exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 982 RSS Feed

File Upload Files

CMSMS 2.2.19 Arbitrary File Upload
Posted Jan 3, 2024
Authored by nu11secur1ty

CMSMS version 2.2.19 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 10d444684a1178256d641dcf6a31e78bdb9b5db129a97ebd890d4e09119b515c
Hospital Management System 4.0 XSS / Shell Upload / SQL Injection
Posted Dec 22, 2023
Authored by Louise Ng, Chris Chan

Hospital Management System versions 4.0 and below suffer from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss, sql injection, file upload
advisories | CVE-2020-26627, CVE-2020-26628, CVE-2020-26629, CVE-2020-26630
SHA-256 | 4c4cb4162e1a493a04ab18896d55ef8649d628f41d3426944382f8e72a0ea4f9
Struts S2-066 File Upload Remote Code Execution
Posted Dec 13, 2023
Authored by Steven Seeley | Site cwiki.apache.org

Apache Struts versions 2.0.0 through 2.3.37 (EOL), 2.5.0 through 2.5.32, and 6.0.0 through 6.3.0 suffer from an issues where an attacker can manipulate file upload parameters to enable a path traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform remote code execution.

tags | advisory, remote, code execution, file upload
advisories | CVE-2023-50164
SHA-256 | 3eabd0d7746d3af616a6a03f2fad7d9609f5c2a795390784bc379146a76826ad
WordPress Elementor 3.18.1 File Upload / Remote Code Execution
Posted Dec 8, 2023
Authored by Hong Quan | Site wordfence.com

WordPress Elementor plugin versions 3.18.1 and below are vulnerability to remote code execution via file upload in the template import functionality.

tags | advisory, remote, code execution, file upload
advisories | CVE-2023-48777
SHA-256 | 01b8a0f082e0d770b2fe9e58091dad5e9f1821358bb5f9846f04097a0d15c05c
WordPress MW WP Form 5.0.1 Arbitrary File Upload
Posted Dec 5, 2023
Authored by Istvan Marton | Site wordfence.com

WordPress MW WP Form plugin versions 5.0.1 and below suffer from an arbitrary file upload vulnerability.

tags | advisory, arbitrary, file upload
advisories | CVE-2023-6316
SHA-256 | 167c564d778ce9bc5dcaef0a3792319f6c3de4886f227d1ab0620bb35de396b6
Soosyze 2.0.0 Arbitrary File Upload
Posted Sep 8, 2023
Authored by nu11secur1ty

Soosyze version 2.0.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 9bf6b6526253f4c7c6238da3c5ad49f7a905e6d95335d5b8a7f1c835151822b1
FIRESHOP Advanced CMS 2.3 Arbitrary File Upload
Posted Aug 22, 2023
Authored by indoushka

FIRESHOP Advanced CMS version 2.3 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 39420fdbd9e09574216b7c644d2b65bd4cece1bb21494da786900619db842882
Academy LMS 6.1 Cross Site Scripting / File Upload
Posted Aug 21, 2023
Authored by CraCkEr

Academy LMS version 6.1 suffers from an upload vulnerability that could lead to persistent cross site scripting attacks.

tags | exploit, xss, file upload
SHA-256 | 7376aca92af649793fc8f249692d13f1ef1e359cdf18e47dababff6842bf39f0
Hyip Rio 2.1 Cross Site Scripting / File Upload
Posted Aug 16, 2023
Authored by CraCkEr

Hyip Rio version 2.1 suffers from an arbitrary file upload vulnerability that can be leveraged to commit cross site scripting attacks.

tags | exploit, arbitrary, xss, file upload
advisories | CVE-2023-4382
SHA-256 | cb26d9e78a7f34adc181f96e6e2bfa835fe0ee3bd358f8c8da79954a82c3bbe6
Dexx CMS HTML And Site Builder 2.2.3 XSS / Arbitrary File Upload
Posted Aug 9, 2023
Authored by indoushka

Dexx CMS HTML and Site Builder version 2.2.3 suffers from cross site scripting and arbitrary file upload vulnerabilities.

tags | exploit, arbitrary, vulnerability, xss, file upload
SHA-256 | afad1c220fc9a0f9c55b16ff2ee432a14c6bcfdc35bd7e270945acd8f3ea9e17
Codoforum 5.2.1 File Upload
Posted Aug 7, 2023
Authored by indoushka

Codoforum version 5.2.1 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 66cafdb3a8d9e6d3b610420bda0dfd3cf6f4266f80509482fefcb6a995fec406
Intelliants Subrion CMS 4.2.1 Remote Code Execution
Posted Aug 4, 2023
Authored by Fellipe Oliveira, Ismail E. Dawoodjee, Hexife | Site metasploit.com

This Metasploit module exploits an authenticated file upload vulnerability in Subrion CMS versions 4.2.1 and lower. The vulnerability is caused by the .htaccess file not preventing the execution of .pht, .phar, and .xhtml files. Files with these extensions are not included in the .htaccess blacklist, hence these files can be uploaded and executed to achieve remote code execution. In this module, a .phar file with a randomized name is uploaded and executed to receive a Meterpreter session on the target, then deletes itself afterwards.

tags | exploit, remote, code execution, file upload
advisories | CVE-2018-19422
SHA-256 | 72859313ffb21cb022d15b4566fe8863b0a0f88f5ef2dff2e8c3eba2e934c2ce
Codoforum 3.4 Arbitrary File Upload
Posted Aug 1, 2023
Authored by indoushka

Codoforum version 3.4 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 576ef4c013ea3a1292f877403f79781ba07f122b4361701afa83d5d09aa71bd6
xForUp Simple File Uploader 1.0 SQL Injection
Posted Jul 27, 2023
Authored by indoushka

xForUp Simple File Uploader version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection, file upload
SHA-256 | 361651b4acd30ddc2f3f044531153e1a0b18342e97aaf21d8d9a9cdeebb3c58c
Availability Booking Calendar PHP XSS / Arbitrary File Upload
Posted Jul 26, 2023
Authored by Andrey Stoykov

Availability Booking Calendar PHP suffers from cross site scripting and arbitrary file upload vulnerabilities. This was tested in July of 2023 but it is unclear what versions are affected.

tags | exploit, arbitrary, php, vulnerability, xss, file upload
SHA-256 | e67ac34384ab2be0d18a5bd94e4c7187126859aaf2b755a195aa0c55fd5cf914
Foody Friend 1.0 Arbitrary File Upload / Cross Site Scripting
Posted Jul 21, 2023
Authored by CraCkEr

Foody Friend version 1.0 suffers from an arbitrary file upload vulnerability that can assist in cross site scripting attacks.

tags | exploit, arbitrary, xss, file upload
SHA-256 | 0137ae9ffbdae6a9b09dd469be6ef2a730b30ff3d02a30c644906d1947153e72
Listplace Directory Listing Platform 3.0 File Upload / Cross Site Scripting
Posted Jul 21, 2023
Authored by CraCkEr

Listplace Directory Listing Platform version 3.0 suffers from an arbitrary file upload vulnerability that can assist in cross site scripting attacks.

tags | exploit, arbitrary, xss, file upload
SHA-256 | 0a1cf13f5d7e602fbc48099e04b11e27f529f1a21a7180b11e2fec834efcc88b
CCOM Events CMS 0.1.02 Arbitrary File Upload
Posted Jul 20, 2023
Authored by indoushka

CCOM Events CMS version 0.1.02 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | ebebbec7cdb17add68fb7467d262f2ed89ef274cd5c034153885858802eb736d
statamic 4.7.0 Cross Site Scripting
Posted Jul 20, 2023
Authored by nu11secur1ty

statamic version 4.7.0 suffers from a cross site scripting vulnerability via a malicious file upload.

tags | exploit, xss, file upload
SHA-256 | de9c9f1be368d8da80eabedf0f45732149a6a82790f98e16a2abaa36f90664e9
BBook 5.7 Shell Upload
Posted Jul 13, 2023
Authored by indoushka

BBook version 5.7 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, file upload
SHA-256 | 804669b61c82ab3a3a6cdc9ca32f0a6e2158053ef362cd4b7ee1ce094b4063c2
WordPress User Registration 3.0.2 Arbitrary File Upload
Posted Jul 12, 2023
Authored by Lana Codes | Site wordfence.com

The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hard-coded encryption key and missing file type validation on the ur_upload_profile_pic function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with subscriber-level capabilities or above to upload arbitrary files on the affected site's server which may make remote code execution possible. This was partially patched in version 3.0.2 and fully patched in version 3.0.2.1.

tags | exploit, remote, arbitrary, code execution, file upload
advisories | CVE-2023-3342
SHA-256 | 617e7a31e8613b2fc41dfb20282c61f763065187b026a8188f18e87a77f289a5
Architect HTML And Site Builder 2.2.3 File Upload
Posted Jul 12, 2023
Authored by indoushka

Architect HTML and Site Builder version 2.2.3 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | e39afa37fd4029d2a1d6029ed16c4ba2ee567a5ba7b61b45d8601e4c7d4ba3ab
Alumni Club Management Tools 2.2.7 SQL Injection / Arbitrary File Upload
Posted Jul 2, 2023
Authored by indoushka

Alumni Club Management Tools version 2.2.7 suffers from file upload and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, file upload
SHA-256 | 1c2184b26be39e09d9396589fc1970fe7145e1f2ce96dcf537d2c8dfd51194c5
MagicAI 1.55R Cross Site Scripting
Posted Jun 27, 2023
Authored by CraCkEr

MagicAI version 1.55R suffers from a persistent cross site scripting vulnerability via a file upload.

tags | exploit, xss, file upload
SHA-256 | f4d106d7a59e4b426baf267d2bfbc5e19be78391b0f2498637e74b343fb4f208
Advanced Form Builder 2.0 Arbitrary File Upload
Posted Jun 26, 2023
Authored by indoushka

Advanced Form Builder version 2.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 0fb127a4e4574a26de1bea5b616d506f4efb9d4344b1aa51b865f10ae956b4d0
Page 1 of 40
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close