what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 987 RSS Feed

File Upload Files

Apache Solr Backup/Restore API Remote Code Execution
Posted Apr 24, 2024
Authored by jheysel-r7, l3yx | Site metasploit.com

Apache Solr versions 6.0.0 through 8.11.2 and versions 9.0.0 up to 9.4.1 are affected by an unrestricted file upload vulnerability which can result in remote code execution in the context of the user running Apache Solr. When Apache Solr creates a Collection, it will use a specific directory as the classpath and load some classes from it. The backup function of the Collection can export malicious class files uploaded by attackers to the directory, allowing Solr to load custom classes and create arbitrary Java code. Execution can further bypass the Java sandbox configured by Solr, ultimately causing arbitrary command execution.

tags | exploit, java, remote, arbitrary, code execution, file upload
advisories | CVE-2023-50386
SHA-256 | 982c87ed2032bff9e2a889f42db78ed065aa2707c068813f76b1c3875193d49d
GUnet OpenEclass E-learning 3.15 File Upload / Command Execution
Posted Apr 11, 2024
Authored by Georgios Tsimpidas, Frey

GUnet OpenEclass E-learning platform version 3.15 suffers from an unrestricted file upload vulnerability in certbadge.php that allows for remote command execution.

tags | exploit, remote, php, file upload
advisories | CVE-2024-31777
SHA-256 | 87510b61a4bcdb0fdc6c31f4148617866220f4cd5cc391960946f28d1c611747
WordPress Travelscape Theme 1.0.3 Arbitrary File Upload
Posted Apr 8, 2024
Authored by Milad Karimi

WordPress Travelscape theme version 1.0.3 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 8c7f57a620a7f2e630146822105069ce7c8d705a9661a1a56006b6c19ee5ae88
Lektor Static CMS 3.3.10 Arbitrary File Upload / Remote Code Execution
Posted Mar 20, 2024
Authored by kai6u

Lektor Static CMS version 3.3.10 suffers from an arbitrary file upload vulnerability that can be leveraged to achieve remote code execution.

tags | exploit, remote, arbitrary, code execution, file upload
SHA-256 | 12e46eeac4843dfaaf4f61083381648a44692cd6a4aade7ab73a5901f82f2336
WordPress File Upload Cross Site Scripting
Posted Mar 19, 2024
Authored by Faiyaz Ahmad

WordPress File Upload plugin versions prior to 4.23.3 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss, file upload
SHA-256 | 3b846687e4071f8314c772e2348dd5b6d4b6c50cc0acd6fd150c3ad212d8fb7f
CMSMS 2.2.19 Arbitrary File Upload
Posted Jan 3, 2024
Authored by nu11secur1ty

CMSMS version 2.2.19 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 10d444684a1178256d641dcf6a31e78bdb9b5db129a97ebd890d4e09119b515c
Hospital Management System 4.0 XSS / Shell Upload / SQL Injection
Posted Dec 22, 2023
Authored by Louise Ng, Chris Chan

Hospital Management System versions 4.0 and below suffer from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss, sql injection, file upload
advisories | CVE-2020-26627, CVE-2020-26628, CVE-2020-26629, CVE-2020-26630
SHA-256 | 4c4cb4162e1a493a04ab18896d55ef8649d628f41d3426944382f8e72a0ea4f9
Struts S2-066 File Upload Remote Code Execution
Posted Dec 13, 2023
Authored by Steven Seeley | Site cwiki.apache.org

Apache Struts versions 2.0.0 through 2.3.37 (EOL), 2.5.0 through 2.5.32, and 6.0.0 through 6.3.0 suffer from an issues where an attacker can manipulate file upload parameters to enable a path traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform remote code execution.

tags | advisory, remote, code execution, file upload
advisories | CVE-2023-50164
SHA-256 | 3eabd0d7746d3af616a6a03f2fad7d9609f5c2a795390784bc379146a76826ad
WordPress Elementor 3.18.1 File Upload / Remote Code Execution
Posted Dec 8, 2023
Authored by Hong Quan | Site wordfence.com

WordPress Elementor plugin versions 3.18.1 and below are vulnerability to remote code execution via file upload in the template import functionality.

tags | advisory, remote, code execution, file upload
advisories | CVE-2023-48777
SHA-256 | 01b8a0f082e0d770b2fe9e58091dad5e9f1821358bb5f9846f04097a0d15c05c
WordPress MW WP Form 5.0.1 Arbitrary File Upload
Posted Dec 5, 2023
Authored by Istvan Marton | Site wordfence.com

WordPress MW WP Form plugin versions 5.0.1 and below suffer from an arbitrary file upload vulnerability.

tags | advisory, arbitrary, file upload
advisories | CVE-2023-6316
SHA-256 | 167c564d778ce9bc5dcaef0a3792319f6c3de4886f227d1ab0620bb35de396b6
Soosyze 2.0.0 Arbitrary File Upload
Posted Sep 8, 2023
Authored by nu11secur1ty

Soosyze version 2.0.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 9bf6b6526253f4c7c6238da3c5ad49f7a905e6d95335d5b8a7f1c835151822b1
FIRESHOP Advanced CMS 2.3 Arbitrary File Upload
Posted Aug 22, 2023
Authored by indoushka

FIRESHOP Advanced CMS version 2.3 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 39420fdbd9e09574216b7c644d2b65bd4cece1bb21494da786900619db842882
Academy LMS 6.1 Cross Site Scripting / File Upload
Posted Aug 21, 2023
Authored by CraCkEr

Academy LMS version 6.1 suffers from an upload vulnerability that could lead to persistent cross site scripting attacks.

tags | exploit, xss, file upload
SHA-256 | 7376aca92af649793fc8f249692d13f1ef1e359cdf18e47dababff6842bf39f0
Hyip Rio 2.1 Cross Site Scripting / File Upload
Posted Aug 16, 2023
Authored by CraCkEr

Hyip Rio version 2.1 suffers from an arbitrary file upload vulnerability that can be leveraged to commit cross site scripting attacks.

tags | exploit, arbitrary, xss, file upload
advisories | CVE-2023-4382
SHA-256 | cb26d9e78a7f34adc181f96e6e2bfa835fe0ee3bd358f8c8da79954a82c3bbe6
Dexx CMS HTML And Site Builder 2.2.3 XSS / Arbitrary File Upload
Posted Aug 9, 2023
Authored by indoushka

Dexx CMS HTML and Site Builder version 2.2.3 suffers from cross site scripting and arbitrary file upload vulnerabilities.

tags | exploit, arbitrary, vulnerability, xss, file upload
SHA-256 | afad1c220fc9a0f9c55b16ff2ee432a14c6bcfdc35bd7e270945acd8f3ea9e17
Codoforum 5.2.1 File Upload
Posted Aug 7, 2023
Authored by indoushka

Codoforum version 5.2.1 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 66cafdb3a8d9e6d3b610420bda0dfd3cf6f4266f80509482fefcb6a995fec406
Intelliants Subrion CMS 4.2.1 Remote Code Execution
Posted Aug 4, 2023
Authored by Fellipe Oliveira, Ismail E. Dawoodjee, Hexife | Site metasploit.com

This Metasploit module exploits an authenticated file upload vulnerability in Subrion CMS versions 4.2.1 and lower. The vulnerability is caused by the .htaccess file not preventing the execution of .pht, .phar, and .xhtml files. Files with these extensions are not included in the .htaccess blacklist, hence these files can be uploaded and executed to achieve remote code execution. In this module, a .phar file with a randomized name is uploaded and executed to receive a Meterpreter session on the target, then deletes itself afterwards.

tags | exploit, remote, code execution, file upload
advisories | CVE-2018-19422
SHA-256 | 72859313ffb21cb022d15b4566fe8863b0a0f88f5ef2dff2e8c3eba2e934c2ce
Codoforum 3.4 Arbitrary File Upload
Posted Aug 1, 2023
Authored by indoushka

Codoforum version 3.4 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 576ef4c013ea3a1292f877403f79781ba07f122b4361701afa83d5d09aa71bd6
xForUp Simple File Uploader 1.0 SQL Injection
Posted Jul 27, 2023
Authored by indoushka

xForUp Simple File Uploader version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection, file upload
SHA-256 | 361651b4acd30ddc2f3f044531153e1a0b18342e97aaf21d8d9a9cdeebb3c58c
Availability Booking Calendar PHP XSS / Arbitrary File Upload
Posted Jul 26, 2023
Authored by Andrey Stoykov

Availability Booking Calendar PHP suffers from cross site scripting and arbitrary file upload vulnerabilities. This was tested in July of 2023 but it is unclear what versions are affected.

tags | exploit, arbitrary, php, vulnerability, xss, file upload
SHA-256 | e67ac34384ab2be0d18a5bd94e4c7187126859aaf2b755a195aa0c55fd5cf914
Foody Friend 1.0 Arbitrary File Upload / Cross Site Scripting
Posted Jul 21, 2023
Authored by CraCkEr

Foody Friend version 1.0 suffers from an arbitrary file upload vulnerability that can assist in cross site scripting attacks.

tags | exploit, arbitrary, xss, file upload
SHA-256 | 0137ae9ffbdae6a9b09dd469be6ef2a730b30ff3d02a30c644906d1947153e72
Listplace Directory Listing Platform 3.0 File Upload / Cross Site Scripting
Posted Jul 21, 2023
Authored by CraCkEr

Listplace Directory Listing Platform version 3.0 suffers from an arbitrary file upload vulnerability that can assist in cross site scripting attacks.

tags | exploit, arbitrary, xss, file upload
SHA-256 | 0a1cf13f5d7e602fbc48099e04b11e27f529f1a21a7180b11e2fec834efcc88b
CCOM Events CMS 0.1.02 Arbitrary File Upload
Posted Jul 20, 2023
Authored by indoushka

CCOM Events CMS version 0.1.02 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | ebebbec7cdb17add68fb7467d262f2ed89ef274cd5c034153885858802eb736d
statamic 4.7.0 Cross Site Scripting
Posted Jul 20, 2023
Authored by nu11secur1ty

statamic version 4.7.0 suffers from a cross site scripting vulnerability via a malicious file upload.

tags | exploit, xss, file upload
SHA-256 | de9c9f1be368d8da80eabedf0f45732149a6a82790f98e16a2abaa36f90664e9
BBook 5.7 Shell Upload
Posted Jul 13, 2023
Authored by indoushka

BBook version 5.7 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, file upload
SHA-256 | 804669b61c82ab3a3a6cdc9ca32f0a6e2158053ef362cd4b7ee1ce094b4063c2
Page 1 of 40
Back12345Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close