what you don't know can hurt you
Showing 1 - 7 of 7 RSS Feed

Files from Hoa Nguyen

First Active2020-12-18
Last Active2021-06-28
WordPress wpDiscuz 7.0.4 Shell Upload
Posted Jun 28, 2021
Authored by Hoa Nguyen, Chloe Chamberland | Site metasploit.com

This Metasploit module exploits an arbitrary file upload in the WordPress wpDiscuz plugin versions from 7.0.0 through 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable server.

tags | exploit, remote, arbitrary, php, code execution, file upload
advisories | CVE-2020-24186
SHA-256 | fab2eeb88db6a1f9b11eed6c490a6ca021dd6f8237a47b405d41bd041a36af45
Simple JobBoard Authenticated File Read
Posted Jan 21, 2021
Authored by SunCSR, Hoa Nguyen, Arcangelo Saracino | Site metasploit.com

This Metasploit module exploits an authenticated directory traversal vulnerability in WordPress plugin Simple JobBoard versions prior to 2.9.3 to perform an arbitrary file read with the web server privileges.

tags | exploit, web, arbitrary
advisories | CVE-2020-35749
SHA-256 | 6496c8aa6342663e882ec2f4a0d63167dcd9c32f65f07c081d82e365efcf4f8d
WordPress wpDiscuz 7.0.4 Shell Upload
Posted Jan 8, 2021
Authored by Hoa Nguyen, Chloe Chamberland | Site metasploit.com

This Metasploit module exploits an arbitrary file upload in the WordPress wpDiscuz plugin version 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable server.

tags | exploit, remote, arbitrary, php, code execution, file upload
SHA-256 | 187052df5b77471af6ad467ad2dc057df0f9c9a641dd2c9d116e4f60896dcc30
WordPress Autoptimize Shell Upload
Posted Jan 8, 2021
Authored by Hoa Nguyen, Thien Ngo, Khanh Nguyen | Site metasploit.com

WordPress Autoptimize plugin suffers from a remote shell upload vulnerability. The ao_ccss_import AJAX call does not ensure that the file provided is a legitimate zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote code execution.

tags | exploit, remote, arbitrary, shell, php, code execution
advisories | CVE-2020-24948
SHA-256 | 6976952649b949f1c677f4557fec06bb177e699a8fe16b809dfddb9cd2ec1b25
Apache Flink 1.11.0 Arbitrary File Read / Directory Traversal
Posted Jan 8, 2021
Authored by SunCSR, Hoa Nguyen, 0rich1 | Site metasploit.com

This Metasploit module exploits an unauthenticated directory traversal vulnerability in Apache Flink version 1.11.0.

tags | exploit
advisories | CVE-2020-17519
SHA-256 | 79df4302ec4ea436f7e67026dddc838b8aa4610460bb6f8baa402ecd0a91ba4d
WordPress W3 Total Cache 0.9.3 File Read / Directory Traversal
Posted Dec 22, 2020
Authored by SunCSR, Hoa Nguyen, VinhJAXT | Site metasploit.com

This Metasploit module exploits an unauthenticated directory traversal vulnerability in WordPress plugin W3 Total Cache version 0.9.2.6 through 0.9.3, allowing arbitrary file read with the web server privileges.

tags | exploit, web, arbitrary
advisories | CVE-2019-6715
SHA-256 | b1fd7066d25604160753e81eec4934df777ae2201da72af60ddf06186600cd4d
WordPress Duplicator 1.3.26 Directory Traversal / File Read
Posted Dec 18, 2020
Authored by Hoa Nguyen, Ramuel Gall | Site metasploit.com

This Metasploit module exploits an unauthenticated directory traversal vulnerability in WordPress Duplicator plugin versions 1.3.24 through 1.3.26, allowing arbitrary file read with the web server privileges. This vulnerability was being actively exploited when it was discovered.

tags | exploit, web, arbitrary, file inclusion
advisories | CVE-2020-11738
SHA-256 | 4ea50cf867ab79c361dd72e12949f0f0d61e20bd60dd59c1e49252679fd3c7a8
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close