exploit the possibilities
Showing 1 - 25 of 876 RSS Feed

File Upload Files

October CMS Build 465 XSS / File Read / File Deletion / CSV Injection
Posted Aug 3, 2020
Authored by Sivanesh Ashok

October CMS builds 465 and below suffer from arbitrary file read, arbitrary file deletion, file uploading to arbitrary locations, persistent and reflective cross site scripting, and CSV injection vulnerabilities.

tags | exploit, arbitrary, vulnerability, xss, file upload
advisories | CVE-2020-11083, CVE-2020-5295, CVE-2020-5296, CVE-2020-5297, CVE-2020-5298, CVE-2020-5299
MD5 | a79e40ac7fff8141301027b2d8a73d91
Baldr Botnet Panel Shell Upload
Posted Jul 29, 2020
Authored by Ege Balci | Site metasploit.com

This Metasploit module exploits a arbitrary file upload vulnerability within the Baldr stealer malware control panel. Attackers can turn this vulnerability into remote code execution by adding malicious PHP code inside the victim logs ZIP file and registering a new bot to the panel by uploading the ZIP file under the logs directory. On versions 3.0 and 3.1 victim logs are ciphered by a random 4 byte XOR key. This exploit module retrieves the IP specific XOR key from panel gate and registers a new victim to the panel with adding the selected payload inside the victim logs.

tags | exploit, remote, arbitrary, php, code execution, file upload
MD5 | 3aee05fb3bfa3e3eb0452ce7bbf7bdfb
Socket.io-file 2.0.31 Arbitrary File Upload
Posted Jul 27, 2020
Authored by Cr0wTom

Socket.io-file versions 2.0.31 and below suffer from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | 036513b2828cb0405115bfde1a5912ee
LibreHealth 2.0.0 Remote Code Execution
Posted Jul 20, 2020
Authored by Bobby Cooke

LibreHealth version 2.0.0 authentication remote code execution exploit that leverages file upload.

tags | exploit, remote, code execution, file upload
MD5 | fdb429c0607ceadf1536570f0e8ac8d9
WonderCMS 3.1.0 XSS / Directory Traversal / File Upload
Posted Jul 17, 2020
Authored by Calvin Phang | Site sec-consult.com

WonderCMS versions 3.1.0 and below suffer from directory traversal, persistent cross site scripting, and file upload vulnerabilities.

tags | advisory, vulnerability, xss, file upload
MD5 | c87a3407d183c31bf41f5245e885cf76
Webtareas 2.1 / 2.1p File Upload / Information Disclosure
Posted Jul 9, 2020
Authored by AppleBois

Webtareas versions 2.1 and 2.1p suffer from unauthenticated file uploads that allow for remote code execution and expose directory listings.

tags | exploit, remote, code execution, info disclosure, file upload
MD5 | 411b5ebef9a23a0632621a466851bcb3
ATutor 2.2.4 Directory Traversal / Remote Code Execution
Posted Jun 30, 2020
Authored by liquidsky, Erik Wynter | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability together with a directory traversal flaw in ATutor versions 2.2.4, 2.2.2 and 2.2.1 in order to execute arbitrary commands.

tags | exploit, arbitrary, file upload
advisories | CVE-2019-12169
MD5 | 09ec42ff94266d8b91d8385b7c530d7b
Online Student Enrollment System 1.0 Arbitrary File Upload
Posted Jun 22, 2020
Authored by BKpatron

Online Student Enrollment System version 1.0 suffers from an unauthenticated arbitrary file vulnerability.

tags | exploit, arbitrary, file upload
MD5 | 82d4e855a4f70039fa7c52673309699c
SmarterMail 16 Arbitrary File Upload
Posted Jun 13, 2020
Authored by vvhack.org

SmarterMail 16 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | 72450c5aaab572c56de94f8bfdb91744
Exploiting Unrestricted File Upload Via Plugin Uploader In WordPress
Posted Jun 9, 2020
Authored by Isha Gupta

Whitepaper called Exploiting Unrestricted File Upload via Plugin Uploader in WordPress.

tags | paper, file upload
MD5 | 82ef663315bfdc3aa371270f39bd15b1
WordPress Drag And Drop Multi File Uploader Remote Code Execution
Posted Jun 4, 2020
Authored by h00die, Austin Martin | Site metasploit.com

This Metasploit module exploits a file upload feature of Drag and Drop Multi File Upload - Contact Form 7 for versions prior to 1.3.4. The allowed file extension list can be bypassed by appending a %, allowing for php shells to be uploaded. No authentication is required for exploitation.

tags | exploit, shell, php, file upload
advisories | CVE-2020-12800
MD5 | 8741d1320b67d5240a0da5c63f0f5065
WordPress Drag And Drop File Upload Contact Form 1.3.3.2 Shell Upload
Posted May 27, 2020
Authored by Austin Martin

WordPress Drag and Drop File Upload Contact Form plugin version 1.3.3.2 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, file upload
MD5 | 415c8b9b89531c519f109fc5a2a6d49f
qdPM 9.1 Arbitrary File Upload
Posted May 12, 2020
Authored by Besim Altinok, Ismail Bozkurt

qdPM version 9.1 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | c0684c8ac1441ffc8176dc2bad26f3b4
CuteNews 2.1.2 Authenticated Shell Upload
Posted May 12, 2020
Authored by Vigov5

CuteNews version 2.1.2 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, file upload
MD5 | 854221f3da517dea5c1d414090b7e5df
Kartris 1.6 Arbitrary File Upload
Posted May 9, 2020
Authored by Nhat Ha

Kartris version 1.6 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | 3fb1d8c04e9f6ea8b0c57bde2a354ab3
Online Clothing Store 1.0 Arbitrary File Upload
Posted May 7, 2020
Authored by Saurav Shukla, Sushant Kamble

Online Clothing Store version 1.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | e1d15cf29f3926087b0d7678c38153df
HardDrive 2.1 Arbitrary File Upload
Posted Apr 30, 2020
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

HardDrive version 2.1 for iOS suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
systems | ios
MD5 | 695c62431428b0200073ffddb04b953a
Gigamon GigaVUE 5.5.01.11 Directory Traversal / File Upload
Posted Apr 29, 2020
Authored by Balazs Hambalko

Gigamon GigaVUE version 5.5.01.11 suffers from directory traversal and file upload with command execution vulnerabilities. Gigamon has chosen to sunset this product and not offer a patch.

tags | exploit, vulnerability, file inclusion, file upload
advisories | CVE-2020-12251, CVE-2020-12252
MD5 | 0fcc796a695117342acf0f72ae2515de
Open-AudIT 3.2.2 Command Injection / SQL Injection
Posted Apr 29, 2020
Authored by Core Security Technologies, Ivan Huertas, Pablo A. Zurro | Site coresecurity.com

Open-AudIT version 3.2.2 suffers from OS command injection, arbitrary file upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, sql injection, file upload
advisories | CVE-2020-11941, CVE-2020-11942, CVE-2020-11943
MD5 | 7ea2efd5fece16f023d6a11fbc170dd9
PHP-Fusion 9.03.50 Arbitrary File Upload
Posted Apr 27, 2020
Authored by Besim Altinok, Ismail Bozkurt, AkkuS

PHP-Fusion version 9.03.50 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, php, file upload
MD5 | e36604a9b6dcdb3914f2f4ead087df72
Air Sender 1.0.2 Arbitrary File Upload
Posted Apr 24, 2020
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Air Sender version 1.0.2 for iOS suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
systems | ios
MD5 | 1be8fe922a7c416f5c4ef8ecbdd3f758
Playable 9.18 Script Insertion / Arbitrary File Upload
Posted Apr 17, 2020
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Playable version 9.18 for iOS suffers from script insertion and arbitrary file upload vulnerabilities.

tags | exploit, arbitrary, vulnerability, file upload
systems | ios
MD5 | 69db8a47fd6bb84d9111eb838cd1a7a7
Ubuntu Security Notice USN-4330-1
Posted Apr 15, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4330-1 - It was discovered that PHP incorrectly handled certain file uploads. An attacker could possibly use this issue to cause a crash. It was discovered that PHP incorrectly handled certain PHAR archive files. An attacker could possibly use this issue to access sensitive information. It was discovered that PHP incorrectly handled certain EXIF files. An attacker could possibly use this issue to access sensitive information or cause a crash. Various other issues were also addressed.

tags | advisory, php, file upload
systems | linux, ubuntu
advisories | CVE-2020-7062, CVE-2020-7063, CVE-2020-7064, CVE-2020-7065, CVE-2020-7066
MD5 | 0fda62773a60658789b8a8c4895924f6
WordPress Event-Registration 5.43 Arbitrary File Upload
Posted Mar 30, 2020
Authored by KingSkrupellos

WordPress Event-Registration plugin version 5.43 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | 279cd9d30da9f9ede81e18d63144ff44
Joomla GMapFP 3.30 Arbitrary File Upload
Posted Mar 25, 2020
Authored by thelastvvv

Joomla GMapFP component version 3.30 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | ff385678ff3635685901b5f601407cc8
Page 1 of 36
Back12345Next

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    12 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close