exploit the possibilities
Showing 1 - 25 of 823 RSS Feed

File Upload Files

CSZ CMS 1.2.1 Arbitrary File Upload
Posted Mar 17, 2019
Authored by Mehmet Emiroglu

CSZ CMS version 1.2.1 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | ad2667b2518dc48fc775c2bce95ae340
CMS Made Simple Showtime2 3.6.2 Arbitrary File Upload
Posted Mar 15, 2019
Authored by Daniele Scanu

CMS Made Simple Showtime2 module version 3.6.2 suffers from an authenticated arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
advisories | CVE-2019-9692
MD5 | 2221652ee89c73f5809f4205dcbfb0d2
Booked Scheduler 2.7.5 Remote Command Execution
Posted Mar 5, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits a file upload vulnerability Booked 2.7.5. In the "Look and Feel" section of the management panel, you can modify the Logo-Favico-CSS files. Upload sections has file extension control except favicon part. You can upload the file with the extension you want through the Favicon field. The file you upload is written to the main directory of the site under the name "custom-favicon". After you upload the php payload to the main directory, the exploit executes the payload and receives a shell.

tags | exploit, shell, php, file upload
MD5 | d99806184924b3c9ff46a07a219526b9
Feng Office 3.7.0.5 Remote Command Execution
Posted Feb 28, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability in Feng Office version 3.7.0.5. The application allows unauthenticated users to upload arbitrary files. There is no control of any session. All files are sent under /tmp directory. The .htaccess file under the /tmp directory prevents files with the php, php2, and php3 extensions. This exploit creates the php payload and moves the payload to the main directory via shtml. After moving the php payload to the main directory, the exploit executes payload and receives a shell.

tags | exploit, arbitrary, shell, php, file upload
MD5 | fd4c717a95e850f0b81235df10b31b52
Joomla Alberghi 2.1.3 File Upload / SQL Injection
Posted Feb 27, 2019
Authored by KingSkrupellos

Joomla Alberghi component version 2.1.3 suffers from arbitrary file upload and remote SQL injection vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, sql injection, file upload
MD5 | e9ac9d615c9d64ae523ed189c083e1c9
Webiness Inventory 2.3 Arbitrary File Upload
Posted Feb 19, 2019
Authored by Mehmet Emiroglu

Webiness Inventory version 2.3 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
advisories | CVE-2019-8404
MD5 | 73c24a7e6e180538e4d37581306f9149
Zoho ManageEngine ServiceDesk Plus (SDP) Arbitrary File Upload
Posted Feb 19, 2019
Authored by Dao Duy Hung

Zoho ManageEngine ServiceDesk Plus (SDP) versions prior to 10.0 build 10012 suffer from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
advisories | CVE-2019-8394
MD5 | 0550a15a99693c1fd9ccbf83909a337a
UniSharp Laravel File Manager 2.0.0-alpha7 Arbitrary File Upload
Posted Feb 15, 2019
Authored by Mohammad Danish

UniSharp Laravel File Manager version 2.0.0-alpha7 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | 4b844402ebcb3ecb1af226481accbefd
WordPress Jssor-Slider 3.1.24 Cross Site Request Forgery / File Upload
Posted Feb 14, 2019
Authored by KingSkrupellos

WordPress Jssor-Slider plugin version 3.1.24 suffers from cross site request forgery and remote file upload vulnerabilities.

tags | exploit, remote, vulnerability, file upload, csrf
MD5 | f7eac41409534851aa3d5cda1ce85010
TinyMCE JBimages 3.x JustBoilMe Arbitrary File Upload
Posted Feb 14, 2019
Authored by KingSkrupellos

TinyMCE JBimages plugin versions 3.x from JustBoilMe suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | 9b975cf5bb98fdb6ec65718c028992a3
Slims CMS Senayan Library Management System 7.0 Shell Upload
Posted Feb 14, 2019
Authored by KingSkrupellos

Slims CMS Senayan Library Management System version 7.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, file upload
MD5 | d5be7d73783868baa48653a63e6a6a0d
RVSiteBuilder RVGlobalSoft CMS 7.0 Bypass / Disclosure / SQL Injection
Posted Feb 14, 2019
Authored by KingSkrupellos

RVSiteBuilder RVGlobalSoft CMS version 7.0 suffers from bypass, database disclosure, file download, path disclosure, remote file upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure, file upload
MD5 | 3c019473a8382ff8cf5b15499f6ea3ab
Joomla RSForm 1.5 Database Disclosure / SQL Injection
Posted Feb 5, 2019
Authored by KingSkrupellos

Joomla RSForm component version 1.5 suffers from database disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure, file upload
MD5 | e2524bc32be163c37b6de12a3f46091c
Blueimp jQuery File Upload 9.22.0 Arbitrary File Upload
Posted Jan 17, 2019
Authored by Larry W. Cashdollar

Blueimp jQuery File Upload versions 9.22.0 and below suffer from a remote file upload vulnerability.

tags | exploit, remote, file upload
advisories | CVE-2018-9206
MD5 | e2fcb7c12aedd4cbe1a64e468bb035e4
Web Design SQL Injection 2019/01/16
Posted Jan 16, 2019
Authored by KingSkrupellos

Desarrollado por Creator Solution Argentina, Desarrollado por Diaz Creativos Venezuella, Desenvolvido por Ritech Sistemas Brazil, Desarrollado por Rodrigo Guidetti RG21 Argentina, and Criacao sitesrapidos.com.br Web Design Brazil suffer from remote SQL injection vulnerabilities. Desarrollado por Diaz Creativos Venezuella also suffers from a file upload vulnerability.

tags | exploit, remote, web, vulnerability, sql injection, file upload
MD5 | fc93865a9d598af487c83d0b9afc4afc
Adobe Coldfusion 11 CKEditor Arbitrary File Upload
Posted Jan 10, 2019
Authored by Vahagn Vardanian, Pete Freitag de Foundeo, Qazeer | Site metasploit.com

A file upload vulnerability exists in the CKEditor of Adobe ColdFusion 11 (Update 14 and earlier).

tags | exploit, file upload
advisories | CVE-2018-15961
MD5 | 1295c307779f896cb864d27811f2dbd7
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 XSS
Posted Jan 7, 2019
Authored by LiquidWorm | Site zeroscience.mk

Leica Geosystems GR10/GR25/GR30/GR50 GNSS version 4.30.063 suffers from a stored cross site scripting vulnerability. The issue is triggered via unrestricted file upload while restoring a config file allowing the attacker to upload an html or javascript file that will be stored in /settings/poc.html. This can be exploited to execute arbitrary HTML or JS code in a user's browser session in context of an affected site.

tags | exploit, arbitrary, javascript, xss, file upload
MD5 | c29aaada51feda9d709457babad0536e
Roxy Fileman 1.4.5 File Upload / Directory Traversal
Posted Jan 7, 2019
Authored by Pongtorn Angsuchotmetee, Vittawat Masaree

Roxy Fileman version 1.4.5 suffers from remote file upload and directory traversal vulnerabilities.

tags | exploit, remote, vulnerability, file inclusion, file upload
advisories | CVE-2018-20525, CVE-2018-20526
MD5 | f18d3ae1fe4f8aea768cdfcb18391024
Joomla JCE 2.6.33 Arbitrary File Upload
Posted Dec 1, 2018
Authored by KingSkrupellos

Joomla JCE component versions 2.6.7.1 through 2.6.33 suffer from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | 5c23c1abd98f1e33707301cc61401134
Miss Marple Enterprise Edition File Upload / Hardcoded AES Key
Posted Nov 21, 2018
Authored by Marius Schwarz | Site sec-consult.com

Miss Marple Enterprise Edition versions prior to 2.0 suffer from arbitrary file upload, hardcoded AES key, validation bypass, and other vulnerabilities.

tags | advisory, arbitrary, vulnerability, file upload
advisories | CVE-2018-19233, CVE-2018-19234
MD5 | 5fc5d23b1a1b5d01c8a5758c57afca63
Alive Parish 2.0.4 File Upload / SQL Injection
Posted Nov 14, 2018
Authored by Ihsan Sencan

Alive Parish version 2.0.4 suffers from remote file upload and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, file upload
MD5 | d2b89a0fba49d3310072b02564c19b23
Cisco Prime Infrastructure Unauthenticated Remote Code Execution
Posted Nov 13, 2018
Authored by Pedro Ribeiro | Site metasploit.com

Cisco Prime Infrastructure (CPI) contains two basic flaws that when exploited allow an unauthenticated attacker to achieve remote code execution. The first flaw is a file upload vulnerability that allows the attacker to upload and execute files as the Apache Tomcat user; the second is a privilege escalation to root by bypassing execution restrictions in a SUID binary. This Metasploit module exploits these vulnerabilities to achieve unauthenticated remote code execution as root on the CPI default installation. This Metasploit module has been tested with CPI 3.2.0.0.258 and 3.4.0.0.348. Earlier and later versions might also be affected, although 3.4.0.0.348 is the latest at the time of writing. The file upload vulnerability should have been fixed in versions 3.4.1 and 3.3.1 Update 02.

tags | exploit, remote, root, vulnerability, code execution, file upload
systems | cisco
advisories | CVE-2018-15379
MD5 | 2c9170145359581c4c8d1c13f564bce3
blueimp jQuery Arbitrary File Upload
Posted Nov 5, 2018
Authored by Larry W. Cashdollar, wvu, Claudio Viviani | Site metasploit.com

This Metasploit module exploits an arbitrary file upload in the sample PHP upload handler for blueimp's jQuery File Upload widget in versions 9.22.0 and below. Due to a default configuration in Apache 2.3.9+, the widget's .htaccess file may be disabled, enabling exploitation of this vulnerability. This vulnerability has been exploited in the wild since at least 2015 and was publicly disclosed to the vendor in 2018. It has been present since the .htaccess change in Apache 2.3.9. This Metasploit module provides a generic exploit against the jQuery widget.

tags | exploit, arbitrary, php, file upload
advisories | CVE-2018-9206
MD5 | dc66674939d313842bacc7cddcbdd16c
School Event Management System 1.0 Shell Upload
Posted Oct 29, 2018
Authored by Ihsan Sencan

School Event Management System version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, file upload
advisories | CVE-2018-18793
MD5 | 22cc8d03383f452cd7bd0eb86aa46ab6
MPS Box 0.1.8.0 Arbitrary File Upload
Posted Oct 26, 2018
Authored by Ihsan Sencan

MPS Box version 0.1.8.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | ccab64508e10d8e12c3713d79de0baf6
Page 1 of 33
Back12345Next

File Archive:

March 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    15 Files
  • 2
    Mar 2nd
    5 Files
  • 3
    Mar 3rd
    3 Files
  • 4
    Mar 4th
    25 Files
  • 5
    Mar 5th
    20 Files
  • 6
    Mar 6th
    16 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    12 Files
  • 9
    Mar 9th
    3 Files
  • 10
    Mar 10th
    4 Files
  • 11
    Mar 11th
    23 Files
  • 12
    Mar 12th
    12 Files
  • 13
    Mar 13th
    12 Files
  • 14
    Mar 14th
    19 Files
  • 15
    Mar 15th
    12 Files
  • 16
    Mar 16th
    3 Files
  • 17
    Mar 17th
    1 Files
  • 18
    Mar 18th
    15 Files
  • 19
    Mar 19th
    22 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close