846a9e1cf
WordPress BulletProof Security 5.1 Information Disclosure
Posted Oct 6, 2021
Authored by Ron Jost

WordPress BulletProof Security plugin version 5.1 suffers from an information disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2021-39327
SHA-256 | 33f02b1debbf864fbd6911ed76c760923b9ce967d442434c408c4072cc8ef3ab
WordPress SP Project And Document Remote Code Execution
Posted Jul 26, 2021
Authored by Ron Jost, Yann Castel | Site metasploit.com

This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in WordPress SP Project and Document plugin versions prior to 4.22. The security check only searches for lowercase file extensions such as .php, making it possible to upload .pHP files for instance. Finally, the uploaded payload can be triggered by a call to /wp-content/uploads/sp-client-document-manager/<user_id>/<random_payload_name>.php.

tags | exploit, arbitrary, shell, php, file upload
advisories | CVE-2021-24347
SHA-256 | 7d2c3f217f9d96a1b8933d18886edae37099a342dcf9addd2e24438914311c20
WordPress Modern Events Calendar Remote Code Execution
Posted Jul 26, 2021
Authored by Ron Jost, Yann Castel, Nguyen Van Khanh | Site metasploit.com

This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in WordPress Modern Events Calendar plugin versions prior to 5.16.5. This is due to an incorrect check of the uploaded file extension. Indeed, by using text/csv content-type in a request, it is possible to upload a .php payload as is is not forbidden by the plugin. Finally, the uploaded payload can be triggered by a call to /wp-content/uploads/<random_payload_name>.php.

tags | exploit, arbitrary, shell, php, file upload
advisories | CVE-2021-24145
SHA-256 | 69c7df31917c6908273c697f81d8629ab2b33991a9590623c7646f14dbb26004
WordPress Backup Guard Authenticated Remote Code Execution
Posted Jul 21, 2021
Authored by Ron Jost, Nguyen Van Khanh | Site metasploit.com

This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in Wordpress plugin Backup Guard versions prior to 1.6.0. This is due to an incorrect check of the uploaded file extension which should be of SGBP type. Then, the uploaded payload can be triggered by a call to /wp-content/uploads/backup-guard/<random_payload_name>.php.

tags | exploit, arbitrary, shell, php, file upload
advisories | CVE-2021-24155
SHA-256 | 3cec1dda9d347f45f65889e051e7fd1d9dc38d9c3e6197d8f4224ca67cb32a27
WordPress SP Project And Document Manager 4.21 Shell Upload
Posted Jul 8, 2021
Authored by Ron Jost

WordPress SP Project and Document Manager plugin version 4.21 suffers from a remote shell upload vulnerability.

tags | exploit, shell
advisories | CVE-2021-24347
SHA-256 | 803aa45c0f550c1286871610b453544c4160710aaf8afc70040b2f7e0f47a48d
WordPress Backup Guard 1.5.8 Shell Upload
Posted Jul 5, 2021
Authored by Ron Jost

WordPress Backup Guard plugin version 1.5.8 remote shell upload exploit.

tags | exploit, remote, shell
advisories | CVE-2021-24155
SHA-256 | fff7a31cabb9e677c9b7a571b07bc73bd4e7d93cef73bad084608ead38c240bb
WordPress Modern Events Calendar 5.16.2 Shell Upload
Posted Jul 2, 2021
Authored by Ron Jost

WordPress Modern Events Calendar plugin version 5.16.2 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2021-24145
SHA-256 | 8529bd568d3e33d5c15c9ae8583e97c47316e521e0b87a6184feab45a7cddfd7
WordPress Modern Events Calendar 5.16.2 Information Disclosure
Posted Jul 2, 2021
Authored by Ron Jost

WordPress Modern Events Calendar plugin version 5.16.2 suffers from an issue where unauthenticated parties can export all event data.

tags | exploit, info disclosure
advisories | CVE-2021-24146
SHA-256 | 9c55eac6365b593142e8f3a173f7aa293698baf5a8f8358228562690c149627d
WordPress XCloner 4.2.12 Remote Code Execution
Posted Jul 1, 2021
Authored by Ron Jost

WordPress XCloner plugin version 4.2.12 authenticated remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2020-35948
SHA-256 | 51efbd3b0d80695da5f2ea6b11516c3016521715f93c6235c7c98b89032ce059
OpenEMR 5.0.1.7 Path Traversal
Posted Jun 18, 2021
Authored by Ron Jost

OpenEMR version 5.0.1.7 suffers from a path traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2019-14530
SHA-256 | 4137f1bcde3ba0b062231c438d7bd1885e04568f8cb1e019f5635288f2560b7d
OpenEMR 5.0.1.3 Authentication Bypass
Posted Jun 17, 2021
Authored by Ron Jost

OpenEMR version 5.0.1.3 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2018-15152
SHA-256 | 8c51ce9e83e8eaeca8c59755964b36c0b72aafd2cc7c8e64dc0a2971a327baad
OpenEMR 5.0.1.3 Shell Upload
Posted Jun 14, 2021
Authored by Ron Jost

OpenEMR version 5.0.1.3 authenticated remote shell upload exploit.

tags | exploit, remote, shell
advisories | CVE-2018-15139
SHA-256 | 1c976d82d20d572267256bdb0e89f3da86fd7a4937ea55c99df13535b3d1abf2
OpenEMR 5.0.0 Remote Shell Upload
Posted Jun 11, 2021
Authored by Ron Jost

OpenEMR version 5.0.0 authenticated remote shell upload exploit.

tags | exploit, remote, shell
advisories | CVE-2017-9380
SHA-256 | 3477f1f072e94bd94017c7444dc3f0cdc0181bb156049e46ff8483d4de9bdca2
Monstra CMS 3.0.4 Remote Code Execution
Posted Jun 4, 2021
Authored by Ron Jost

Monstra CMS version 3.0.4 authenticated remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2018-6383
SHA-256 | a449bcb9e802e6538fd98131e3ca47d842f8cffabafa13b97c65cc397d12c250
GetSimple CMS 3.3.4 Information Disclosure
Posted Jun 2, 2021
Authored by Ron Jost

GetSimple CMS version 3.3.4 suffers from an information disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2014-8722
SHA-256 | 3809a30c1cb472a328c2d29db5c6f5604e64699f9c485680f097f292a0f1a822
Page 1 of 2
Back12Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close