Showing 1 - 7 of 7

Files from Hoa Nguyen

First Active	2020-12-18
Last Active	2021-06-28

WordPress wpDiscuz 7.0.4 Shell Upload: Posted Jun 28, 2021; Authored by Hoa Nguyen, Chloe Chamberland | Site metasploit.com; This Metasploit module exploits an arbitrary file upload in the WordPress wpDiscuz plugin versions from 7.0.0 through 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable server.; tags | exploit, remote, arbitrary, php, code execution, file upload; advisories | CVE-2020-24186; SHA-256 | fab2eeb88db6a1f9b11eed6c490a6ca021dd6f8237a47b405d41bd041a36af45; Download | Favorite | View

Simple JobBoard Authenticated File Read: Posted Jan 21, 2021; Authored by SunCSR, Hoa Nguyen, Arcangelo Saracino | Site metasploit.com; This Metasploit module exploits an authenticated directory traversal vulnerability in WordPress plugin Simple JobBoard versions prior to 2.9.3 to perform an arbitrary file read with the web server privileges.; tags | exploit, web, arbitrary; advisories | CVE-2020-35749; SHA-256 | 6496c8aa6342663e882ec2f4a0d63167dcd9c32f65f07c081d82e365efcf4f8d; Download | Favorite | View

WordPress wpDiscuz 7.0.4 Shell Upload: Posted Jan 8, 2021; Authored by Hoa Nguyen, Chloe Chamberland | Site metasploit.com; This Metasploit module exploits an arbitrary file upload in the WordPress wpDiscuz plugin version 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable server.; tags | exploit, remote, arbitrary, php, code execution, file upload; SHA-256 | 187052df5b77471af6ad467ad2dc057df0f9c9a641dd2c9d116e4f60896dcc30; Download | Favorite | View

WordPress Autoptimize Shell Upload: Posted Jan 8, 2021; Authored by Hoa Nguyen, Thien Ngo, Khanh Nguyen | Site metasploit.com; WordPress Autoptimize plugin suffers from a remote shell upload vulnerability. The ao_ccss_import AJAX call does not ensure that the file provided is a legitimate zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote code execution.; tags | exploit, remote, arbitrary, shell, php, code execution; advisories | CVE-2020-24948; SHA-256 | 6976952649b949f1c677f4557fec06bb177e699a8fe16b809dfddb9cd2ec1b25; Download | Favorite | View

Apache Flink 1.11.0 Arbitrary File Read / Directory Traversal: Posted Jan 8, 2021; Authored by SunCSR, Hoa Nguyen, 0rich1 | Site metasploit.com; This Metasploit module exploits an unauthenticated directory traversal vulnerability in Apache Flink version 1.11.0.; tags | exploit; advisories | CVE-2020-17519; SHA-256 | 79df4302ec4ea436f7e67026dddc838b8aa4610460bb6f8baa402ecd0a91ba4d; Download | Favorite | View

WordPress W3 Total Cache 0.9.3 File Read / Directory Traversal: Posted Dec 22, 2020; Authored by SunCSR, Hoa Nguyen, VinhJAXT | Site metasploit.com; This Metasploit module exploits an unauthenticated directory traversal vulnerability in WordPress plugin W3 Total Cache version 0.9.2.6 through 0.9.3, allowing arbitrary file read with the web server privileges.; tags | exploit, web, arbitrary; advisories | CVE-2019-6715; SHA-256 | b1fd7066d25604160753e81eec4934df777ae2201da72af60ddf06186600cd4d; Download | Favorite | View

WordPress Duplicator 1.3.26 Directory Traversal / File Read: Posted Dec 18, 2020; Authored by Hoa Nguyen, Ramuel Gall | Site metasploit.com; This Metasploit module exploits an unauthenticated directory traversal vulnerability in WordPress Duplicator plugin versions 1.3.24 through 1.3.26, allowing arbitrary file read with the web server privileges. This vulnerability was being actively exploited when it was discovered.; tags | exploit, web, arbitrary, file inclusion; advisories | CVE-2020-11738; SHA-256 | 4ea50cf867ab79c361dd72e12949f0f0d61e20bd60dd59c1e49252679fd3c7a8; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days