what you don't know can hurt you
Showing 1 - 25 of 4,038 RSS Feed

File Inclusion Files

openSIS 7.4 Unauthenticated PHP Code Execution
Posted Jul 6, 2020
Authored by EgiX | Site metasploit.com

This Metasploit module exploits multiple vulnerabilities in openSIS 7.4 and prior versions which could be abused by unauthenticated attackers to execute arbitrary PHP code with the permissions of the webserver. The exploit chain abuses an incorrect access control issue which allows access to scripts which should require the user to be authenticated, and a local file inclusion to reach a SQL injection vulnerability which results in execution of arbitrary PHP code due to an unsafe use of the eval() function.

tags | exploit, arbitrary, local, php, vulnerability, sql injection, file inclusion
advisories | CVE-2020-13381, CVE-2020-13382, CVE-2020-13383
MD5 | 07a638401a07dae3fe0cc15b5a196965
openSIS 7.4 Local File Inclusion
Posted Jun 30, 2020
Authored by EgiX | Site karmainsecurity.com

openSIS versions 7.4 and below suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
advisories | CVE-2020-13383
MD5 | 34773fe08298e4f70971b2ca475bfba4
FHEM 6.0 Local File Inclusion
Posted Jun 25, 2020
Authored by Emre OVUNC

FHEM version 6.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 35ad551f0a301429cff04952d64edc5e
Odoo 12.0 Local File Inclusion
Posted Jun 22, 2020
Authored by Emre OVUNC

Odoo version 12.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | ef259aea09b43ebfc94e8efe879074f2
OpenCTI 3.3.1 Cross Site Scripting / Directory Traversal
Posted Jun 18, 2020
Authored by Raif Berkay Dincel

OpenCTI version 3.3.1 suffers from cross site scripting and directory traversal vulnerabilities.

tags | exploit, vulnerability, xss, file inclusion
MD5 | 01e5582f9668a47e3707a7ac7a906c85
MJML 4.6.2 Path Traversal
Posted Jun 16, 2020
Authored by Julien Ahrens | Site rcesecurity.com

MJML versions 4.6.2 and below suffer from a path traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2020-12827
MD5 | a0a3f891f47c7b51f226844efd20e946
Bludit 3.9.12 Directory Traversal
Posted Jun 9, 2020
Authored by Luis Vacacas

Bludit version 3.9.12 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2019-16113
MD5 | 58e30747011aa13fe7bddb3f9412d0d7
Navigate CMS 2.8.7 Directory Traversal
Posted Jun 4, 2020
Authored by Gus Ralph

Navigate CMS version 2.8.7 suffers from an authenticated directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2020-13795
MD5 | e422428b73acd01b8faae4427b9bcb16
Booked Scheduler 2.7.7 Directory Traversal
Posted May 6, 2020
Authored by Besim Altinok, Ismail Bozkurt

Booked Scheduler version 2.7.7 suffers from an authenticated directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | a4735a7d21fe839b802938d376f307c3
SimplePHPGal 0.7 Remote File Inclusion
Posted May 5, 2020
Authored by h4shur

SimplePHPGal version 0.7 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
MD5 | 69eb6230d589074cf1c0543f754f010b
BoltWire 6.03 Local File Inclusion
Posted May 4, 2020
Authored by Andrey Stoykov

BoltWire version 6.03 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 4592e504295e563f4cf421c3c26ba239
Gigamon GigaVUE 5.5.01.11 Directory Traversal / File Upload
Posted Apr 29, 2020
Authored by Balazs Hambalko

Gigamon GigaVUE version 5.5.01.11 suffers from directory traversal and file upload with command execution vulnerabilities. Gigamon has chosen to sunset this product and not offer a patch.

tags | exploit, vulnerability, file inclusion, file upload
advisories | CVE-2020-12251, CVE-2020-12252
MD5 | 0fcc796a695117342acf0f72ae2515de
Zen Load Balancer 3.10.1 Directory Traversal
Posted Apr 23, 2020
Authored by Dhiraj Mishra, Basim Alabdullah | Site metasploit.com

This Metasploit module exploits an authenticated directory traversal vulnerability in Zen Load Balancer version 3.10.1. The flaw exists in index.cgi not properly handling the filelog= parameter which allows a malicious actor to load arbitrary file path.

tags | exploit, arbitrary, cgi, file inclusion
MD5 | 098e961d63357b612d0c1f8c93294ae0
QRadar Community Edition 7.3.1.6 Path Traversal
Posted Apr 21, 2020
Authored by Yorick Koster, Securify B.V.

QRadar Community Edition version 7.3.1.6 has a path traversal that exists in the session validation functionality. In particular, the vulnerability is present in the part that handles session tokens (UUIDs). QRadar fails to validate if the user-supplied token is in the correct format. Using path traversal it is possible for authenticated users to impersonate other users, and also to executed arbitrary code (via Java deserialization). The code will be executed with the privileges of the Tomcat system user.

tags | exploit, java, arbitrary, file inclusion
MD5 | 6cb180e7e16b46cc6581407a5507d0a0
QRadar Community Edition 7.3.1.6 Arbitrary Object Instantiation
Posted Apr 21, 2020
Authored by Yorick Koster, Securify B.V.

QRadar Community Edition version 7.3.1.6 is vulnerable to instantiation of arbitrary objects based on user-supplied input. An authenticated attacker can abuse this to perform various types of attacks including server-side request forgery and (potentially) arbitrary execution of code.

tags | exploit, arbitrary, file inclusion
advisories | CVE-2020-4272
MD5 | f813c8f629536b1985d46109b98d02f8
TVT NVMS 1000 Directory Traversal
Posted Apr 13, 2020
Authored by Mohin Paramasivam

TVT NVMS 1000 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2019-20085
MD5 | 801d83449f54d4e39592e24a359a856d
WordPress Media Library Assistant 2.81 Local File Inclusion
Posted Apr 13, 2020
Authored by Daniel Monzon

WordPress Media Library Assistant plugin version 2.81 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | b31e7279051191481d8919615b301f40
Zen Load Balancer 3.10.1 Directory Traversal
Posted Apr 10, 2020
Authored by Basim Alabdullah

Zen Load Balancer version 3.10.1 suffers from a directory traversal vulnerability. This finding was originally discovered by Cody Sixteen.

tags | exploit, file inclusion
MD5 | 4eab1f70983bec64bb7c6a94d06cf884
LimeSurvey 4.1.11 Path Traversal
Posted Apr 3, 2020
Authored by Matthew Aberegg, Michael Burkey

LimeSurvey version 4.1.11 suffers from a File Manager path traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2020-11455
MD5 | 15a17460c92285cb9514da2991c14b64
Joomla Fabrik 3.9.11 Directory Traversal
Posted Mar 30, 2020
Authored by qw3rTyTy

Joomla Fabrik component version 3.9.11 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | ca6510d47275441b8241ea7c2bb9e5e7
Jinfornet Jreport 15.6 Directory Traversal
Posted Mar 27, 2020
Authored by hongphukt

Jinfornet Jreport version 15.6 suffers from an unauthenticated directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | aa0b75959e528f9f28ec3bdf8df57c76
FIBARO System Home Center 5.021 Remote File Inclusion / XSS
Posted Mar 23, 2020
Authored by LiquidWorm | Site zeroscience.mk

FIBARO System Home Center version 5.021 suffers from cross site scripting and remote file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, xss, file inclusion
MD5 | 3f7f7703a1c9d1be0e5090ceeb7c714c
PHPKB Multi-Language 9 Authenticated Directory Traversal
Posted Mar 16, 2020
Authored by Antonio Cannito

PHPKB Multi-Language 9 suffers from an authenticated directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2020-10387
MD5 | aba62435c30641b2f7f83973ae012c79
Horde Groupware Webmail Edition 5.2.22 PHP File Inclusion
Posted Mar 12, 2020
Authored by Andrea Cardaci

Horde Groupware Webmail Edition version 5.2.22 suffers from a PHP file inclusion vulnerability.

tags | exploit, php, file inclusion
advisories | CVE-2020-8865, CVE-2020-8866
MD5 | d2b595c8544f4d3d4cd3488e79c4933d
Apache Tomcat AJP Ghostcat File Read / Inclusion
Posted Feb 26, 2020
Authored by ydhcui

Apache Tomcat AJP Ghostcat file read and inclusion exploit.

tags | exploit, file inclusion
advisories | CVE-2020-10487
MD5 | 28027f46fb9f230fd41b684c0e835073
Page 1 of 162
Back12345Next

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    12 Files
  • 4
    Jul 4th
    1 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    25 Files
  • 7
    Jul 7th
    35 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close