what you don't know can hurt you
Showing 1 - 25 of 4,111 RSS Feed

File Inclusion Files

CMSimple 5.4 Local File Inclusion / Remote Code Execution
Posted Nov 24, 2021
Authored by S1lv3r

CMSimple version 5.4 local file inclusion to remote code execution exploit.

tags | exploit, remote, local, code execution, file inclusion
MD5 | 7d206d745fd2639b990408dc45a77919
Red Hat Security Advisory 2021-4702-01
Posted Nov 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4702-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include XML injection, code execution, denial of service, information leakage, local file inclusion, man-in-the-middle, memory leak, open redirection, password leak, remote file inclusion, remote shell upload, and traversal vulnerabilities.

tags | advisory, remote, denial of service, shell, local, vulnerability, code execution, memory leak, file inclusion
systems | linux, redhat
advisories | CVE-2019-14853, CVE-2019-14859, CVE-2019-25025, CVE-2020-14343, CVE-2020-26247, CVE-2020-8130, CVE-2020-8908, CVE-2021-20256, CVE-2021-21330, CVE-2021-22885, CVE-2021-22902, CVE-2021-22904, CVE-2021-28658, CVE-2021-29509, CVE-2021-31542, CVE-2021-32740, CVE-2021-33203, CVE-2021-33503, CVE-2021-33571, CVE-2021-3413, CVE-2021-3494
MD5 | 15d37f280e159b35ed6469b1f97ed672
Aerohive NetConfig 10.0r8a Local File Inclusion / Remote Code Execution
Posted Nov 12, 2021
Authored by Erik Wynter, Erik de Jong | Site metasploit.com

This Metasploit module exploits local file inclusion and log poisoning vulnerabilities (CVE-2020-16152) in Aerohive NetConfig, version 10.0r8a build-242466 and older in order to achieve unauthenticated remote code execution as the root user. NetConfig is the Aerohive/Extreme Networks HiveOS administrative webinterface. Vulnerable versions allow for LFI because they rely on a version of PHP 5 that is vulnerable to string truncation attacks. This module leverages this issue in conjunction with log poisoning to gain remote code execution as root. Upon successful exploitation, the Aerohive NetConfig application will hang for as long as the spawned shell remains open. Closing the session should render the application responsive again. The module provides an automatic cleanup option to clean the log. However, this option is disabled by default because any modifications to the /tmp/messages log, even via sed, may render the target (temporarily) unexploitable. This state can last over an hour. This module has been successfully tested against Aerohive NetConfig versions 8.2r4 and 10.0r7a.

tags | exploit, remote, shell, local, root, php, vulnerability, code execution, file inclusion
advisories | CVE-2020-16152
MD5 | 70c6dcfbe8cd1056d848f4af42f66776
Easy Chat Server 3.1 Directory Traversal
Posted Oct 21, 2021
Authored by z4nd3r

Easy Chat Server version 3.1 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | 6467ba2ba996208488cde9d6cd01fa7d
Apache HTTP Server 2.4.50 Path Traversal / Code Execution
Posted Oct 13, 2021
Authored by Lucas Souza

Apache HTTP Server version 2.4.50 suffers from path traversal and code execution vulnerabilities.

tags | exploit, web, vulnerability, code execution, file inclusion
advisories | CVE-2021-42013
MD5 | 83e881b06b8c45b03c0e1280bba0e9df
Apache HTTP Server 2.4.49 Path Traversal / Remote Code Execution
Posted Oct 6, 2021
Authored by Lucas Souza

Apache HTTP Server version 2.4.49 suffers from a path traversal vulnerability.

tags | exploit, web, file inclusion
advisories | CVE-2021-41773
MD5 | 1f8f44361142a2acbf7b9f53b654f29a
Payara Micro Community 5.2021.6 Directory Traversal
Posted Oct 2, 2021
Authored by Yasser Khan

Payara Micro Community version 5.2021.6 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2021-41381
MD5 | facaade4d9c2aaf474e859daee70da16
Red Hat Security Advisory 2021-3490-01
Posted Sep 15, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3490-01 - An update for python-django20 is now available for Red Hat OpenStack Platform 16.2 (Train). Issues addressed include local file inclusion, remote file inclusion, server-side request forgery, and traversal vulnerabilities.

tags | advisory, remote, local, vulnerability, python, file inclusion
systems | linux, redhat
advisories | CVE-2021-3281, CVE-2021-33203, CVE-2021-33571
MD5 | e7500bc349886d3fb83b1178501b814b
OpenSIS 8.0 Directory Traversal
Posted Sep 3, 2021
Authored by Eric Salario

OpenSIS version 8.0 suffers from a local file inclusion vulnerability via a path traversal.

tags | exploit, local, file inclusion
MD5 | b5b5159ba7f41f0e12e980bac421c26d
Umbraco CMS 8.9.1 Traversal / Arbitrary File Write
Posted Aug 31, 2021
Authored by BitTheByte

Umbraco CMS versions 8.9.1 and below suffer from path traversal and arbitrary file write vulnerabilities.

tags | exploit, arbitrary, vulnerability, file inclusion
advisories | CVE-2020-5811
MD5 | 0a99ada2f17347f95a647a852d95bcfe
ProcessMaker 3.5.4 Local File Inclusion
Posted Aug 26, 2021
Authored by Ai Ho

ProcessMaker version 3.5.4 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 6866947c3b49d852208d6c48618fa6cc
WordPress Mail Masta 1.0 Local File Inclusion
Posted Aug 25, 2021
Authored by Matheus Alexandre

WordPress Mail Masta plugin version 1.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 904e1bbfd06fac7ad4b4f0f51166be0e
GeoVision Geowebserver 5.3.3 LFI / XSS / CSRF / Code Execution
Posted Aug 17, 2021
Authored by Ken Pyle

GeoVision Geowebserver versions 5.3.3 and below suffer from code execution, cross site request forgery, cross site scripting, html injection, and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, code execution, xss, file inclusion, csrf
MD5 | 7f0018d2193589d1334f12f6ebcc8843
Exploiting PHP_SESSION_UPLOAD_PROGRESS
Posted Jul 27, 2021
Authored by Faisal Alhadlaq

This whitepaper discusses chain session upload progress to remote code execution when taking advantage of local file inclusion.

tags | paper, remote, local, code execution, file inclusion
MD5 | 30b82ecd437ab784ec81665a82576757
Novus Management System Directory Traversal / Cross Site Scripting
Posted Jul 10, 2021
Authored by Dariusz Gonda

Novus Management System versions prior to 1.51.2 suffer from cross site scripting and directory traversal vulnerabilities.

tags | advisory, vulnerability, xss, file inclusion
advisories | CVE-2021-34820, CVE-2021-38421
MD5 | c64a7fc8b08135ed2c5f6feadfc07ead
Wyomind Help Desk 1.3.6 XSS / Traversal / Shell Upload
Posted Jul 8, 2021
Authored by Patrik Lantz

Wyomind Help Desk version 1.3.6 suffers from remote shell upload, cross site scripting, and directory traversal vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss, file inclusion
MD5 | 59218439c3ab4fb34a4f3a6427121b87
WordPress Anti-Malware Security And Bruteforce Firewall 4.20.59 Directory Traversal
Posted Jul 6, 2021
Authored by TheSmuggler

WordPress Anti-Malware Security and Bruteforce Firewall plugin version 4.20.59 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | 6f9edaf13c8046960529a3c19bdf3c96
Black Box Kvm Extender 3.4.31307 Local File Inclusion
Posted Jul 6, 2021
Authored by Ferhat Cil

Black Box Kvm Extender version 3.4.31307 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 6fe8c1691d468a9bf6c2ebd9e15d6aff
OpenEMR 5.0.1.7 Path Traversal
Posted Jul 5, 2021
Authored by Alexandre Zanni

OpenEMR version 5.0.17 path traversal exploit.

tags | exploit, file inclusion
advisories | CVE-2019-14530
MD5 | a7622ae19ddf3cafa635248b9528fd2c
OpenEMR 5.0.1.7 Path Traversal
Posted Jun 18, 2021
Authored by Ron Jost

OpenEMR version 5.0.1.7 suffers from a path traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2019-14530
MD5 | 9b189b539433dd288cb8f97ef2d49d86
Postbird 0.8.4 XSS / LFI / Insecure Data Storage
Posted Jun 1, 2021
Authored by Tridentsec | Site tridentsec.io

Postbird version 0.8.4 suffers from cross site scripting, local file inclusion, and insecure data storage vulnerabilities. Included in this archive is a whitepaper and proof of concept exploit.

tags | exploit, local, vulnerability, xss, proof of concept, file inclusion
advisories | CVE-2021-33570
MD5 | f60c4ad77076831e6c6210dffcd07d54
Trixbox 2.8.0.4 Path Traversal
Posted May 28, 2021
Authored by Ron Jost

Trixbox version 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.

tags | exploit, php, file inclusion
advisories | CVE-2017-14537
MD5 | ebe53272a318e753d01ffa4b44a12413
Postbird 0.8.4 Cross Site Scripting / Local File Inclusion
Posted May 27, 2021
Authored by Debshubra Chakraborty

Postbird version 0.8.4 suffers from a javascript injection vulnerability that allows for cross site scripting and local file inclusion.

tags | exploit, local, javascript, xss, file inclusion
advisories | CVE-2021-33570
MD5 | f2d171b04734775d46bcc4f5dc3a2213
Schlix CMS 2.2.6-6 Shell Upload / Directory Traversal
Posted May 24, 2021
Authored by Emir Polat

Schlix CMS version 2.2.6-6 suffers from an arbitrary file upload and a directory traversal that together can lead to remote command execution.

tags | exploit, remote, arbitrary, file inclusion, file upload
MD5 | f2f6e3d92179511f87fa66f851387309
Mini Mouse 9.3.0 Local File Inclusion / Path Traversal
Posted Apr 6, 2021
Authored by gosh

Mini Mouse version 9.3.0 suffers from local file inclusion and path traversal vulnerabilities.

tags | exploit, local, vulnerability, file inclusion
MD5 | 5f48132206c39831f6956e4b977d8857
Page 1 of 165
Back12345Next

File Archive:

November 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    19 Files
  • 2
    Nov 2nd
    25 Files
  • 3
    Nov 3rd
    8 Files
  • 4
    Nov 4th
    7 Files
  • 5
    Nov 5th
    24 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    0 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    106 Files
  • 11
    Nov 11th
    19 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    18 Files
  • 16
    Nov 16th
    12 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    12 Files
  • 19
    Nov 19th
    4 Files
  • 20
    Nov 20th
    2 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    14 Files
  • 24
    Nov 24th
    19 Files
  • 25
    Nov 25th
    4 Files
  • 26
    Nov 26th
    1 Files
  • 27
    Nov 27th
    4 Files
  • 28
    Nov 28th
    1 Files
  • 29
    Nov 29th
    11 Files
  • 30
    Nov 30th
    7 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close