exploit the possibilities
Showing 1 - 25 of 924 RSS Feed

File Upload Files

ECOA Building Automation System Path Traversal / Arbitrary File Upload
Posted Sep 10, 2021
Authored by Neurogenesia | Site zeroscience.mk

ECOA building automation systems suffer from path traversal and arbitrary file upload vulnerabilities. Many versions are affected.

tags | exploit, arbitrary, vulnerability, file upload
MD5 | a455307bd9b613b751ea7966593a494d
GFI Mail Archiver 15.1 Arbitrary File Upload
Posted Aug 5, 2021
Authored by Paul Taylor, Amin Bohio

GFI Mail Archiver versions 15.1 and below Telerik UI component unauthenticated arbitrary file upload exploit.

tags | exploit, arbitrary, file upload
MD5 | 66ad12294171731d8098d027d0d1b813
WordPress SP Project And Document Remote Code Execution
Posted Jul 26, 2021
Authored by Ron Jost, Yann Castel | Site metasploit.com

This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in WordPress SP Project and Document plugin versions prior to 4.22. The security check only searches for lowercase file extensions such as .php, making it possible to upload .pHP files for instance. Finally, the uploaded payload can be triggered by a call to /wp-content/uploads/sp-client-document-manager/<user_id>/<random_payload_name>.php.

tags | exploit, arbitrary, shell, php, file upload
advisories | CVE-2021-24347
MD5 | d73daa7ac6681410691920aff7640598
WordPress Modern Events Calendar Remote Code Execution
Posted Jul 26, 2021
Authored by Ron Jost, Yann Castel, Nguyen Van Khanh | Site metasploit.com

This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in WordPress Modern Events Calendar plugin versions prior to 5.16.5. This is due to an incorrect check of the uploaded file extension. Indeed, by using text/csv content-type in a request, it is possible to upload a .php payload as is is not forbidden by the plugin. Finally, the uploaded payload can be triggered by a call to /wp-content/uploads/<random_payload_name>.php.

tags | exploit, arbitrary, shell, php, file upload
advisories | CVE-2021-24145
MD5 | 75b29e689541f825031d9308d2c36b24
WordPress Backup Guard Authenticated Remote Code Execution
Posted Jul 21, 2021
Authored by Ron Jost, Nguyen Van Khanh | Site metasploit.com

This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in Wordpress plugin Backup Guard versions prior to 1.6.0. This is due to an incorrect check of the uploaded file extension which should be of SGBP type. Then, the uploaded payload can be triggered by a call to /wp-content/uploads/backup-guard/<random_payload_name>.php.

tags | exploit, arbitrary, shell, php, file upload
advisories | CVE-2021-24155
MD5 | a13b79ee96d9f6b0f86db446a8c091a9
WordPress wpDiscuz 7.0.4 Shell Upload
Posted Jun 28, 2021
Authored by Hoa Nguyen, Chloe Chamberland | Site metasploit.com

This Metasploit module exploits an arbitrary file upload in the WordPress wpDiscuz plugin versions from 7.0.0 through 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable server.

tags | exploit, remote, arbitrary, php, code execution, file upload
advisories | CVE-2020-24186
MD5 | fdf8135289f12d026401f86e91ab3f6d
Lightweight Facebook-Styled Blog Remote Code Execution
Posted Jun 25, 2021
Authored by Maide Ilkay Aydogdu

This Metasploit module exploits the file upload vulnerability of Lightweight self-hosted facebook-styled PHP blog and allows remote code execution.

tags | exploit, remote, php, code execution, file upload
MD5 | 574d24d96494d02754d265cd9346aa85
rConfig Shell Upload
Posted Jun 24, 2021
Authored by Murat Seker, Vishwaraj Bhattrai | Site metasploit.com

This Metasploit module allows an attacker with a privileged rConfig account to start a reverse shell due to an arbitrary file upload vulnerability in /lib/crud/vendors.crud.php.

tags | exploit, arbitrary, shell, php, file upload
MD5 | b0d94160c515ca53615beeeac06c2e14
Cisco HyperFlex HX Data Platform File Upload / Remote Code Execution
Posted Jun 17, 2021
Authored by wvu, Mikhail Klyuchnikov, jheysel-r7, Nikita Abramov | Site metasploit.com

This Metasploit module exploits an unauthenticated file upload vulnerability in Cisco HyperFlex HX Data Platform's /upload endpoint to upload and execute a payload as the Tomcat user.

tags | exploit, file upload
systems | cisco
advisories | CVE-2021-1499
MD5 | 4e68353612f3c0f049691f3af33362bf
XML External Entity Via MP3 File Upload On WordPress
Posted Jun 15, 2021
Authored by Vallari Sharma, Archie Midha

This document illustrates proof of concept exploitation of a vulnerability in WordPress versions 5.6.0 through 5.7.0 that gives a user the ability to upload files on a server and exploit an XML parsing issue in the Media Library using an MP3 file upload that leads to an XXE attack.

tags | exploit, proof of concept, file upload
advisories | CVE-2021-29447
MD5 | f480e11bbb87f0689d864f58c065154d
QNAP MusicStation / MalwareRemover File Upload / Command Injection
Posted May 28, 2021
Authored by polict | Site shielder.it

QNAP MusicStation and MalwareRemover are affected by arbitrary file upload and command injection vulnerabilities, leading to pre-authentication remote command execution with root privileges on the NAS.

tags | advisory, remote, arbitrary, root, vulnerability, file upload
advisories | CVE-2020-36197, CVE-2020-36198
MD5 | e0f4de64c7524a918a49796c1ab9986e
Schlix CMS 2.2.6-6 Shell Upload / Directory Traversal
Posted May 24, 2021
Authored by Emir Polat

Schlix CMS version 2.2.6-6 suffers from an arbitrary file upload and a directory traversal that together can lead to remote command execution.

tags | exploit, remote, arbitrary, file inclusion, file upload
MD5 | f2f6e3d92179511f87fa66f851387309
Subrion CMS 4.2.1 Shell Upload
Posted May 17, 2021
Authored by Fellipe Oliveira

Subrion CMS version 4.2.1 file upload bypass exploit that uploads a shell.

tags | exploit, shell, file upload
advisories | CVE-2018-19422
MD5 | e874feae0d57f116b1f5a86b2f618f2b
WordPress WP Super Edit 2.5.4 Arbitrary File Upload
Posted May 6, 2021
Authored by h4shur

WordPress WP Super Edit plugin version 2.5.4 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | 40b02ffb098a5c31c187c21257fe02c9
GNU wget Arbitrary File Upload / Code Execution
Posted Apr 30, 2021
Authored by Dawid Golunski, liewehacksie

GNU wget versions prior to 1.1.8 arbitrary file upload and code execution exploit.

tags | exploit, arbitrary, code execution, file upload
advisories | CVE-2016-4971
MD5 | b58323ee91fc57fe6f500e0a6fef2cb9
Montiorr 1.7.6m Cross Site Scripting
Posted Apr 27, 2021
Authored by Ahmad Shakla

Montiorr version 1.7.6m suffers from a cross site scripting vulnerability via a file upload.

tags | exploit, xss, file upload
MD5 | f585a3504139898906468d253c6f7c04
Monospace Directus Headless CMS File Upload / Rule Bypass
Posted Apr 7, 2021
Authored by Moritz Friedmann, Oliver Boehlk | Site sec-consult.com

Monospace Directus Headless CMS versions prior to 8.8.2 suffers from .htaccess rule bypass and arbitrary file upload vulnerabilities.

tags | exploit, arbitrary, vulnerability, file upload
advisories | CVE-2021-29641
MD5 | a539b17d7f2faaebf90a4f897e76ae67
Atlassian Jira Service Desk 4.9.1 Cross Site Scripting
Posted Apr 7, 2021
Authored by Captain_hook

Atlassian Jira Service Desk version 4.9.1 suffers from a cross site scripting vulnerability via a file upload.

tags | exploit, xss, file upload
advisories | CVE-2020-14166
MD5 | 840e289057a75abee3ebef734b12ec0a
FortiLogger Arbitrary File Upload
Posted Mar 25, 2021
Authored by Berkan Er | Site metasploit.com

This Metasploit module exploits an unauthenticated arbitrary file upload in FortiLogger via an insecure POST request. It has been tested on versions prior to 5.2.0 in Windows 10 Enterprise.

tags | exploit, arbitrary, file upload
systems | windows
advisories | CVE-2021-3378
MD5 | e0599a186c02f74ac877f0ee7bf396ad
Exploiting XXE Via File Uploads
Posted Mar 25, 2021
Authored by Neha Gupta

Whitepaper that discusses XXE exploitation via file uploads.

tags | paper, file upload
MD5 | 6297f76616d0df90e80a81841b4d2d54
Dolibarr ERP/CRM 11.0.4 Bypass / Code Execution
Posted Mar 25, 2021
Authored by Andrea Gonzalez

Dolibarr ERP/CRM version 11.0.4 authenticated file upload restrictions bypass exploit that achieves remote code execution.

tags | exploit, remote, code execution, bypass, file upload
advisories | CVE-2020-14209
MD5 | fe74304105aaecf46ea3be88063bb592
VMware View Planner 4.6 Remote Code Execution
Posted Mar 19, 2021
Authored by wvu, Grant Willcox, Mikhail Klyuchnikov | Site metasploit.com

This Metasploit module exploits an unauthenticated log file upload within the log_upload_wsgi.py file of VMWare View Planner 4.6 prior to 4.6 Security Patch 1. Successful exploitation will result in remote code execution as the apache user inside the appacheServer Docker container.

tags | exploit, remote, code execution, file upload
advisories | CVE-2021-21978
MD5 | fdf94c86e405a2eb33104f6978f68b72
SonLogger 4.2.3.3 Shell Upload
Posted Mar 15, 2021
Authored by Berkan Er | Site metasploit.com

This Metasploit module exploits an unauthenticated arbitrary file upload via an insecure POST request in SonLogger. It has been tested on version less than 6.4.1 in Windows 10 Enterprise.

tags | exploit, arbitrary, file upload
systems | windows
advisories | CVE-2021-27964
MD5 | 0593a294d2d56ed9398dbcfc8185421a
VMware vCenter Server File Upload / Remote Code Execution
Posted Mar 8, 2021
Authored by mr_me, wvu, Mikhail Klyuchnikov, Viss | Site metasploit.com

This Metasploit module exploits an unauthenticated OVA file upload and path traversal in VMware vCenter Server to write a JSP payload to a web-accessible directory. Fixed versions are 6.5 Update 3n, 6.7 Update 3l, and 7.0 Update 1c. Note that later vulnerable versions of the Linux appliance aren't exploitable via the webshell technique. Furthermore, writing an SSH public key to /home/vsphere-ui/.ssh/authorized_keys works, but the user's non-existent password expires 90 days after install, rendering the technique nearly useless against production environments. You'll have the best luck targeting older versions of the Linux appliance. The Windows target should work ubiquitously.

tags | exploit, web, file upload
systems | linux, windows
advisories | CVE-2021-21972
MD5 | db7174f0c4fc0e0b2ac2dea0a4523ebf
FortiLogger 4.4.2.2 Arbitrary File Upload
Posted Mar 1, 2021
Authored by Berkan Er | Site metasploit.com

This Metasploit module exploits an unauthenticated arbitrary file upload via an insecure POST request to Fortilogger. It has been tested on version 4.4.2.2 in Windows 10 Enterprise.

tags | exploit, arbitrary, file upload
systems | windows
advisories | CVE-2021-3378
MD5 | 986492d22038a772f87e46c47ea24f02
Page 1 of 37
Back12345Next

File Archive:

September 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    14 Files
  • 2
    Sep 2nd
    19 Files
  • 3
    Sep 3rd
    9 Files
  • 4
    Sep 4th
    1 Files
  • 5
    Sep 5th
    2 Files
  • 6
    Sep 6th
    3 Files
  • 7
    Sep 7th
    12 Files
  • 8
    Sep 8th
    22 Files
  • 9
    Sep 9th
    17 Files
  • 10
    Sep 10th
    19 Files
  • 11
    Sep 11th
    3 Files
  • 12
    Sep 12th
    2 Files
  • 13
    Sep 13th
    15 Files
  • 14
    Sep 14th
    16 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    7 Files
  • 17
    Sep 17th
    13 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close