exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 100 RSS Feed

Files

Tiki Wiki 15.1 Unauthenticated File Upload
Posted Jul 12, 2016
Authored by Mehmet Ince | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in Tiki Wiki versions 15.1 and below which could be abused to allow unauthenticated users to execute arbitrary code under the context of the web server user. The issue comes with one of the 3rd party components. Name of that components is ELFinder -version 2.0-. This components comes with default example page which demonstrates file operations such as upload, remove, rename, create directory etc. Default configuration does not force validations such as file extension, content-type etc. Thus, unauthenticated user can upload PHP file. The exploit has been tested on Debian 8.x 64-bit and Tiki Wiki 15.1.

tags | exploit, web, arbitrary, php, file upload
systems | linux, debian
SHA-256 | f88afc6f681b7accefabd167d71cdc67a68314ed8f27fa9389816223e5aa4fb6

Related Files

Secunia Security Advisory 47968
Posted Feb 15, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in the Halo extension for Semantic MediaWiki, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 43b4095cf6075f045a4a76bc255ef4b7e9d436f6fa786a57f34ca87ce11663b2
RabbitWiki Cross Site Scripting
Posted Feb 10, 2012
Authored by Sony

RabbitWiki suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 26dd268bf32582bf13d46198cbec95081c9bdfc20d056a0f58226f8737ee29d3
ProWiki Cross Site Scripting
Posted Feb 10, 2012
Authored by Sony

ProWiki suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d60aa738c24e63904bdff955209aa790dbb4e3c2aea9eb067f3329024a86c6b0
PicoWiki Cross Site Scripting
Posted Feb 8, 2012
Authored by Sony

PicoWiki suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 2db3290ae0be6fa125ed88ed8f0318a1dc8e786e0e2969c2f3a3f06b127a64c6
SeedWiki Cross Site Scripting
Posted Feb 8, 2012
Authored by Sony

SeedWiki suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 1a12cad44e82e05238c838bcf67770785d828dbd08995a67cc6ea5e172658144
Brainkeeper Enterprise Wiki Cross Site Scripting
Posted Feb 7, 2012
Authored by Sony

Brainkeeper Enterprise Wiki suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 7b8b5eac1b2aedafb23a81945c6fcdbc804b7457d6c2c26bede2f8baa1281d50
Secunia Security Advisory 47885
Posted Feb 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Sony has discovered two vulnerabilities in XWiki Enterprise, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory, vulnerability
SHA-256 | 6f7989f4e88135641212ffca3a37ad5e24d10b52ee50d373576a67805eab964c
Secunia Security Advisory 47907
Posted Feb 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - flyh4t has discovered a vulnerability in HDWiki, which can be exploited by malicious users to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | f8c0f70f07d5c26d7b87217eca0b503b70c4268e31a6dec8ae5d5ca5fd4396a2
XWiki Enterprise 3.4 Cross Site Scripting
Posted Feb 5, 2012
Authored by Sony

XWiki Enterprise version 3.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 488e3e2f9cda2bffc248f4417be270c003838d7fd6841f9ce325effa416744da
Secunia Security Advisory 47849
Posted Feb 4, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Sony has discovered multiple vulnerabilities in Foswiki, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory, vulnerability
SHA-256 | 0d9110fd69486bd4612d2eae4a48b3876fb0090f3919382f18726088fb3f1374
Foswiki Cross Site Scripting
Posted Feb 3, 2012
Authored by Sony

Foswiki suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 6be24141745459eeaf32cb631743a60b84dd0d2249f8beb4e3273f5e3033b9b9
Secunia Security Advisory 47784
Posted Feb 1, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Sony has discovered a vulnerability in TWiki, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory
SHA-256 | f64cc8adc1dddbce55ccae27b4066d9b7aeebdbc4890ed6fe0fa4c6898bb6d21
TWiki Cross Site Scripting
Posted Jan 31, 2012
Authored by Sony

TWiki suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 20fa13f95c0cbab3ce12b40327deb0594b221c8360e43b8dd5b2b43d7b2db51d
Secunia Security Advisory 47547
Posted Jan 12, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been reported in MediaWiki, which can be exploited by malicious users to disclose certain sensitive information.

tags | advisory
SHA-256 | 775da8d69140823f05f851b25f94ae135fa84e56bc37098a1c3886382e4116ae
Secunia Security Advisory 47394
Posted Dec 26, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in PukiWiki Plus!, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | d3251d2dd93f7148e18669fa0f35664c23a19f47f3f77f5da4bda745d0c660c5
Secunia Security Advisory 47320
Posted Dec 23, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Tiki Wiki CMS/Groupware, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
SHA-256 | e09495fbd2214dc75e8da3a79c84401071d4d268c8ea782bfef8dab078f6929c
PmWiki 2.2.34 Remote PHP Code Injection Exploit
Posted Dec 23, 2011
Authored by EgiX, TecR0c | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in PmWiki from 2.0.0 to 2.2.34. The vulnerable function is inside /scripts/pagelist.php.

tags | exploit, arbitrary, php
advisories | CVE-2011-4453, OSVDB-77261
SHA-256 | 2a414aa71e3429752f31a3f9f0ad17a08f3c3d290b612cfb08bbb15b1b14dea3
Tiki Wiki CMS Groupware 8.2 Code Injection
Posted Dec 23, 2011
Authored by EgiX

Tiki Wiki CMS Groupware versions 8.2 and below suffer from a remote PHP code injection vulnerability in snarf_ajax.php.

tags | exploit, remote, php
advisories | CVE-2011-4558
SHA-256 | b7307f459df54b9ed0978af284f064b18dafbeb2458c69e4c3625d1e42e39172
Secunia Security Advisory 47278
Posted Dec 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Tiki Wiki CMS, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | b60d739dacc7880ef2608db103dbc6c1bbc60678d809f8157fd60833ad8e3f67
Tiki Wiki CMS Groupware 8.1 / 6.4 LTS Cross Site Scripting
Posted Dec 20, 2011
Authored by Stefan Schurtz

Tiki Wiki CMS Groupware versions 8.1 and 6.4 LTS suffer from a stored cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2011-4551
SHA-256 | b6a4a107433a40e17f0035aef8bc745879ef539726e9eb3576090bc83cbb1b15
Secunia Security Advisory 47300
Posted Dec 20, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for mediawiki. This fixes a weakness and multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting attacks, and bypass certain security restrictions.

tags | advisory, vulnerability, xss
systems | linux, debian
SHA-256 | 19d04293fa172c609b1fa9c165afe59e14983b067a3ff7c42c5c465988b865d1
Debian Security Advisory 2366-1
Posted Dec 19, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2366-1 - Several problems have been discovered in mediawiki, a website engine for collaborative work.

tags | advisory
systems | linux, debian
advisories | CVE-2011-1578, CVE-2011-1579, CVE-2011-1580, CVE-2011-1587, CVE-2011-4360, CVE-2011-4361
SHA-256 | ccb031f863a8654a0610e5409cb9c19e529fd52f0871028b9a316b81212caeb2
Secunia Security Advisory 47034
Posted Dec 2, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness and multiple vulnerabilities have been discovered in WikkaWiki, which can be exploited by malicious users to manipulate certain data, conduct SQL injection attacks, and compromise a vulnerable system and by malicious people to disclose potentially sensitive information, conduct cross-site request forgery attacks, and compromise a vulnerable system.

tags | advisory, vulnerability, sql injection, csrf
SHA-256 | e5a93194dfc6194724e47228d93b5a78e44361852c00364d72ab21a05d0ceec5
WikkaWiki 1.3.2 Code Execution / Shell Upload / SQL Injection
Posted Nov 30, 2011
Authored by EgiX

WikkaWiki versions 1.3.2 and below suffers from remote SQL injection, unrestricted file upload, arbitrary file download, arbitrary file deletion, remote code execution and cross site request forgery vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, code execution, sql injection, file upload, csrf
advisories | CVE-2011-4448, CVE-2011-4449, CVE-2011-4450, CVE-2011-4451, CVE-2011-4452
SHA-256 | f5f16ff3f59901b3991fb94563c0b39bd9eee2fd825e6f8c81aec203ea470e7a
Secunia Security Advisory 47029
Posted Nov 29, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been discovered in MediaWiki, which can be exploited by malicious people to disclose potentially sensitive information.

tags | advisory
SHA-256 | eab1460e815df3c81f3c05efeb5772a907419c9eebc789c0167750eafd35051d
Page 2 of 4
Back1234Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close