This Metasploit module an arbitrary file upload and code execution vulnerability in Uploadify.
a6f12738518c4ce18f38b79ba62f721ae6a586c334e491f20b73787b6ac9b356Feindura CMS version 2.0.4 suffers from a remote PHP shell upload vulnerability.
ecdc36ddddd1f08e0556a367db6dfb88df06cfe8bcf67905c47bfa7040e0a29bHavalite version 1.1.7 suffers from cross site scripting and shell upload vulnerabilities. Some of these are known issues but the author has included a Metasploit module that demonstrates the shell upload vulnerability.
b16f36dc19e8d0743633a1a4d99736d1d3e32acb6b946225ecccce25b7379adeWeb@All CMS version 2.0 suffers from remote shell upload and local file inclusion vulnerabilities.
89fe4d72c6e0633b4f99cb3605416a0313e9dc5ff6be7db1ec4dabe98a5e2d7261 bytes small Unix/x86 reverse shell TCP port 30 shellcode.
a9c4dce2bac819a7c3727dbb9373b2ad7d3a42ec3a4b4326b3d68c91e79d8c9dXoops module extgallery version 1.0.8 suffers from shell upload and file download vulnerabilities.
efd88a83367f65c5f985484f2a284435e4bff9c2448221292782b342964edd58This Metasploit module exploits an arbitrary PHP File Upload and Code Execution flaw in some WordPress blog software plugins. The vulnerability allows for arbitrary file upload and remote code execution POST Data to Vulnerable Script/File in the plugin.
b0f467c2f9513aea9fd89d25f94d00be23be09c42cfc54f3bbc14d023bf918cfChyrp version 2.1.2 suffers from shell upload and blind SQL injection vulnerabilities.
e287513c0cbb0dcc32a8b6b9e7fb601aed6506581291ac9d0276249d744f6812WordPress Katalyst Timthumb plugin version 1.0 suffers from a remote shell upload vulnerability.
bb46b34f899224734d5a56a9e1990f7732880b333f1cf0d3704ee29b7ec80813Zimplit CMS version 3.0 suffers from cross site request forgery, local file inclusion, and remote shell upload vulnerabilities.
d687242f45ad944f038ec802f8b8dca7bd6897fa90332f14a9e5e39818973784The Joomla Joomsport component suffers from remote shell upload and remote SQL injection vulnerabilities.
e9a76ab29955a0166d426cadbc1fb84359eeca77c4401ff86095bc6d467591eeThe XoopsCube FileManager module suffers from a remote shell upload vulnerability.
a9ac7d70fc41409ef34e23c595566b5d39812245a10314c96b4d2144cbe481efWordPress WP Easy Gallery plugin version 1.8 suffers from a remote shell upload vulnerability.
8708a0229d8e3a219d0453c71acd6c833c8bd82aad0dd4b8bc7581d531a0648cWordPress ImageDrop version 1.1.2 suffers from a remote blind SQL injection vulnerability.
929d96fbea46ad77a8ffaf61d68d7b45be6933347b445989f0cdbe2ca946c103WordPress SS-Downloads plugin version 1.4.3 suffers from cross site request forgery and file disclosure vulnerabilities.
f3dcba6853387ae2e9f0e6e00ca447dcb176d0b3a7a487ae1dbc3387c7d6c81fZoph version 0.9pre2 suffers from cross site request forgery, remote file disclosure, and remote blind SQL injection vulnerabilities.
865a2df0f072694ea17b80a8230b7ca7e96ee5bb8f33c6a27d742f75a8af1e29TinyCMS version 1.3 suffers from cross site request forgery, file upload, and local file inclusion vulnerabilities.
33264e933a369719404982af97acd9acf0325409d6a5a63d9aba45c2297777a0AdaptCMS version 2.0.2 (TinyURL) suffers from multiple remote SQL injection vulnerabilities.
ecc9c9dc887b3df0475b0f5e46b2f86ca3d6efa6d62a9d722afa1e8502476d61TYPO3 version 4.7 suffers from a cross site request forgery vulnerability.
c80632c90b1ac04efcd7f77e078df6219065d85fb6eba49067507d5de0f365e5This Metasploit module exploits a vulnerability in the TinyMCE/tinybrowser plugin. This plugin is not secured in version 0.9 of VAMCart and allows the upload of files on the remote server. By renaming the uploaded file this vulnerability can be used to upload/execute code on the affected system.
2f631d7a476c9b413ae2de8686ab1f98d4e0e9c4ff4f224e34949b05e6bbf3c0VANCart-InternetShop version 0.9 suffers from cross site request forgery and shell upload vulnerabilities.
a3d1a0eb4bb484d54b974426fd346ef862dfc26b4788bc1577f86886d324b2b8This Metasploit module exploits multiple cross site request forgery (CSRF) vulnerabilities in admin.php in PBBoard 2.1.4 to allow for arbitrary file upload / command execution.
f39d87cd2d0ecdc33b13e8ce46c0cbdb325accad08219c2178ea9f86295312c7This Metasploit module exploits a vulnerability found in Dorn Content Management Script (CMS), version 1.4. By abusing the add_page.php file, the attacker can upload/add a new file (.php) to the /cms/pages/ directory without any authentication, which results in arbitrary code execution.
d9e8467b701cbfb9bbe903c58d26bef4b2a9541424f51ceb8b51542282f6f250DynPage version 1.0 suffers from cross site request forgery and shell upload vulnerabilities.
37621a0070cbaef6aa5d4f64bb886aef4c1af19162680673b6c79897100c5b03Ajaxmint-Gallery version 1.0 suffers from a cross site request forgery vulnerability.
75aab5ec49b45f29fd9cd17396f521f35a6baa0bb85bb434c5e2a2a7d7f276d2
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed