exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 100 RSS Feed

Files

Tiki Wiki 15.1 Unauthenticated File Upload
Posted Jul 12, 2016
Authored by Mehmet Ince | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in Tiki Wiki versions 15.1 and below which could be abused to allow unauthenticated users to execute arbitrary code under the context of the web server user. The issue comes with one of the 3rd party components. Name of that components is ELFinder -version 2.0-. This components comes with default example page which demonstrates file operations such as upload, remove, rename, create directory etc. Default configuration does not force validations such as file extension, content-type etc. Thus, unauthenticated user can upload PHP file. The exploit has been tested on Debian 8.x 64-bit and Tiki Wiki 15.1.

tags | exploit, web, arbitrary, php, file upload
systems | linux, debian
SHA-256 | f88afc6f681b7accefabd167d71cdc67a68314ed8f27fa9389816223e5aa4fb6

Related Files

Secunia Security Advisory 44079
Posted Apr 11, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for ikiwiki. This fixes a vulnerability, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
systems | linux, debian
SHA-256 | 58db33873302308872eb77c617d317247e95720d5856a5992e3b0ba8b4d518a2
Secunia Security Advisory 44137
Posted Apr 11, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in ikiwiki, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
SHA-256 | 6b8ed49442239b4877941cf14cd714dafbbefed01ad5bce7e9b576aa6614b5cd
Debian Security Advisory 2214-1
Posted Apr 9, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2214-1 - Tango discovered that ikiwiki, a wiki compiler, is not validating if the htmlscrubber plugin is enabled or not on a page when adding alternative stylesheets to pages. This enables an attacker who is able to upload custom stylesheets to add malicious stylesheets as an alternate stylesheet, or replace the default stylesheet, and thus conduct cross-site scripting attacks.

tags | advisory, xss
systems | linux, debian
advisories | CVE-2011-1401
SHA-256 | 82fe081a95fd7ccb1a856f7cb544034fb44f22c40ba3d87f72715403cb22a855
Secunia Security Advisory 44013
Posted Apr 6, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Michael Brooks has discovered multiple vulnerabilities in yaws-wiki, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | 40057cc5dc8dcebb5993068f826db02ab5ea854f652a85be62930873dbf3fec7
Yaws Wiki 1.88-1 Cross Site Scripting
Posted Apr 4, 2011
Authored by Michael Brooks

Yaws Wiki version 1.88-1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 1f374675ae48d1dc0f7ffc30211d4eb74f2db13dd83c8891eb148daf6def0fff
WikiWig 5.01 Cross Site Scripting
Posted Mar 16, 2011
Authored by AutoSec Tools | Site autosectools.com

Persistent and reflected cross site scripting vulnerabilities in WikiWig version 5.01 can be exploited to execute arbitrary JavaScript.

tags | exploit, arbitrary, javascript, vulnerability, xss
SHA-256 | a9e5f54acc6aa859133f714a91b11b0a70e7e16199a9273af234d601acf5e54f
Secunia Security Advisory 43709
Posted Mar 10, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - John Leitch has discovered two vulnerabilities in WikiWig, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | d91418ef5107a1979ff0d8060b0b9b688198c06a0449b86df04156464dc0e6e4
Secunia Security Advisory 43344
Posted Mar 5, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been discovered in Wikipad, which can be exploited by malicious users to manipulate certain data and by malicious people to disclose potentially sensitive information and to conduct cross-site scripting and cross-site request forgery attacks.

tags | advisory, vulnerability, xss, csrf
SHA-256 | addbf5ec0286712f0649784859c1fb36e572b56be0c5f4169979c61fe4e30e2d
Wikipad 1.6.0 Cross Site Scripting / File Disclosure
Posted Feb 15, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

Wikipad version 1.6.0 suffers from cross site scripting and file content disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
SHA-256 | 0b16e4b9e89438ed538b13599105fa55488e27f95ac46604ee12ec652377cb52
Secunia Security Advisory 43142
Posted Feb 4, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in MediaWiki, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
SHA-256 | 854e3f118dc775b0674546478c38d70107ffc83ff4ef33fe1534aa932598e701
Secunia Security Advisory 42810
Posted Jan 4, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in MediaWiki, which can be exploited by malicious people to bypass certain security restrictions and conduct cross-site request forgery attacks.

tags | advisory, csrf
SHA-256 | 06808e0a42eded0c8adc388d6757a292069e407bb8bd7d0752e03643cd2a508b
Secunia Security Advisory 42663
Posted Dec 26, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Anwiki, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
SHA-256 | 534e916f62f1dfc7120ed6d7c4716fa6de1e72e6d8ffc44d25e4177391476c5a
Secunia Security Advisory 42594
Posted Dec 26, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in Anwiki, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | 1f55e7fd0b06adc040088e121c86dd592feec8860155e26beac2eeaafe987579
Secunia Security Advisory 42608
Posted Dec 23, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in PmWiki, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | fc7984df0cd42d357c6227a441cd790032f208ab38754d1ba1d53a40040372d4
Wikia.com Cross Site Scripting
Posted Dec 22, 2010
Authored by dave b

Wikia.com suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | e5f3774226d41b5c97999f22e63639ec11c78d89de4c0734c11d532b8d8a12d2
PmWiki Cross Site Scripting
Posted Dec 13, 2010
Authored by dave b

PmWiki suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | fd530d072de60d1dc61f0016345caa92e6bea5cf292c3253c19715c220fb7c7d
Secunia Security Advisory 42275
Posted Nov 15, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in Foswiki, which can be exploited by malicious users to gain escalated privileges.

tags | advisory
SHA-256 | be7ef7edf5d5f4c6167f0a9ba6a5e8fa4d700fec93bcb6024d8ff875761359b0
Secunia Security Advisory 42090
Posted Nov 2, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - icetek has discovered some vulnerabilities in XWiki Watch, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks.

tags | advisory, vulnerability, xss
SHA-256 | 3630a4df9ed74f8303a333b7ff32b63fd60fb7416a12ec9bbf3faee21d056edd
Secunia Security Advisory 42058
Posted Nov 2, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in XWiki Enterprise, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.

tags | advisory, vulnerability, xss, sql injection
SHA-256 | cdf67dedb37d2cc263be57fa2396f2e96004988a5c8a8954a5ff5071869752d5
WikiWebHelp 0.3.3 Insecure Cookie Handling
Posted Oct 17, 2010
Authored by FuRty

WikiWebHelp version 0.3.3 suffers from an insecure cookie handling vulnerability.

tags | exploit, insecure cookie handling
SHA-256 | 42ec17b5c88f1adedb326397999ed5e684d8b2cf37df82d65be0e62fdfb3023d
Secunia Security Advisory 41796
Posted Oct 14, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in TWiki, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | d1e07bd310fefce2cd7525240b0026852790bbc65eda17b446416fe4f999beaa
WikiWebHelp 0.3.3 Cross Site Request Forgery
Posted Oct 13, 2010
Authored by yoyohack

WikiWebHelp version 0.3.3 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | d8eb58fcfe99ffe8c65950fa7b5974a5050aee4f4ced6b692c09c81dc2eca1b3
Secunia Security Advisory 41670
Posted Oct 3, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in TikiWiki CMS/Groupware, which can be exploited by malicious users to disclose sensitive information and by malicious people to conduct cross-site scripting and cross-site request forgery attacks.

tags | advisory, vulnerability, xss, csrf
SHA-256 | 6d6ebe0e5b330eef0633e39d307b775c7f5c6239aa73ee8ae99d925cbfb47809
Secunia Security Advisory 41630
Posted Sep 27, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - John Leitch has discovered some vulnerabilities in Tiki Wiki CMS Groupware, which can be exploited by malicious users to disclose sensitive information and by malicious people to conduct cross-site scripting and cross-site request forgery attacks.

tags | advisory, vulnerability, xss, csrf
SHA-256 | fa9c831bc3e9b2f31db6224650d1f0998d98d2c205a0a38a4aee05e8b5e2e658
Tiki Wiki CMS Groupware 5.2 Local File Inclusion
Posted Sep 25, 2010
Authored by AutoSec Tools

Tiki Wiki CMS Groupware version 5.2 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | ca814d4db759eddf94b93eb891343da72f0758e892d06c27aacd9a000544161c
Page 4 of 4
Back1234Next

File Archive:

December 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    32 Files
  • 5
    Dec 5th
    10 Files
  • 6
    Dec 6th
    13 Files
  • 7
    Dec 7th
    23 Files
  • 8
    Dec 8th
    19 Files
  • 9
    Dec 9th
    1 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close