exploit the possibilities
Showing 1 - 19 of 19 RSS Feed

Files from Ron Jost

First Active2021-05-24
Last Active2021-07-26
WordPress SP Project And Document Remote Code Execution
Posted Jul 26, 2021
Authored by Ron Jost, Yann Castel | Site metasploit.com

This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in WordPress SP Project and Document plugin versions prior to 4.22. The security check only searches for lowercase file extensions such as .php, making it possible to upload .pHP files for instance. Finally, the uploaded payload can be triggered by a call to /wp-content/uploads/sp-client-document-manager/<user_id>/<random_payload_name>.php.

tags | exploit, arbitrary, shell, php, file upload
advisories | CVE-2021-24347
MD5 | d73daa7ac6681410691920aff7640598
WordPress Modern Events Calendar Remote Code Execution
Posted Jul 26, 2021
Authored by Ron Jost, Yann Castel, Nguyen Van Khanh | Site metasploit.com

This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in WordPress Modern Events Calendar plugin versions prior to 5.16.5. This is due to an incorrect check of the uploaded file extension. Indeed, by using text/csv content-type in a request, it is possible to upload a .php payload as is is not forbidden by the plugin. Finally, the uploaded payload can be triggered by a call to /wp-content/uploads/<random_payload_name>.php.

tags | exploit, arbitrary, shell, php, file upload
advisories | CVE-2021-24145
MD5 | 75b29e689541f825031d9308d2c36b24
WordPress Backup Guard Authenticated Remote Code Execution
Posted Jul 21, 2021
Authored by Ron Jost, Nguyen Van Khanh | Site metasploit.com

This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in Wordpress plugin Backup Guard versions prior to 1.6.0. This is due to an incorrect check of the uploaded file extension which should be of SGBP type. Then, the uploaded payload can be triggered by a call to /wp-content/uploads/backup-guard/<random_payload_name>.php.

tags | exploit, arbitrary, shell, php, file upload
advisories | CVE-2021-24155
MD5 | a13b79ee96d9f6b0f86db446a8c091a9
WordPress SP Project And Document Manager 4.21 Shell Upload
Posted Jul 8, 2021
Authored by Ron Jost

WordPress SP Project and Document Manager plugin version 4.21 suffers from a remote shell upload vulnerability.

tags | exploit, shell
advisories | CVE-2021-24347
MD5 | 2b2c3c8691137157e2a48f7efcdd8a79
WordPress Backup Guard 1.5.8 Shell Upload
Posted Jul 5, 2021
Authored by Ron Jost

WordPress Backup Guard plugin version 1.5.8 remote shell upload exploit.

tags | exploit, remote, shell
advisories | CVE-2021-24155
MD5 | 75b99c3a3102d89bce9985d105ebe3a3
WordPress Modern Events Calendar 5.16.2 Shell Upload
Posted Jul 2, 2021
Authored by Ron Jost

WordPress Modern Events Calendar plugin version 5.16.2 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2021-24145
MD5 | 5a5caeecf04e79df2ea2756a6bc28fde
WordPress Modern Events Calendar 5.16.2 Information Disclosure
Posted Jul 2, 2021
Authored by Ron Jost

WordPress Modern Events Calendar plugin version 5.16.2 suffers from an issue where unauthenticated parties can export all event data.

tags | exploit, info disclosure
advisories | CVE-2021-24146
MD5 | 6efc8a4724dc0a980761c66c25d05189
WordPress XCloner 4.2.12 Remote Code Execution
Posted Jul 1, 2021
Authored by Ron Jost

WordPress XCloner plugin version 4.2.12 authenticated remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2020-35948
MD5 | 581e68bb604ff584a896a790f85b522f
OpenEMR 5.0.1.7 Path Traversal
Posted Jun 18, 2021
Authored by Ron Jost

OpenEMR version 5.0.1.7 suffers from a path traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2019-14530
MD5 | 9b189b539433dd288cb8f97ef2d49d86
OpenEMR 5.0.1.3 Authentication Bypass
Posted Jun 17, 2021
Authored by Ron Jost

OpenEMR version 5.0.1.3 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2018-15152
MD5 | 0bfdd861dc16d07c1e19d41f3214b08b
OpenEMR 5.0.1.3 Shell Upload
Posted Jun 14, 2021
Authored by Ron Jost

OpenEMR version 5.0.1.3 authenticated remote shell upload exploit.

tags | exploit, remote, shell
advisories | CVE-2018-15139
MD5 | 7700613258c55d87cc8689ab8d49b6f7
OpenEMR 5.0.0 Remote Shell Upload
Posted Jun 11, 2021
Authored by Ron Jost

OpenEMR version 5.0.0 authenticated remote shell upload exploit.

tags | exploit, remote, shell
advisories | CVE-2017-9380
MD5 | 12e2029d683e77944af7d9e8015af08d
Monstra CMS 3.0.4 Remote Code Execution
Posted Jun 4, 2021
Authored by Ron Jost

Monstra CMS version 3.0.4 authenticated remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2018-6383
MD5 | 3ded1d3e9037c9bda38185492e8210ba
GetSimple CMS 3.3.4 Information Disclosure
Posted Jun 2, 2021
Authored by Ron Jost

GetSimple CMS version 3.3.4 suffers from an information disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2014-8722
MD5 | 954698df1ae195237a6d1a9f005c0f3f
Trixbox 2.8.0.4 Remote Code Execution
Posted May 28, 2021
Authored by Ron Jost

Trixbox version 2.8.0.4 has an OS command injection vulnerability that can be leveraged via shell metacharacters in the lang parameter to /maint/modules/home/index.php.

tags | exploit, shell, php
advisories | CVE-2017-14535
MD5 | b20a34f5709b4607d3383fa6db1f537f
Trixbox 2.8.0.4 Path Traversal
Posted May 28, 2021
Authored by Ron Jost

Trixbox version 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.

tags | exploit, php, file inclusion
advisories | CVE-2017-14537
MD5 | ebe53272a318e753d01ffa4b44a12413
Pluck CMS 4.7.13 Remote Shell Upload
Posted May 26, 2021
Authored by Ron Jost

Pluck CMS version 4.7.13 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2020-29607
MD5 | 8cadd74ca3a154c501a026a5b30e8f90
Codiad 2.8.4 Shell Upload
Posted May 26, 2021
Authored by Ron Jost

Codiad version 2.8.4 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2018-19423
MD5 | d3aabce9b795faa267d5b779874bdd9d
Codiad 2.8.4 Remote Code Execution
Posted May 24, 2021
Authored by Ron Jost

Codiad version 2.8.4 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2019-19208
MD5 | 0dbcdaefecfb8baa6728cc0c5caad922
Page 1 of 1
Back1Next

File Archive:

July 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    13 Files
  • 2
    Jul 2nd
    12 Files
  • 3
    Jul 3rd
    1 Files
  • 4
    Jul 4th
    2 Files
  • 5
    Jul 5th
    34 Files
  • 6
    Jul 6th
    21 Files
  • 7
    Jul 7th
    21 Files
  • 8
    Jul 8th
    13 Files
  • 9
    Jul 9th
    6 Files
  • 10
    Jul 10th
    1 Files
  • 11
    Jul 11th
    3 Files
  • 12
    Jul 12th
    15 Files
  • 13
    Jul 13th
    19 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    15 Files
  • 16
    Jul 16th
    9 Files
  • 17
    Jul 17th
    2 Files
  • 18
    Jul 18th
    2 Files
  • 19
    Jul 19th
    19 Files
  • 20
    Jul 20th
    21 Files
  • 21
    Jul 21st
    53 Files
  • 22
    Jul 22nd
    14 Files
  • 23
    Jul 23rd
    14 Files
  • 24
    Jul 24th
    1 Files
  • 25
    Jul 25th
    1 Files
  • 26
    Jul 26th
    21 Files
  • 27
    Jul 27th
    8 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close