exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 53 RSS Feed

Files from Claudio Viviani

First Active2014-07-09
Last Active2018-11-05
blueimp jQuery Arbitrary File Upload
Posted Nov 5, 2018
Authored by Larry W. Cashdollar, wvu, Claudio Viviani | Site metasploit.com

This Metasploit module exploits an arbitrary file upload in the sample PHP upload handler for blueimp's jQuery File Upload widget in versions 9.22.0 and below. Due to a default configuration in Apache 2.3.9+, the widget's .htaccess file may be disabled, enabling exploitation of this vulnerability. This vulnerability has been exploited in the wild since at least 2015 and was publicly disclosed to the vendor in 2018. It has been present since the .htaccess change in Apache 2.3.9. This Metasploit module provides a generic exploit against the jQuery widget.

tags | exploit, arbitrary, php, file upload
advisories | CVE-2018-9206
SHA-256 | d34fb14aa9b4338617c18788b969d61c2e2bb73edfa259074f37f0336142d5c4
IPFire Bash Environment Variable Injection (Shellshock)
Posted Jun 9, 2016
Authored by h00die, Claudio Viviani | Site metasploit.com

IPFire, a free linux based open source firewall distribution, versions 2.15 Update Core 82 and below contain an authenticated remote command execution vulnerability via shellshock in the request headers.

tags | exploit, remote
systems | linux
advisories | CVE-2014-6271
SHA-256 | 72f8b0873dc11b2d3d2949fc7e34c4a2aa14b2eba24cd506e1e1251f6aec3dd2
WordPress WP Fast Cache 1.4 CSRF / Cross Site Scripting
Posted May 27, 2015
Authored by Claudio Viviani

WordPress WP Fast Cache plugin version 1.4 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | ac41aca70c5a88f3a41f984ab0c2e9a4230e3046cb8b4f0c82930a77e26d30c1
WordPress Video Gallery 2.8 Unprotected Mail Page
Posted May 22, 2015
Authored by Claudio Viviani

WordPress Video Gallery plugin version 2.8 fails to protect email functionality allowing it to be leveraged for spam.

tags | exploit
SHA-256 | b38dfee27a4c0e1d32faae66624c949bb13653c914e633032fe3b5a39ed22b21
WordPress NEX-Forms 3.0 SQL Injection
Posted Apr 21, 2015
Authored by Claudio Viviani

WordPress NEX-Forms version 3.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f3d2ee0169a4862b50a26f4db64ebb0dd910007cf1db21e531bf128f5fd07b11
WordPress N-Media Website Contact Form Upload
Posted Apr 19, 2015
Authored by Claudio Viviani | Site metasploit.com

This Metasploit module exploits an arbitrary PHP code upload in the WordPress N-Media Website Contact Form plugin, version 1.3.4. The vulnerability allows for arbitrary file upload and remote code execution.

tags | exploit, remote, arbitrary, php, code execution, file upload
SHA-256 | 06defc0f9a3b1e41269ef7d6c96eebcf75e56a0475dd25a9e1826f8f400e3fd3
WordPress Work The Flow Upload
Posted Apr 19, 2015
Authored by Claudio Viviani | Site metasploit.com

This Metasploit module exploits an arbitrary PHP code upload in the WordPress Work The Flow plugin, version 2.5.2. The vulnerability allows for arbitrary file upload and remote code execution.

tags | exploit, remote, arbitrary, php, code execution, file upload
SHA-256 | 99dafcf218991769dca62fedd1f31fd6083ce929bdd0f494ed3fe6bdff34ddcb
WordPress Ajax Store Locator 1.2 SQL Injection
Posted Apr 16, 2015
Authored by Claudio Viviani

WordPress Ajax Store Locator versions 1.2 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | fd61a90ff71456bbb57803a78ab4b9979a249f8fe9d9954c7d0fb7e5c79ff6de
WordPress Video Gallery 2.8 SQL Injection
Posted Apr 14, 2015
Authored by Claudio Viviani

WordPress Video Gallery plugin version 2.8 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 2a03380193003bbe9235920994e16af47220139c1f116419515e226aad7aa622
WordPress N-Media Website Contact Form 1.3.4 Shell Upload
Posted Apr 14, 2015
Authored by Claudio Viviani

WordPress N-Media Website Contact Form with File Upload plugin version 1.3.4 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, file upload
SHA-256 | d41218aa3071ffb2db81fe0f6d6cbe3647a9998ddb374231757e89456688781a
WordPress Brute Forcer 2.0
Posted Apr 14, 2015
Authored by Claudio Viviani

This is a python script that performs brute forcing against WordPress installs using a wordlist.

Changes: xml-rpc brute force functionality added.
tags | tool, cracker, python
SHA-256 | 2d97133aba0d51470e503dd301f411312b3310db7a1d1bc94a2801174b8229ca
WordPress Duplicator 0.5.14 Cross Site Request Forgery / SQL Injection
Posted Apr 10, 2015
Authored by Claudio Viviani

WordPress Duplicator plugin versions 0.5.14 and below suffer from cross site request forgery and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, csrf
SHA-256 | f6a51d5df014feb4bd047ab4edcd3143f94f10035313ee7d5c44176c2ffdf44c
WordPress All In One WP Security And Firewall 3.9.0 SQL Injection
Posted Apr 7, 2015
Authored by Claudio Viviani

WordPress All In One WP Security and Firewall plugin version 3.9.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 2203b9343977b8ce1c7756e193c53801aae33bcc43ac2d1b9dbd42170428a048
WordPress Work The Flow 2.5.2 Shell Upload
Posted Apr 6, 2015
Authored by Claudio Viviani

WordPress Work The Flow plugin version 2.5.2 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | b23e731d1911c049312f934170230326589cb951911a5055e04af2200b606f71
WordPress Marketplace 2.4.0 Add Administrator
Posted Mar 25, 2015
Authored by Claudio Viviani, Kacper Szurek

WordPress Marketplace plugin version 2.4.0 add administrator exploit that leverages a vulnerability that allows an attacker to execute any php function unauthenticated.

tags | exploit, php
SHA-256 | ac59d4a9526b37f10ef94defac072ade2a47ac7bfca88a79255e93f826142f61
WordPress Video Gallery 2.7 SQL Injection
Posted Feb 12, 2015
Authored by Claudio Viviani

WordPress Video Gallery plugin version 2.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f1c1b63158e55fcb88ffb9e2a48a95cd38c6187d753ae7798f61c163dd8da92c
WordPress WP Symposium 14.11 Shell Upload
Posted Jan 12, 2015
Authored by Claudio Viviani | Site metasploit.com

WP Symposium Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /wp-symposium/server/file_upload_form.php script does not properly verify or sanitize user-uploaded files. By uploading a .php file, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the attacker to execute the script with the privileges of the web server.

tags | exploit, remote, web, arbitrary, php
SHA-256 | 42ecbf4669c89af75d07968bac4f2e5509c6bb5b265890feae2edd0dd0629e00
WordPress Download Manager 2.7.4 Remote Command Execution
Posted Dec 14, 2014
Authored by Claudio Viviani

WordPress Download Manager versions 2.7.0 through 2.7.4 suffer from a remote command execution vulnerability.

tags | exploit, remote
SHA-256 | 34ddb275d5055cb3a01743e4fca6a4ffb4537f87c1b95c998437a4e5e1c60732
WordPress WP Symposium 14.11 Shell Upload
Posted Dec 12, 2014
Authored by Claudio Viviani

WordPress WP Symposium plugin version 14.11 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 40867e4656d0afdb7971cdcbf809828fca4fa407c0742530d5803363e555b810
WordPress Ajax Store Locator 1.2 Arbitrary File Download
Posted Dec 7, 2014
Authored by Claudio Viviani

WordPress Ajax Store Locator plugin version 1.2 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary
SHA-256 | fa66ce4a4e1a666bfd65e30d511a241b3ef667fc053b4e9ec7d96bdc501e7ed5
WordPress wpDataTables 1.5.3 SQL Injection
Posted Nov 23, 2014
Authored by Claudio Viviani

WordPress wpDataTables plugin versions 1.5.3 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 87a417e5238d97fe9035e045c94dfd0fcf4fb3ff779079cb6b1d8e8d37e03b1d
WordPress wpDataTables 1.5.3 Shell Upload
Posted Nov 23, 2014
Authored by Claudio Viviani

WordPress wpDataTables versions 1.5.3 and below suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 4c0eecc8ed8af779770866bde670598a67953b0d2cf85eb5d22da1857bc1698c
Joomla HD FLV 2.1.0.1 Arbitrary File Download
Posted Nov 17, 2014
Authored by Claudio Viviani

Joomla HD FLV version 2.1.0.1 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary
SHA-256 | 1f5d7b6e8ab1c5f896baacf5de0ee26586da67dbb2afa7fa04a53506d348e45a
Joomla HD FLV 2.1.0.1 SQL Injection
Posted Nov 13, 2014
Authored by Claudio Viviani

Joomla HD FLV component version 2.1.0.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 733162606ba1c6d3ad296a0f60b1de5ca10abf359fa141da227db38f94650974
Joomla RD Download SQL Injection
Posted Oct 29, 2014
Authored by Claudio Viviani

Joomla RD Download component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f9d63dd2aa36dce348509d77140267a331a149cfa6a084b1c13b9c8fc1a423a9
Page 1 of 3
Back123Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    20 Files
  • 31
    Jan 31st
    31 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close