Showing 1 - 14 of 14

Files

qdPM 9.1 Cross Site Scripting: Posted Feb 18, 2019; Authored by Mehmet Emiroglu; qdPM version 9.1 suffers from multiple cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss; advisories | CVE-2019-8390, CVE-2019-8391; SHA-256 | 695024bcdea254b0592b99bd9b63b1eec7e0fc742b5f5644d8bfef42062983ec; Download | Favorite | View

Related Files

qdPM 9.1 Authenticated Shell Upload: Posted Sep 29, 2022; Authored by Rishal Dwivedi, Leon Trappett, Giacomo Casoni | Site metasploit.com; A remote code execution vulnerability exists in qdPM versions 9.1 and below. An attacker can upload a malicious PHP code file via the profile photo functionality by leveraging a path traversal vulnerability in the users['photop_preview'] delete photo feature thus allowing bypass of .htaccess protection. NOTE: this issue exists because of an incomplete fix for CVE-2015-3884.; tags | exploit, remote, php, code execution; advisories | CVE-2015-3884, CVE-2020-7246; SHA-256 | 41d2d18aa9196d7f57810fe954d8362f8c6f3662e5ba2a143d334cd07ac9b371; Download | Favorite | View

qdPM 9.1 Remote Code Execution: Posted May 26, 2022; Authored by Rishal Dwivedi, Leon Trappett, RedHatAugust; qdPM version 9.1 authenticated remote code execution exploit that leverages a path traversal.; tags | exploit, remote, code execution; advisories | CVE-2020-7246; SHA-256 | 3232c57ac453b2620e024f66156e77f94a31f69956a38912a194df206d7de228; Download | Favorite | View

qdPM 9.2 Cross Site Request Forgery: Posted Apr 7, 2022; Authored by Chetanya Sharma; qdPM version 9.2 suffers from a cross site request forgery vulnerability.; tags | exploit, csrf; advisories | CVE-2022-26180; SHA-256 | 64ddbfaa1da0cb1473febe63a28eecb79a7e8e8d82ebad0f32c44475dadf890f; Download | Favorite | View

qdPM 9.2 Information Disclosure: Posted Aug 4, 2021; Authored by Leon Trappett; qdPM version 9.2 discloses the password and connection string for the database in an internet-accessible file.; tags | exploit, info disclosure; SHA-256 | 2f92d8ee5b5ad7b418516bd80f8b207e00cf4ae67d21b04fe4031646a20b325f; Download | Favorite | View

qdPM 9.1 PHP Object Injection: Posted Dec 31, 2020; Authored by EgiX | Site karmainsecurity.com; qdPM versions 9.1 and below suffer from an executeExport PHP object injection vulnerability.; tags | exploit, php; advisories | CVE-2020-26165; SHA-256 | b112518046e2d985fa9df4e1d428c12274ab5e4bf070ee7383978e0a73695f45; Download | Favorite | View

qdPM 9.1 Cross Site Scripting: Posted May 19, 2020; Authored by Kishan Lal Choudhary; qdPM version 9.1 suffers from a persistent cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 243f9d8a4adf78bf32f1e9eaf0c07a5a16b6a774dae63a376acae6ef2be8a21c; Download | Favorite | View

qdPM 9.1 Arbitrary File Upload: Posted May 12, 2020; Authored by Besim Altinok, Ismail Bozkurt; qdPM version 9.1 suffers from an arbitrary file upload vulnerability.; tags | exploit, arbitrary, file upload; SHA-256 | 29677c9aeba89af9fcf295f75937caccf52029e7fa9463e55173aedd624ed875; Download | Favorite | View

qdPM Remote Code Execution: Posted Feb 28, 2020; Authored by Tobin Shields; qdPM versions prior to 9.1 suffer from a remote shell upload vulnerability that allows for remote code execution.; tags | exploit, remote, shell, code execution; advisories | CVE-2020-7246; SHA-256 | 7378aebe88336076527073b99083cdd137d3c12ddaf2cf587f30f8479d285a3d; Download | Favorite | View

qdPM 9.1 Remote Code Execution: Posted Jan 23, 2020; Authored by Rishal Dwivedi; qdPM version 9.1 suffers from a remote code execution vulnerability.; tags | exploit, remote, code execution; advisories | CVE-2020-7246; SHA-256 | 7e38839c57fb28f501a4b08fba6935a0fba1a06153b69a44056f7c139d22ed77; Download | Favorite | View

qdPM 9.1 SQL Injection: Posted Feb 14, 2019; Authored by Mehmet Emiroglu; qdPM version 9.1 suffers from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; SHA-256 | e81be54e975ddb9efc4ef78b705ee0e474bff1089a5a48aed1d455217623fec4; Download | Favorite | View

qdPM 9.1 SQL Injection: Posted Nov 2, 2018; Authored by Ozkan Mustafa Akkus; qdPM version 9.1 suffers from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; SHA-256 | be69d3f7d431d0964e2a89d2816659a6ff6ada3a67cd1457bb1166a6bd28d33d; Download | Favorite | View

Secunia Security Advisory 50599: Posted Sep 17, 2012; Authored by Secunia | Site secunia.com; Secunia Security Advisory - loneferret has discovered a vulnerability in qdPM, which can be exploited by malicious users to compromise a vulnerable system.; tags | advisory; SHA-256 | 716e5c3365715b07a16c4023a4789e688901cbad253c9df6b7dbf9d0d98cd190; Download | Favorite | View

qdPM 7 Arbitrary PHP File Upload: Posted Sep 14, 2012; Authored by loneferret, sinn3r | Site metasploit.com; This Metasploit module exploits a vulnerability found in qdPM - a web-based project management software. The user profile's photo upload feature can be abused to upload any arbitrary file onto the victim server machine, which allows remote code execution. Please note in order to use this module, you must have a valid credential to sign in.; tags | exploit, remote, web, arbitrary, code execution; advisories | OSVDB-82978; SHA-256 | f5f6ba93d6feeeed1d320115b76b89c669688a7089990888c0aafa5f2993314c; Download | Favorite | View

qdPM 7 Shell Upload: Posted Jun 14, 2012; Authored by loneferret; qdPM version 7 suffers from a remote shell upload vulnerability.; tags | exploit, remote, shell; SHA-256 | de7d737317088da35d6c5415b3002cc2704e760c0485eed4b429a49321a72e9c; Download | Favorite | View

Page 1 of 1 Back 1 Next