Twenty Year Anniversary

Register | Login

FilesNewsUsersAuthors

Home Files News Services About Contact Add New

Showing 76 - 100 of 3,916

File Inclusion Files

Carel PlantVisor 2.4.4 Directory Traversal

Posted Sep 15, 2017

Authored by James Fitts | Site metasploit.com

Carel PlantVisor version 2.4.4 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion

advisories | CVE-2011-3487

MD5 | 53c47349d004a5da5be6c028fec32469

Download | Favorite | Comments (0)

Indusoft Web Studio Directory Traversal

Posted Sep 15, 2017

Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a flaw found in Indusoft Web Studio versions 7.1 and below before SP2 Patch 4. This specific flaw allows users to browse outside of the webroot to download files found on the underlying system.

tags | exploit, web, file inclusion

advisories | CVE-2014-0780

MD5 | 16f7cb4a150432863c9bfba04db5b70a

Download | Favorite | Comments (0)

Carlo Gavazzi Powersoft 2.1.1.1 Directory Traversal

Posted Sep 15, 2017

Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability found in Carlo Gavazzi Powersoft versions 2.1.1.1 and below. The vulnerability is triggered when sending a specially crafted GET request to the server. The location parameter of the GET request is not sanitized and the sendCommand.php script will automatically pull down any file requested

tags | exploit, php, file inclusion

MD5 | 7ead626f719b2712cc6f6e65a79e2c9f

Download | Favorite | Comments (0)

LIFE CMS Directory Traversal

Posted Sep 12, 2017

Authored by Renzi

LIFE SISTEMAS CMS suffers from a directory traversal vulnerability.

tags | exploit, file inclusion

MD5 | fcf18dd822df0ed672bf0cff3f598547

Download | Favorite | Comments (0)

JGI CMS 1.0 Directory Traversal

Posted Sep 11, 2017

Authored by Renzi

JGI CMS version 1.0 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion

MD5 | be892befef82a66cb3a045ec3df6749a

Download | Favorite | Comments (0)

WiseGiga NAS CSRF / LFI / Command Execution

Posted Sep 11, 2017

Authored by Pierre Kim

WiseGiga NAS suffers from cross site request forgery, local file inclusion, command execution, and default credential vulnerabilities.

tags | exploit, local, vulnerability, file inclusion, csrf

MD5 | 047939def71293ad9bd51f3067e33736

Download | Favorite | Comments (0)

Huawei HG255s Directory Traversal

Posted Sep 8, 2017

Authored by Ahmet Mersin

Huawei HG255s suffers from a directory traversal vulnerability.

tags | exploit, file inclusion

MD5 | adeb025562e7f5dd4093670510800427

Download | Favorite | Comments (0)

Ultimate HR System 1.2 Cross Site Scripting / Directory Traversal

Posted Sep 5, 2017

Authored by 8bitsec

Ultimate HR System versions 1.2 and below suffer from cross site scripting and directory traversal vulnerabilities.

tags | exploit, vulnerability, xss, file inclusion

MD5 | 7ef8c382c84bd564a779cefd35abf93a

Download | Favorite | Comments (0)

Philex CMS 0.2 Directory Traversal

Posted Aug 16, 2017

Authored by Renzi

Philex CMS version 0.2 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion

MD5 | 2506b9c0aa524dc31cfbd3aa844da9b1

Download | Favorite | Comments (0)

ClipBucket 2.8.3 SQL Injection / Arbitrary File Read / Write

Posted Aug 15, 2017

Authored by bRpsd

ClipBucket version2.8.3 suffers from remote SQL injection, arbitrary file read/write, and default credential vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, sql injection, file inclusion

MD5 | ad009dbfbe414a249ac5f206ca71f955

Download | Favorite | Comments (0)

Advantech SUSIAccess 3.0 Directory Traversal / Information Disclosure

Posted Aug 1, 2017

Authored by James Fitts | Site metasploit.com

This Metasploit module exploits an information disclosure vulnerability found in Advantech SUSIAccess versions 3.0 and below. The vulnerability is triggered when sending a GET request to the server with a series of dot dot slashes (../) in the file parameter.

tags | exploit, file inclusion, info disclosure

advisories | CVE-2016-9349

MD5 | b99b70a5c20733224e88b86d90cc3957

Download | Favorite | Comments (0)

Cisco DDR2200 / 2201v1 Insecure Direct Object Reference / Path Traversal

Posted Jul 14, 2017

Authored by The Gambler

Cisco DDR2200 and 2201v1 ADSL2+ Residential Gateway devices suffer from insecure direct object reference vulnerabilities that allow for remote code execution as well as a path traversal issue.

tags | exploit, remote, vulnerability, code execution, bypass, file inclusion

systems | cisco

MD5 | 3d75aff532e38b6b2a6184d2c0b2e44d

Download | Favorite | Comments (0)

CMS Made Simple 2.2.1 Local File Inclusion

Posted Jul 2, 2017

Authored by Zhiyang Zeng

CMS Made Simple versions 2.2.1 and below suffers from a local inclusion vulnerability.

tags | exploit, local, file inclusion

MD5 | b3f295af95e08dea0b4737419f60d4db

Download | Favorite | Comments (0)

WordPress Photo Gallery 1.3.34 / 1.3.42 Path Traversal

Posted Jun 21, 2017

Authored by Tom Adams

WordPress Photo Gallery plugin versions 1.3.34 and 1.3.42 suffer from a path traversal vulnerability.

tags | exploit, file inclusion

MD5 | e233d580717e45da84a27f5bb6456e20

Download | Favorite | Comments (0)

Aerohive AP340 HiveOS Remote Code Execution / Local File Inclusion

Posted Jun 15, 2017

Authored by Ike-Clinton

Aerohive AP340 HiveOS versions prior to 6.1r5 suffers from a local file inclusion vulnerability that allows for remote code execution.

tags | exploit, remote, local, code execution, file inclusion

MD5 | 23f7f0efaf290260644702d2fc4ec176

Download | Favorite | Comments (0)

Robert 0.5 CSRF / XSS / Directory Traversal / SQL Injection

Posted Jun 7, 2017

Authored by Cyril Vallicari

Robert version 0.5 suffers from cross site request forgery, cross site scripting, remote SQL injection, and directory traversal vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, file inclusion, csrf

MD5 | cfd060cdd873a90420373f8cc4f97108

Download | Favorite | Comments (0)

uc-httpd Local File Inclusion / Traversal

Posted May 31, 2017

Authored by keksec

uc-httpd suffers from local file inclusion and directory traversal vulnerabilities.

tags | exploit, local, vulnerability, file inclusion

MD5 | 1ea3e2779de86530c91d5d4ec0c8c541

Download | Favorite | Comments (0)

Western Digital TV Media Player 1.03.07 LFI / CSRF / File Upload

Posted May 19, 2017

Authored by Fikri Fadzil, Wan Ikram | Site sec-consult.com

Western Digital TV Media Player version 1.03.07 suffers from file upload, local file inclusion, cross site request forgery, private key issue, remote SQL injection, and other vulnerabilities.

tags | advisory, remote, local, vulnerability, sql injection, file inclusion, file upload, csrf

MD5 | 25bbe7a316a961b85fad5f438278159a

Download | Favorite | Comments (0)

ASUS Routers CSRF / Information Disclosure

Posted May 10, 2017

Authored by Yakov Shafranovich | Site wwws.nightwatchcybersecurity.com

ASUS routers suffer from cross site request forgery and information disclosure vulnerabilities. Versions affected include RT-AC55U, RT-AC56R, RT-AC56S, RT-AC56U, RT-AC66U, RT-AC88U, RT-AC66R, RT-AC66U, RT-AC66W, RT-AC68W, RT-AC68P, RT-AC68R, RT-AC68U, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC53U, RT-AC1900P, RT-AC3100, RT-AC3200, RT-AC5300, RT-N11P, RT-N12 (D1 version only), RT-N12+, RT-N12E, RT-N18U, RT-N56U, RT-N66R, RT-N66U (B1 version only), and RT-N66W.

tags | exploit, vulnerability, file inclusion, info disclosure, csrf

advisories | CVE-2017-5891, CVE-2017-5892

MD5 | 3d95db7d42745579a0c76b4da4866297

Download | Favorite | Comments (0)

fimap Inclusion Scanner

Posted May 1, 2017

Authored by Iman Karim | Site tha-imax.de

fimap is a little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in web applications.

tags | tool, remote, web, local, scanner, python, file inclusion

systems | unix

MD5 | c521918aff624c30203b6f8679f04c80

Download | Favorite | Comments (0)

Alerton Webtalk 2.5 / 3.3 Hash Disclosure / CSRF / Command Injection

Posted Apr 27, 2017

Authored by David Tomaschik

Alerton Webtalk versions 2.5 and 3.3 suffer from cross site request forgery, password hash disclosure, command injection, and login flow vulnerabilities.

tags | exploit, vulnerability, file inclusion, info disclosure, csrf

MD5 | 6e847214fd97cdfd1149ec741c350114

Download | Favorite | Comments (0)

Trend Micro Threat Discovery Appliance 2.6.1062r1 logoff.cgi Directory Traversal

Posted Apr 20, 2017

Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a logoff.cgi directory traversal authentication bypass vulnerability.

tags | exploit, cgi, bypass, file inclusion

advisories | CVE-2016-7552

MD5 | e64dcba98301f1ab384f8984e9224a9b

Download | Favorite | Comments (0)

Coppermine Gallery 1.5.44 Directory Traversal

Posted Apr 14, 2017

Authored by Hacker Fantastic

Coppermine Gallery versions 1.5.44 and below suffer from a directory traversal vulnerability.

tags | exploit, file inclusion

MD5 | dda5a509b6541344f2cf734ab2ab3028

Download | Favorite | Comments (0)

XiongMai uc-http 1.0.0 Local File Inclusion / Directory Traversal

Posted Apr 12, 2017

Authored by Project Insecurity, sxcurity | Site insecurity.zone

uc-httpd is an HTTP daemon used by a wide array of IoT devices and is vulnerable to local file inclusion and directory traversal bugs.

tags | exploit, web, local, file inclusion

MD5 | 4dbd99715c3ee94349afae497d07d4cf

Download | Favorite | Comments (0)

MyBB Directory Traversal

Posted Apr 11, 2017

Authored by Zhiyang Zeng

MyBB versions prior to 1.8.11 suffer from a directory traversal vulnerability.

tags | exploit, file inclusion

MD5 | dbf0e2512ca759d8dd910d1da5c2a2bf

Download | Favorite | Comments (0)