Showing 26 - 49 of 49

Files from Kacper Szurek

First Active	2014-11-20
Last Active	2018-07-17

phpMyFAQ 2.9.0 Cross Site Scripting: Posted Jun 9, 2016; Authored by Kacper Szurek; phpMyFAQ version 2.9.0 suffers from a persistent cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 689de19daf66f0242804f0df49c4ccacb8627d0a227c57d7faf13fa652c312e3; Download | Favorite | View

WordPress Double Opt-In For Download 2.0.9 SQL Injection: Posted Jun 6, 2016; Authored by Kacper Szurek; WordPress Double Opt-In for Download plugin version 2.0.9 suffers from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; SHA-256 | 0226b1b453f118f1f711f249c36c8f3895903e6f6bf4839c1156a436f8b476ed; Download | Favorite | View

Tiny Tiny RSS Blind SQL Injection: Posted Feb 15, 2016; Authored by Kacper Szurek; Tiny Tiny RSS suffers from a remote blind SQL injection vulnerability.; tags | exploit, remote, sql injection; SHA-256 | 234ab4e2f028e31495353f74411342081e06baeaa0ecb8070c1e52a9482835b8; Download | Favorite | View

WordPress Simple Ads Manager 2.9.4.116 SQL Injection: Posted Dec 30, 2015; Authored by Kacper Szurek; WordPress Simple Ads Manager plugin version 2.9.4.116 suffers from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; SHA-256 | c3225024050bfa8485a3aa261ef44cdbf1842789ed7f02486760b470ce90f477; Download | Favorite | View

WordPress Admin Management Xtended 2.4.0 Privilege Escalation: Posted Dec 14, 2015; Authored by Kacper Szurek; WordPress Admin Management Xtended plugin version 2.4.0 suffers from a privilege escalation vulnerability.; tags | exploit; SHA-256 | 9b362b9ab07bf2eed14ac27b13523e29a163c28f80ec38b876dcdb55af0d6696; Download | Favorite | View

WP Fastest Cache 0.8.4.8 Blind SQL Injection: Posted Nov 12, 2015; Authored by Kacper Szurek; WordPress WP Fastest Cache plugin version 0.8.4.8 suffers from a remote blind SQL injection vulnerability.; tags | exploit, remote, sql injection; SHA-256 | 6aaa25369dc28e64c704e16742bd0b7ed07bbfcf0895809f6c442cf2f847c015; Download | Favorite | View

WordPress Video Gallery 2.7 SQL Injection: Posted Aug 9, 2015; Authored by Kacper Szurek; WordPress Video Gallery plugin version 2.7 suffers from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; SHA-256 | 2f2343418b44a8cbf6e32ee30a625bddcc69622f5d3abcc9f76b1fdbd3675567; Download | Favorite | View

FreiChat 9.6 SQL Injection: Posted Jul 14, 2015; Authored by Kacper Szurek; FreiChat version 9.6 suffers from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; SHA-256 | 340c717fd761abf304ec7c246e204eb9f11ad8a6f4c06aabb383e69a76994e3a; Download | Favorite | View

WordPress Floating Social Bar 1.1.5 Cross Site Scripting: Posted Jul 14, 2015; Authored by Kacper Szurek; WordPress Floating Social Bar version 1.1.5 suffers from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | e3d25f5373a83dae455e18baf666848ac55bb72a48e1200252f0f83bc659910d; Download | Favorite | View

Pluck CMS 4.7.2 Directory Traversal: Posted May 21, 2015; Authored by Kacper Szurek; Pluck CMS version 4.7.2 suffers from a directory traversal vulnerability.; tags | exploit, file inclusion; SHA-256 | 7c7078ee34086c1d03364e33d9933840fb1aa284905363a1dd5744811240593f; Download | Favorite | View

WordPress Shareaholic 7.6.0.3 Cross Site Scripting: Posted Apr 7, 2015; Authored by Kacper Szurek; WordPress Shareaholic plugin version 7.6.0.3 suffers from a cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2014-9311; SHA-256 | 997d301bcb1116b79c1053692c79b280561e1e4b1955e5e2bd58e3055a40aadc; Download | Favorite | View

WordPress Marketplace 2.4.0 Add Administrator: Posted Mar 25, 2015; Authored by Claudio Viviani, Kacper Szurek; WordPress Marketplace plugin version 2.4.0 add administrator exploit that leverages a vulnerability that allows an attacker to execute any php function unauthenticated.; tags | exploit, php; SHA-256 | ac59d4a9526b37f10ef94defac072ade2a47ac7bfca88a79255e93f826142f61; Download | Favorite | View

WordPress Marketplace 2.4.0 Arbitrary File Download: Posted Mar 25, 2015; Authored by Kacper Szurek; WordPress Marketplace version 2.4.0 suffers from an arbitrary file download vulnerability.; tags | exploit, arbitrary; advisories | CVE-2014-9013, CVE-2014-9014; SHA-256 | ff5c9bca6be4f917e44ba3f43280d1887e3442049bcb78dc75cd7e35100af664; Download | Favorite | View

Codoforum 2.5.1 Arbitrary File Download: Posted Mar 10, 2015; Authored by Kacper Szurek; Codoforum version 2.5.1 suffers from an arbitrary file download vulnerability.; tags | exploit, arbitrary, info disclosure; advisories | CVE-2014-9261; SHA-256 | 2511ecea404416465ad294b78f8909c3c96ecbc68f034d3db2a6724194814c4d; Download | Favorite | View

WordPress Download Manager 2.7.2 Privilege Escalation: Posted Mar 6, 2015; Authored by Kacper Szurek; WordPress Download Manager plugin version 2.7.2 suffers from a privilege escalation vulnerability.; tags | exploit; advisories | CVE-2014-9260; SHA-256 | 532e5c85161b48d4be5a0eb89931a07b27372c263c1bbdbc5744cd1861be2d21; Download | Favorite | View

WordPress Duplicator 0.5.8 Privilege Escalation: Posted Feb 18, 2015; Authored by Kacper Szurek; WordPress Duplicator plugin version 0.5.8 suffers from a backup related vulnerability that allows for privilege escalation.; tags | exploit; SHA-256 | 2686c6ec8e9b41b2a83e9491f36cd0847817a7f345ec9514fe10d88a6c1b1be1; Download | Favorite | View

WordPress Photo Gallery 1.2.5 Unrestricted File Upload: Posted Feb 12, 2015; Authored by Kacper Szurek | Site metasploit.com; Photo Gallery Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the photo-gallery\photo-gallery.php script allows access to filemanager\UploadHandler.php. The post() method in UploadHandler.php; tags | exploit, remote, arbitrary, php; advisories | CVE-2014-9312; SHA-256 | f02ad987ed7f1dad396989d5468e155f2bca868059ecd59d3ac73240b22cd297; Download | Favorite | View

WordPress WP EasyCart Unrestricted File Upload: Posted Feb 9, 2015; Authored by Kacper Szurek | Site metasploit.com; WordPress Shopping Cart (WP EasyCart) Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /inc/amfphp/administration/banneruploaderscript.php script does not properly verify or sanitize user-uploaded files. By uploading a .php file, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the attacker to execute the script with the privileges of the web server. In versions 3.0.8 and below authentication can be done by using the WordPress credentials of a user with any role. In later versions, a valid EasyCart admin password will be required that is in use by any admin user. A default installation of EasyCart will setup a user called "demouser" with a preset password; tags | exploit, remote, web, arbitrary, php; SHA-256 | 0495c750468ab31d70256f4e711a288852e5ea85871a98e83de8ce2b6b4ee15d; Download | Favorite | View

Chamilo LMS 1.9.8 Blind SQL Injection: Posted Feb 9, 2015; Authored by Kacper Szurek; Chamilo LMS version 1.9.8 suffers from remote blind SQL injection and cross site request forgery vulnerabilities.; tags | exploit, remote, vulnerability, sql injection, csrf; SHA-256 | ec57fb93efd3c6b7a858d17d03b5e0c158f84d570f58b7291ec988c1509bc7de; Download | Favorite | View

Photo Gallery 1.2.5 Shell Upload: Posted Jan 26, 2015; Authored by Kacper Szurek; Photo Gallery version 1.2.5 suffers from a remote shell upload vulnerability.; tags | exploit, remote, shell; advisories | CVE-2014-9312; SHA-256 | cccaa6d7d8925aad8a70eeff4842b9b5c3c554891b45ac03b8d34ce6dcd33cff; Download | Favorite | View

WordPress Shopping Cart 3.0.4 Unrestricted File Upload: Posted Jan 9, 2015; Authored by Kacper Szurek; WordPress Shopping Cart plugin version 3.0.4 suffers from a remote unrestricted file upload vulnerability.; tags | exploit, remote, file upload; advisories | CVE-2014-9308; SHA-256 | 03ffee15380538723ae5cfad12dd43da2119095c9012a3d59aa6577b8e1a8c0e; Download | Favorite | View

miniBB 3.1 Blind SQL Injection: Posted Dec 20, 2014; Authored by Kacper Szurek; miniBB version 3.1 suffers from a remote blind SQL injection vulnerability.; tags | exploit, remote, sql injection; advisories | CVE-2014-9254; SHA-256 | e5da1d18bf539a350dd613c18592c5f2c52ece3839b3a480990d86cd2ceb3e87; Download | Favorite | View

Cart66 Lite WordPress Ecommerce 1.5.1.17 SQL Injection: Posted Dec 4, 2014; Authored by Kacper Szurek; Cart66 Lite WordPress Ecommerce version 1.5.1.17 suffers from a remote blind SQL injection vulnerability.; tags | exploit, remote, sql injection; SHA-256 | 4fb05eedaa532058269bb78223e35bd39148a0c67cf0e6bb0632b20abde31ce7; Download | Favorite | View

Paid Memberships Pro 1.7.14.2 Path Traversal: Posted Nov 20, 2014; Authored by Kacper Szurek; Paid Memberships Pro version 1.7.14.2 suffers from a path traversal vulnerability.; tags | exploit, file inclusion; advisories | CVE-2014-8801; SHA-256 | 4e6d1b287ebd0d181c3762de6568c6062d1da3e10e5905bef16c7bcb93e2e928; Download | Favorite | View

Page 2 of 2 Back 1 2 Next

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Files from Kacper Szurek

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems