Exploit the possiblities
Showing 1 - 25 of 52 RSS Feed

Files from Claudio Viviani

First Active2014-07-09
Last Active2016-06-09
IPFire Bash Environment Variable Injection (Shellshock)
Posted Jun 9, 2016
Authored by h00die, Claudio Viviani | Site metasploit.com

IPFire, a free linux based open source firewall distribution, versions 2.15 Update Core 82 and below contain an authenticated remote command execution vulnerability via shellshock in the request headers.

tags | exploit, remote
systems | linux
advisories | CVE-2014-6271
MD5 | 346568e36e1b3865af232e9ca23aee0a
WordPress WP Fast Cache 1.4 CSRF / Cross Site Scripting
Posted May 27, 2015
Authored by Claudio Viviani

WordPress WP Fast Cache plugin version 1.4 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 970de0cccd55e97698e0ddb7dbc68aca
WordPress Video Gallery 2.8 Unprotected Mail Page
Posted May 22, 2015
Authored by Claudio Viviani

WordPress Video Gallery plugin version 2.8 fails to protect email functionality allowing it to be leveraged for spam.

tags | exploit
MD5 | 277642e645191461c5d88c0fc4c98316
WordPress NEX-Forms 3.0 SQL Injection
Posted Apr 21, 2015
Authored by Claudio Viviani

WordPress NEX-Forms version 3.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | b5464890e8416ab1e0869a03d85dbc46
WordPress N-Media Website Contact Form Upload
Posted Apr 19, 2015
Authored by Claudio Viviani | Site metasploit.com

This Metasploit module exploits an arbitrary PHP code upload in the WordPress N-Media Website Contact Form plugin, version 1.3.4. The vulnerability allows for arbitrary file upload and remote code execution.

tags | exploit, remote, arbitrary, php, code execution, file upload
MD5 | f48296e18e9f4421ac086119c662d7d7
WordPress Work The Flow Upload
Posted Apr 19, 2015
Authored by Claudio Viviani | Site metasploit.com

This Metasploit module exploits an arbitrary PHP code upload in the WordPress Work The Flow plugin, version 2.5.2. The vulnerability allows for arbitrary file upload and remote code execution.

tags | exploit, remote, arbitrary, php, code execution, file upload
MD5 | dc2ad90b527114d951180cd2ca685749
WordPress Ajax Store Locator 1.2 SQL Injection
Posted Apr 16, 2015
Authored by Claudio Viviani

WordPress Ajax Store Locator versions 1.2 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | b87b641e8387dccf32236c52134b2bf5
WordPress Video Gallery 2.8 SQL Injection
Posted Apr 14, 2015
Authored by Claudio Viviani

WordPress Video Gallery plugin version 2.8 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 91e1e742be25825ee18eacf250a0ca58
WordPress N-Media Website Contact Form 1.3.4 Shell Upload
Posted Apr 14, 2015
Authored by Claudio Viviani

WordPress N-Media Website Contact Form with File Upload plugin version 1.3.4 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, file upload
MD5 | d1369c935b67801ec73ebd0a36cf75ad
WordPress Brute Forcer 2.0
Posted Apr 14, 2015
Authored by Claudio Viviani

This is a python script that performs brute forcing against WordPress installs using a wordlist.

Changes: xml-rpc brute force functionality added.
tags | tool, cracker, python
MD5 | 86b184d2f14fbe6d4a6688937b22f574
WordPress Duplicator 0.5.14 Cross Site Request Forgery / SQL Injection
Posted Apr 10, 2015
Authored by Claudio Viviani

WordPress Duplicator plugin versions 0.5.14 and below suffer from cross site request forgery and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, csrf
MD5 | 358733e9242378029375a7848241c82c
WordPress All In One WP Security And Firewall 3.9.0 SQL Injection
Posted Apr 7, 2015
Authored by Claudio Viviani

WordPress All In One WP Security and Firewall plugin version 3.9.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | a1033ab188c6204240447b008a96d205
WordPress Work The Flow 2.5.2 Shell Upload
Posted Apr 6, 2015
Authored by Claudio Viviani

WordPress Work The Flow plugin version 2.5.2 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | a53233d734f9fe05eae5802395b125b1
WordPress Marketplace 2.4.0 Add Administrator
Posted Mar 25, 2015
Authored by Claudio Viviani, Kacper Szurek

WordPress Marketplace plugin version 2.4.0 add administrator exploit that leverages a vulnerability that allows an attacker to execute any php function unauthenticated.

tags | exploit, php
MD5 | f2259eb205884943bc346084f62118cf
WordPress Video Gallery 2.7 SQL Injection
Posted Feb 12, 2015
Authored by Claudio Viviani

WordPress Video Gallery plugin version 2.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | cb0c8c929a2e9fd54757ffd2ac02db26
WordPress WP Symposium 14.11 Shell Upload
Posted Jan 12, 2015
Authored by Claudio Viviani | Site metasploit.com

WP Symposium Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /wp-symposium/server/file_upload_form.php script does not properly verify or sanitize user-uploaded files. By uploading a .php file, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the attacker to execute the script with the privileges of the web server.

tags | exploit, remote, web, arbitrary, php
MD5 | 309dbdb413d8a101edf6ade1cf18c136
WordPress Download Manager 2.7.4 Remote Command Execution
Posted Dec 14, 2014
Authored by Claudio Viviani

WordPress Download Manager versions 2.7.0 through 2.7.4 suffer from a remote command execution vulnerability.

tags | exploit, remote
MD5 | 4d642ad47c679a17976811dc9ebbbd55
WordPress WP Symposium 14.11 Shell Upload
Posted Dec 12, 2014
Authored by Claudio Viviani

WordPress WP Symposium plugin version 14.11 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | ac04e83350139c5901ed8fd42e22a464
WordPress Ajax Store Locator 1.2 Arbitrary File Download
Posted Dec 7, 2014
Authored by Claudio Viviani

WordPress Ajax Store Locator plugin version 1.2 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary
MD5 | ab93a8265b7f6e5ac250163794e75637
WordPress wpDataTables 1.5.3 SQL Injection
Posted Nov 23, 2014
Authored by Claudio Viviani

WordPress wpDataTables plugin versions 1.5.3 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | a123a81e0deb2d9ce416a908c9bbca83
WordPress wpDataTables 1.5.3 Shell Upload
Posted Nov 23, 2014
Authored by Claudio Viviani

WordPress wpDataTables versions 1.5.3 and below suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 6dd9440759a0ec3fd0e7469d2f2efb56
Joomla HD FLV 2.1.0.1 Arbitrary File Download
Posted Nov 17, 2014
Authored by Claudio Viviani

Joomla HD FLV version 2.1.0.1 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary
MD5 | e0a2edd9c4c63272bf8b74e89adb61b1
Joomla HD FLV 2.1.0.1 SQL Injection
Posted Nov 13, 2014
Authored by Claudio Viviani

Joomla HD FLV component version 2.1.0.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 36af03c493b73397c8ae9bca193459f2
Joomla RD Download SQL Injection
Posted Oct 29, 2014
Authored by Claudio Viviani

Joomla RD Download component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 3fdcf85c29196d21ef907436b776b5e8
WordPress CP Multi View Event Calendar 1.01 SQL Injection
Posted Oct 23, 2014
Authored by Claudio Viviani

WordPress CP Multi View Event Calendar plugin version 1.01 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 9a883344bc137ff2023ca48bfb0d42c5
Page 1 of 3
Back123Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close