exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

Files

qdPM 9.1 Cross Site Scripting
Posted Feb 18, 2019
Authored by Mehmet Emiroglu

qdPM version 9.1 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2019-8390, CVE-2019-8391
SHA-256 | 695024bcdea254b0592b99bd9b63b1eec7e0fc742b5f5644d8bfef42062983ec

Related Files

qdPM 9.1 Authenticated Shell Upload
Posted Sep 29, 2022
Authored by Rishal Dwivedi, Leon Trappett, Giacomo Casoni | Site metasploit.com

A remote code execution vulnerability exists in qdPM versions 9.1 and below. An attacker can upload a malicious PHP code file via the profile photo functionality by leveraging a path traversal vulnerability in the users['photop_preview'] delete photo feature thus allowing bypass of .htaccess protection. NOTE: this issue exists because of an incomplete fix for CVE-2015-3884.

tags | exploit, remote, php, code execution
advisories | CVE-2015-3884, CVE-2020-7246
SHA-256 | 41d2d18aa9196d7f57810fe954d8362f8c6f3662e5ba2a143d334cd07ac9b371
qdPM 9.1 Remote Code Execution
Posted May 26, 2022
Authored by Rishal Dwivedi, Leon Trappett, RedHatAugust

qdPM version 9.1 authenticated remote code execution exploit that leverages a path traversal.

tags | exploit, remote, code execution
advisories | CVE-2020-7246
SHA-256 | 3232c57ac453b2620e024f66156e77f94a31f69956a38912a194df206d7de228
qdPM 9.2 Cross Site Request Forgery
Posted Apr 7, 2022
Authored by Chetanya Sharma

qdPM version 9.2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2022-26180
SHA-256 | 64ddbfaa1da0cb1473febe63a28eecb79a7e8e8d82ebad0f32c44475dadf890f
qdPM 9.2 Information Disclosure
Posted Aug 4, 2021
Authored by Leon Trappett

qdPM version 9.2 discloses the password and connection string for the database in an internet-accessible file.

tags | exploit, info disclosure
SHA-256 | 2f92d8ee5b5ad7b418516bd80f8b207e00cf4ae67d21b04fe4031646a20b325f
qdPM 9.1 PHP Object Injection
Posted Dec 31, 2020
Authored by EgiX | Site karmainsecurity.com

qdPM versions 9.1 and below suffer from an executeExport PHP object injection vulnerability.

tags | exploit, php
advisories | CVE-2020-26165
SHA-256 | b112518046e2d985fa9df4e1d428c12274ab5e4bf070ee7383978e0a73695f45
qdPM 9.1 Cross Site Scripting
Posted May 19, 2020
Authored by Kishan Lal Choudhary

qdPM version 9.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 243f9d8a4adf78bf32f1e9eaf0c07a5a16b6a774dae63a376acae6ef2be8a21c
qdPM 9.1 Arbitrary File Upload
Posted May 12, 2020
Authored by Besim Altinok, Ismail Bozkurt

qdPM version 9.1 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 29677c9aeba89af9fcf295f75937caccf52029e7fa9463e55173aedd624ed875
qdPM Remote Code Execution
Posted Feb 28, 2020
Authored by Tobin Shields

qdPM versions prior to 9.1 suffer from a remote shell upload vulnerability that allows for remote code execution.

tags | exploit, remote, shell, code execution
advisories | CVE-2020-7246
SHA-256 | 7378aebe88336076527073b99083cdd137d3c12ddaf2cf587f30f8479d285a3d
qdPM 9.1 Remote Code Execution
Posted Jan 23, 2020
Authored by Rishal Dwivedi

qdPM version 9.1 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2020-7246
SHA-256 | 7e38839c57fb28f501a4b08fba6935a0fba1a06153b69a44056f7c139d22ed77
qdPM 9.1 SQL Injection
Posted Feb 14, 2019
Authored by Mehmet Emiroglu

qdPM version 9.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | e81be54e975ddb9efc4ef78b705ee0e474bff1089a5a48aed1d455217623fec4
qdPM 9.1 SQL Injection
Posted Nov 2, 2018
Authored by Ozkan Mustafa Akkus

qdPM version 9.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | be69d3f7d431d0964e2a89d2816659a6ff6ada3a67cd1457bb1166a6bd28d33d
Secunia Security Advisory 50599
Posted Sep 17, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - loneferret has discovered a vulnerability in qdPM, which can be exploited by malicious users to compromise a vulnerable system.

tags | advisory
SHA-256 | 716e5c3365715b07a16c4023a4789e688901cbad253c9df6b7dbf9d0d98cd190
qdPM 7 Arbitrary PHP File Upload
Posted Sep 14, 2012
Authored by loneferret, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in qdPM - a web-based project management software. The user profile's photo upload feature can be abused to upload any arbitrary file onto the victim server machine, which allows remote code execution. Please note in order to use this module, you must have a valid credential to sign in.

tags | exploit, remote, web, arbitrary, code execution
advisories | OSVDB-82978
SHA-256 | f5f6ba93d6feeeed1d320115b76b89c669688a7089990888c0aafa5f2993314c
qdPM 7 Shell Upload
Posted Jun 14, 2012
Authored by loneferret

qdPM version 7 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | de7d737317088da35d6c5415b3002cc2704e760c0485eed4b429a49321a72e9c
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close