exploit the possibilities
Showing 1 - 12 of 12 RSS Feed

Files

WordPress Better WP Security Cross Site Scripting
Posted May 11, 2012
Authored by SiNA Rabbani

The WordPress Better WP Security plugin suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 8815696b8508be792ff1cb5c86c07238

Related Files

WordPress cache_lastpostdate Arbitrary Code Execution
Posted Mar 24, 2015
Authored by H D Moore, str0ke | Site metasploit.com

This Metasploit module exploits an arbitrary PHP code execution flaw in the WordPress blogging software. This vulnerability is only present when the PHP 'register_globals' option is enabled (common for hosting providers). All versions of WordPress prior to 1.5.1.3 are affected.

tags | exploit, arbitrary, php, code execution
advisories | CVE-2005-2612, OSVDB-18672
MD5 | 6587a07ae6fb8103545737bc7a447633
WordPress Foxypress uploadify.php Arbitrary Code Execution
Posted Mar 24, 2015
Authored by patrick, Sammy FORGIT | Site metasploit.com

This Metasploit module exploits an arbitrary PHP code execution flaw in the WordPress blogging software plugin known as Foxypress. The vulnerability allows for arbitrary file upload and remote code execution via the uploadify.php script. The Foxypress plugin versions 0.4.1.1 to 0.4.2.1 are vulnerable.

tags | exploit, remote, arbitrary, php, code execution, file upload
MD5 | 3a487527cd2c26d67722a8add1279d90
WordPress Better WP Security 3.6.3 XSS / Disclosure
Posted Feb 15, 2014
Authored by Yashar shahinzadeh

WordPress Better WP Security plugin version 3.6.3 suffers from information disclosure and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
MD5 | 438df759354cc83c6e31939db21c4c49
WordPress Google Document Embedder Arbitrary File Disclosure
Posted Jan 8, 2013
Authored by Charlie Eriksen | Site metasploit.com

This Metasploit module exploits an arbitrary file disclosure flaw in the WordPress blogging software plugin known as Google Document Embedder. The vulnerability allows for database credential disclosure via the /libs/pdf.php script. The Google Document Embedder plug-in versions 2.4.6 and below are vulnerable. This exploit only works when the MySQL server is exposed on a accessible IP and Wordpress has filesystem write access. Please note: The admin password may get changed if the exploit does not run to the end.

tags | exploit, arbitrary, php
advisories | CVE-2012-4915, OSVDB-88891
MD5 | ee30223d772139ccdbf4268e1f3f30d2
WordPress Advanced Custom Fields Remote File Inclusion
Posted Jan 3, 2013
Authored by Charlie Eriksen | Site metasploit.com

This Metasploit module exploits a remote file inclusion flaw in the WordPress blogging software plugin known as Advanced Custom Fields. The vulnerability allows for remote file inclusion and remote code execution via the export.php script. The Advanced Custom Fields plug-in versions 3.5.1 and below are vulnerable. This exploit only works when the php option allow_url_include is set to On (Default Off).

tags | exploit, remote, php, code execution, file inclusion
advisories | OSVDB-87353
MD5 | e52b09ced8b21fbf750da694d8e2c3b4
WordPress BBPress SQL Injection / Path Disclosure
Posted Aug 31, 2012
Authored by Dark-Puzzle

The WordPress BBPress third party plugin suffers from path disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure
MD5 | ee59ac0508c0fe04fde47049dc5864ea
WordPress plugin Foxypress uploadify.php Arbitrary Code Execution
Posted Jun 12, 2012
Authored by patrick, Sammy FORGIT | Site metasploit.com

This Metasploit module exploits an arbitrary PHP code execution flaw in the WordPress blogging software plugin known as Foxypress. The vulnerability allows for arbitrary file upload and remote code execution via the uploadify.php script. The Foxypress plug-in versions 0.4.2.1 and below are vulnerable.

tags | exploit, remote, arbitrary, php, code execution, file upload
advisories | OSVDB-82652
MD5 | 8c50f2bfa40aad8ebf46982e05fc4018
WordPress Bad Behavior Cross Site Scripting
Posted May 11, 2012
Authored by SiNA Rabbani

The WordPress Bad Behavior plugin suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | f0c5562e696b901aa51c618be2710f59
WordPress BulletProof Security Cross Site Scripting
Posted May 11, 2012
Authored by SiNA Rabbani

The WordPress BulletProof Security plugin suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | dee59fef8f9994fec18f71fd16c87931
WordPress BackWPup 1.6.1 Code Execution
Posted Mar 28, 2011
Authored by Phil Taylor | Site senseofsecurity.com.au

The WordPress BackWPup plugin version 1.6.1 suffers from a vulnerability that allows for local or remote code to be executed.

tags | exploit, remote, local
MD5 | fd9e244bbdfce5b50bc7f7d1134ab287
WordPress cache_lastpostdate Arbitrary Code Execution
Posted Oct 30, 2009
Authored by str0ke

This Metasploit module exploits an arbitrary PHP code execution flaw in the WordPress blogging software. This vulnerability is only present when the PHP 'register_globals' option is enabled (common for hosting providers). All versions of WordPress prior to 1.5.1.3 are affected.

tags | exploit, arbitrary, php, code execution
advisories | CVE-2005-2612
MD5 | f0c5a85b146ef22ce67312366495cb42
wp-compromise.txt
Posted Mar 8, 2007
Authored by Ivan Fratric

It appears that the WordPress blogging software was compromised and backdoored on Feb 25th, 2007 on the WordPress site.

tags | exploit
MD5 | f35a0b1a03674d0546e774db9d353d4d
Page 1 of 1
Back1Next

File Archive:

April 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    60 Files
  • 2
    Apr 2nd
    20 Files
  • 3
    Apr 3rd
    10 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    0 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    0 Files
  • 9
    Apr 9th
    0 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close