exploit the possibilities
Showing 1 - 25 of 852 RSS Feed

File Upload Files

Joomla GMapFP 3.30 Arbitrary File Upload
Posted Mar 25, 2020
Authored by thelastvvv

Joomla GMapFP component version 3.30 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | ff385678ff3635685901b5f601407cc8
DotNetNuke CMS 9.5.0 File Extension Check Bypass
Posted Feb 24, 2020
Authored by Sajjad Pourali

DotNetNuke CMS version 9.5.0 suffers from file extension check bypass vulnerability that allows for arbitrary file upload.

tags | exploit, arbitrary, bypass, file upload
advisories | CVE-2020-5188
MD5 | b8d76ca694f11feae28306337a7aab8e
SmartClient 120 Information Disclosure / XML Injection / LFI / Code Execution
Posted Feb 19, 2020
Authored by Certimeter Group Red Team

SmartClient version 120 suffers from information disclosure, local file inclusion, remote file upload, and XML external entity injection vulnerabilities.

tags | exploit, remote, local, vulnerability, file inclusion, info disclosure, file upload
MD5 | 57f8471ef038330e69a08ce5bd6f84a5
Online Book Store 1.0 Arbitrary File Upload
Posted Jan 16, 2020
Authored by Or4nG.M4N

Online Book Store version 1.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | c3242a78aae097bf85be645f4e3403ec
Centraleyezer Shell Upload
Posted Nov 15, 2019
Authored by Omayr Zanata

Centraleyezer suffers from a remote shell upload vulnerability.

tags | advisory, remote, shell, file upload
advisories | CVE-2019-12271
MD5 | f78de30c506095184f3833df70fa0eb0
Optergy 2.3.0a Remote Root
Posted Nov 12, 2019
Authored by LiquidWorm | Site applied-risk.com

Optergy versions 2.3.0a and below authenticated file upload remote root code execution exploit.

tags | exploit, remote, root, code execution, file upload
advisories | CVE-2019-7274
MD5 | f65d6a3bb4f0613c29b924c18b98dc3d
Linear eMerge E3 1.00-06 Arbitrary File Upload Remote Root Code Execution
Posted Nov 12, 2019
Authored by LiquidWorm | Site applied-risk.com

Linear eMerge E3 versions 1.00-06 and below arbitrary file upload remote root code execution exploit.

tags | exploit, remote, arbitrary, root, code execution, file upload
advisories | CVE-2019-7257
MD5 | 7cb54d49b3539c9a3b2258832481a863
IBM Bigfix Platform 9.5.9.62 Arbitary File Upload / Code Execution
Posted Oct 7, 2019
Authored by Jakub Palaczynski

IBM Bigfix Platform version 9.5.9.62 suffers from an arbitrary file upload vulnerability as root that can achieve remote code execution.

tags | exploit, remote, arbitrary, root, code execution, file upload
advisories | CVE-2019-4013
MD5 | 8ae1f789332dbd08c91e2e0e13536381
Dokeos 1.8.6.1 / 1.8.6.3 Arbitrary File Upload
Posted Sep 21, 2019
Authored by Sohel Yousef

Dokeos versions 1.8.6.1 and 1.8.6.3 suffer from a remote file upload vulnerability via an fckeditor.

tags | exploit, remote, file upload
MD5 | cccfa27ec741adad16c37ee8e387648a
FileThingie 2.5.7 Remote Shell Upload
Posted Sep 3, 2019
Authored by Cakes

FileThingie version 2.5.7 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, file upload
MD5 | 6d9ec5722ce5ba1f24346ee0dacfcb96
Cisco Data Center Network Manager Unauthenticated Remote Code Execution
Posted Sep 2, 2019
Authored by Pedro Ribeiro | Site metasploit.com

DCNM exposes a file upload servlet (FileUploadServlet) at /fm/fileUpload. An authenticated user can abuse this servlet to upload a WAR to the Apache Tomcat webapps directory and achieve remote code execution as root. This module exploits two other vulnerabilities, CVE-2019-1619 for authentication bypass on versions 10.4(2) and below, and CVE-2019-1622 (information disclosure) to obtain the correct directory for the WAR file upload. This module was tested on the DCNM Linux virtual appliance 10.4(2), 11.0(1) and 11.1(1), and should work on a few versions below 10.4(2). Only version 11.0(1) requires authentication to exploit (see References to understand why).

tags | exploit, remote, root, vulnerability, code execution, info disclosure, file upload
systems | linux
advisories | CVE-2019-1619, CVE-2019-1620, CVE-2019-1622
MD5 | 36ee8d3d9c4f34baf4548adaddbd4e36
Sentrifugo 3.2 File Upload Restriction Bypass
Posted Aug 30, 2019
Authored by creosote

Sentrifugo version 3.2 suffers from a file upload restriction bypass vulnerability.

tags | exploit, bypass, file upload
advisories | CVE-2019-15813
MD5 | 655fed3acb14010214d2abf09b493d71
Integria IMS 5.0.86 Arbitrary File Upload
Posted Aug 16, 2019
Authored by Greg Priest

Integria IMS version 5.0.86 suffers from an arbitrary file upload vulnerability that allows for remote command execution.

tags | exploit, remote, arbitrary, file upload
MD5 | e5093a3f5921350e30fd4ec8f1a6f85e
osTicket 1.12 File Upload Cross Site Scripting
Posted Aug 11, 2019
Authored by Aishwarya Iyer

An issue was discovered in osTicket versions before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer (or no) mitigations implemented for file content checks; also, the output is not handled properly, causing persistent XSS that leads to cookie stealing or malicious actions.

tags | exploit, xss, file upload
advisories | CVE-2019-14748
MD5 | 30af527bf5f52753a65db1508f231501
Baldr Botnet Panel Shell Upload
Posted Aug 8, 2019
Authored by Ege Balci | Site metasploit.com

This Metasploit module exploits the file upload vulnerability of baldr malware panel in order to achieve arbitrary code execution.

tags | exploit, arbitrary, code execution, file upload
MD5 | 778905bbbb01d90fd4b94eba8679d244
ATutor 2.2.4 Arbitrary File Upload / Command Execution
Posted Aug 5, 2019
Authored by liquidsky

ATutor version 2.2.4 suffers from a language_import arbitrary file upload that allows for command execution.

tags | exploit, arbitrary, file upload
advisories | CVE-2019-12169
MD5 | 10f2847e6a58a0575b56deca98bf9ceb
Ahsay Backup 7.x / 8.x File Upload / Remote Code Execution
Posted Jul 26, 2019
Authored by Wietse Boonstra | Site metasploit.com

This Metasploit module exploits an authenticated insecure file upload and code execution flaw in Ahsay Backup versions 7.x through 8.1.1.50. To successfully execute the upload credentials are needed, default on Ahsay Backup trial accounts are enabled so an account can be created. It can be exploited in Windows and Linux environments to get remote code execution (usually as SYSTEM). This module has been tested successfully on Ahsay Backup v8.1.1.50 with Windows 2003 SP2 Server. Because of this flaw all connected clients can be configured to execute a command before the backup starts. Allowing an attacker to takeover even more systems and make it rain shells!

tags | exploit, remote, shell, code execution, file upload
systems | linux, windows
advisories | CVE-2019-10267
MD5 | 0c0971f123e2d1e301ee70a83a0ecda1
Ahsay Backup 7.x / 8.x File Upload / Remote Code Execution
Posted Jul 26, 2019
Authored by Wietse Boonstra

Ahsay Backup versions 7.x through 8.1.1.50 suffer from authenticated arbitrary file upload and remote code execution vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, code execution, file upload
advisories | CVE-2019-10267
MD5 | 8fd75cbde81ba7a873b5e8945de0c63e
Cisco Data Center Network Manager 11.1(1) Remote Code Execution
Posted Jul 8, 2019
Authored by Pedro Ribeiro

Cisco Data Center Network Manager (DCNM) versions 11.1(1) and below suffer from authentication bypass, arbitrary file upload, arbitrary file download, and information disclosure vulnerabilities.

tags | exploit, arbitrary, vulnerability, info disclosure, file upload
systems | cisco
advisories | CVE-2019-1619, CVE-2019-1620, CVE-2019-1621, CVE-2019-1622
MD5 | 2bd84aa0b859d4eb5b1a69ff91efea19
WordPress Satoshi 2.0 Cross Site Request Forgery / File Upload
Posted Jun 5, 2019
Authored by KingSkrupellos

WordPress Satoshi theme version 2.0 suffers from cross site request forgery and remote file upload vulnerabilities.

tags | exploit, remote, vulnerability, file upload, csrf
MD5 | c35cb6f75567c153b011c7612c626cf3
Joomla Attachments 3.x File Upload
Posted May 26, 2019
Authored by KingSkrupellos

Joomla Attachments component version 3.x suffers from a remote file upload vulnerability.

tags | exploit, remote, file upload
MD5 | bd20ed03288d4577ce8abcb06613d91d
eLabFTW 1.8.5 Arbitrary File Upload / Remote Code Execution
Posted May 20, 2019
Authored by liquidsky

eLabFTW version 1.8.5 suffers from arbitrary file upload and code execution vulnerabilities.

tags | exploit, arbitrary, vulnerability, code execution, file upload
MD5 | 06d4ec4d3b23c885e233b14310048edc
GetSimpleCMS 3.3.15 Remote Code Execution
Posted May 16, 2019
Authored by truerand0m | Site metasploit.com

This Metasploit module exploits a remote code execution vulnerability found in GetSimpleCMS versions 3.3.15 and below. An arbitrary file upload (PHPcode for example) vulnerability can be triggered by an authenticated user, however authentication can be bypassed by leaking the cms API key to target the session manager.

tags | exploit, remote, arbitrary, code execution, file upload
advisories | CVE-2019-11231
MD5 | 6062088ad83896c13ad8c78e57d1baf2
GAT-Ship Web Module Unrestricted File Upload
Posted Apr 26, 2019
Authored by Gionathan Reale

GAT-Ship Web Module versions prior to 1.40 suffer from an unrestricted file upload vulnerability.

tags | advisory, web, file upload
advisories | CVE-2019-11028
MD5 | 8c2fb3fc6426dc78470e27e9dc57cdb0
ATutor file_manager Remote Code Execution
Posted Apr 12, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module allows the user to run commands on the server with the teacher user privilege. The 'Upload files' section in the 'File Manager' field contains an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | 720c50c8ee708b2b3df793d3b1d82de3
Page 1 of 35
Back12345Next

File Archive:

March 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    2 Files
  • 2
    Mar 2nd
    18 Files
  • 3
    Mar 3rd
    15 Files
  • 4
    Mar 4th
    12 Files
  • 5
    Mar 5th
    19 Files
  • 6
    Mar 6th
    8 Files
  • 7
    Mar 7th
    1 Files
  • 8
    Mar 8th
    1 Files
  • 9
    Mar 9th
    11 Files
  • 10
    Mar 10th
    15 Files
  • 11
    Mar 11th
    9 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    13 Files
  • 14
    Mar 14th
    10 Files
  • 15
    Mar 15th
    13 Files
  • 16
    Mar 16th
    27 Files
  • 17
    Mar 17th
    15 Files
  • 18
    Mar 18th
    23 Files
  • 19
    Mar 19th
    25 Files
  • 20
    Mar 20th
    10 Files
  • 21
    Mar 21st
    6 Files
  • 22
    Mar 22nd
    1 Files
  • 23
    Mar 23rd
    22 Files
  • 24
    Mar 24th
    15 Files
  • 25
    Mar 25th
    22 Files
  • 26
    Mar 26th
    20 Files
  • 27
    Mar 27th
    15 Files
  • 28
    Mar 28th
    10 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close