exploit the possibilities
Showing 1 - 25 of 834 RSS Feed

File Upload Files

Cisco Data Center Network Manager 11.1(1) Remote Code Execution
Posted Jul 8, 2019
Authored by Pedro Ribeiro

Cisco Data Center Network Manager (DCNM) versions 11.1(1) and below suffer from authentication bypass, arbitrary file upload, arbitrary file download, and information disclosure vulnerabilities.

tags | exploit, arbitrary, vulnerability, info disclosure, file upload
systems | cisco
advisories | CVE-2019-1619, CVE-2019-1620, CVE-2019-1621, CVE-2019-1622
MD5 | 2bd84aa0b859d4eb5b1a69ff91efea19
WordPress Satoshi 2.0 Cross Site Request Forgery / File Upload
Posted Jun 5, 2019
Authored by KingSkrupellos

WordPress Satoshi theme version 2.0 suffers from cross site request forgery and remote file upload vulnerabilities.

tags | exploit, remote, vulnerability, file upload, csrf
MD5 | c35cb6f75567c153b011c7612c626cf3
Joomla Attachments 3.x File Upload
Posted May 26, 2019
Authored by KingSkrupellos

Joomla Attachments component version 3.x suffers from a remote file upload vulnerability.

tags | exploit, remote, file upload
MD5 | bd20ed03288d4577ce8abcb06613d91d
eLabFTW 1.8.5 Arbitrary File Upload / Remote Code Execution
Posted May 20, 2019
Authored by liquidsky

eLabFTW version 1.8.5 suffers from arbitrary file upload and code execution vulnerabilities.

tags | exploit, arbitrary, vulnerability, code execution, file upload
MD5 | 06d4ec4d3b23c885e233b14310048edc
GetSimpleCMS 3.3.15 Remote Code Execution
Posted May 16, 2019
Authored by truerand0m | Site metasploit.com

This Metasploit module exploits a remote code execution vulnerability found in GetSimpleCMS versions 3.3.15 and below. An arbitrary file upload (PHPcode for example) vulnerability can be triggered by an authenticated user, however authentication can be bypassed by leaking the cms API key to target the session manager.

tags | exploit, remote, arbitrary, code execution, file upload
advisories | CVE-2019-11231
MD5 | 6062088ad83896c13ad8c78e57d1baf2
GAT-Ship Web Module Unrestricted File Upload
Posted Apr 26, 2019
Authored by Gionathan Reale

GAT-Ship Web Module versions prior to 1.40 suffer from an unrestricted file upload vulnerability.

tags | advisory, web, file upload
advisories | CVE-2019-11028
MD5 | 8c2fb3fc6426dc78470e27e9dc57cdb0
ATutor file_manager Remote Code Execution
Posted Apr 12, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module allows the user to run commands on the server with the teacher user privilege. The 'Upload files' section in the 'File Manager' field contains an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | 720c50c8ee708b2b3df793d3b1d82de3
PhreeBooks ERP 5.2.3 Arbitrary File Upload
Posted Apr 3, 2019
Authored by Abdullah Celebi

PhreeBooks ERP version 5.2.3 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | 1606f8d4f075c6c721a684007d4d15cd
Classified Ad Lister 2.0 Arbitrary File Upload
Posted Apr 1, 2019
Authored by Mehmet Emiroglu

Classified Ad Lister version 2.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | b866bad380e0c3b19bc902c7eb5f1dae
CMS Made Simple (CMSMS) Showtime2 File Upload Remote Command Execution
Posted Mar 27, 2019
Authored by Daniele Scanu, Fabio Cogno | Site metasploit.com

This Metasploit module exploits a file upload vulnerability that allows for remote command execution in Showtime2 module versions 3.6.2 and below in CMS Made Simple (CMSMS). An authenticated user with "Use Showtime2" privilege could exploit the vulnerability. The vulnerability exists in the Showtime2 module, where the class "class.showtime2_image.php" does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG). Tested on Showtime2 3.6.2, 3.6.1, 3.6.0, 3.5.4, 3.5.3, 3.5.2, 3.5.1, 3.5.0, 3.4.5, 3.4.3, 3.4.2 on CMS Made Simple (CMSMS) 2.2.9.1.

tags | exploit, remote, php, file upload
advisories | CVE-2019-9692
MD5 | 34616f7d15896f8238efb1b0c1d26897
SPIP CMS 2.x / 3.x Add Administrator / File Upload
Posted Mar 26, 2019
Authored by KingSkrupellos

SPIP CMS versions 2.x and 3.x suffer from unauthenticated add administrator and arbitrary file upload vulnerabilities.

tags | exploit, arbitrary, vulnerability, add administrator, file upload
MD5 | 894150aaed7a06655bcf6e2a4dad0aec
CSZ CMS 1.2.1 Arbitrary File Upload
Posted Mar 17, 2019
Authored by Mehmet Emiroglu

CSZ CMS version 1.2.1 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | ad2667b2518dc48fc775c2bce95ae340
CMS Made Simple Showtime2 3.6.2 Arbitrary File Upload
Posted Mar 15, 2019
Authored by Daniele Scanu

CMS Made Simple Showtime2 module version 3.6.2 suffers from an authenticated arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
advisories | CVE-2019-9692
MD5 | 2221652ee89c73f5809f4205dcbfb0d2
Booked Scheduler 2.7.5 Remote Command Execution
Posted Mar 5, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits a file upload vulnerability Booked 2.7.5. In the "Look and Feel" section of the management panel, you can modify the Logo-Favico-CSS files. Upload sections has file extension control except favicon part. You can upload the file with the extension you want through the Favicon field. The file you upload is written to the main directory of the site under the name "custom-favicon". After you upload the php payload to the main directory, the exploit executes the payload and receives a shell.

tags | exploit, shell, php, file upload
MD5 | d99806184924b3c9ff46a07a219526b9
Feng Office 3.7.0.5 Remote Command Execution
Posted Feb 28, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability in Feng Office version 3.7.0.5. The application allows unauthenticated users to upload arbitrary files. There is no control of any session. All files are sent under /tmp directory. The .htaccess file under the /tmp directory prevents files with the php, php2, and php3 extensions. This exploit creates the php payload and moves the payload to the main directory via shtml. After moving the php payload to the main directory, the exploit executes payload and receives a shell.

tags | exploit, arbitrary, shell, php, file upload
MD5 | fd4c717a95e850f0b81235df10b31b52
Joomla Alberghi 2.1.3 File Upload / SQL Injection
Posted Feb 27, 2019
Authored by KingSkrupellos

Joomla Alberghi component version 2.1.3 suffers from arbitrary file upload and remote SQL injection vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, sql injection, file upload
MD5 | e9ac9d615c9d64ae523ed189c083e1c9
Webiness Inventory 2.3 Arbitrary File Upload
Posted Feb 19, 2019
Authored by Mehmet Emiroglu

Webiness Inventory version 2.3 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
advisories | CVE-2019-8404
MD5 | 73c24a7e6e180538e4d37581306f9149
Zoho ManageEngine ServiceDesk Plus (SDP) Arbitrary File Upload
Posted Feb 19, 2019
Authored by Dao Duy Hung

Zoho ManageEngine ServiceDesk Plus (SDP) versions prior to 10.0 build 10012 suffer from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
advisories | CVE-2019-8394
MD5 | 0550a15a99693c1fd9ccbf83909a337a
UniSharp Laravel File Manager 2.0.0-alpha7 Arbitrary File Upload
Posted Feb 15, 2019
Authored by Mohammad Danish

UniSharp Laravel File Manager version 2.0.0-alpha7 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | 4b844402ebcb3ecb1af226481accbefd
WordPress Jssor-Slider 3.1.24 Cross Site Request Forgery / File Upload
Posted Feb 14, 2019
Authored by KingSkrupellos

WordPress Jssor-Slider plugin version 3.1.24 suffers from cross site request forgery and remote file upload vulnerabilities.

tags | exploit, remote, vulnerability, file upload, csrf
MD5 | f7eac41409534851aa3d5cda1ce85010
TinyMCE JBimages 3.x JustBoilMe Arbitrary File Upload
Posted Feb 14, 2019
Authored by KingSkrupellos

TinyMCE JBimages plugin versions 3.x from JustBoilMe suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | 9b975cf5bb98fdb6ec65718c028992a3
Slims CMS Senayan Library Management System 7.0 Shell Upload
Posted Feb 14, 2019
Authored by KingSkrupellos

Slims CMS Senayan Library Management System version 7.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, file upload
MD5 | d5be7d73783868baa48653a63e6a6a0d
RVSiteBuilder RVGlobalSoft CMS 7.0 Bypass / Disclosure / SQL Injection
Posted Feb 14, 2019
Authored by KingSkrupellos

RVSiteBuilder RVGlobalSoft CMS version 7.0 suffers from bypass, database disclosure, file download, path disclosure, remote file upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure, file upload
MD5 | 3c019473a8382ff8cf5b15499f6ea3ab
Joomla RSForm 1.5 Database Disclosure / SQL Injection
Posted Feb 5, 2019
Authored by KingSkrupellos

Joomla RSForm component version 1.5 suffers from database disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure, file upload
MD5 | e2524bc32be163c37b6de12a3f46091c
Blueimp jQuery File Upload 9.22.0 Arbitrary File Upload
Posted Jan 17, 2019
Authored by Larry W. Cashdollar

Blueimp jQuery File Upload versions 9.22.0 and below suffer from a remote file upload vulnerability.

tags | exploit, remote, file upload
advisories | CVE-2018-9206
MD5 | e2fcb7c12aedd4cbe1a64e468bb035e4
Page 1 of 34
Back12345Next

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    16 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    7 Files
  • 18
    Jul 18th
    5 Files
  • 19
    Jul 19th
    12 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close