Exploit the possiblities
Showing 51 - 75 of 748 RSS Feed

File Upload Files

SweetRice 1.5.1 File Upload
Posted Nov 3, 2016
Authored by Ehsan Hosseini

SweetRice version 1.5.1 suffers from a remote file upload vulnerability.

tags | exploit, remote, file upload
MD5 | 2a6f7eb53a61263e6d355594fb03699a
Moodle CMS 3.1.2 Cross Site Scripting / File Upload
Posted Nov 1, 2016
Authored by Vadodil Joel Varghese

Moodle CMS versions 3.1.2 and below suffer from cross site scripting and file upload vulnerabilities.

tags | exploit, vulnerability, xss, file upload
MD5 | fb0b95632547a001049bdae7e3d18171
WordPress Userpro Remote File Upload
Posted Oct 21, 2016
Authored by T3rm!nat0r5 | Site metasploit.com

This Metasploit module exploits an arbitrary PHP code upload in thewordpress Ifileupload plugin, The vulnerability allows for unauthorization file upload and remote code execution.

tags | exploit, remote, arbitrary, php, code execution, file upload
MD5 | e488687e807e8098cbec133d782598c0
CNDSOFT 2.3 Cross Site Request Forgery / Shell Upload
Posted Oct 20, 2016
Authored by Besim

CNDSOFT version 2.3 suffers from cross site request forgery and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, file upload, csrf
MD5 | 38118e0e98ba2462b18cd31e9c504cca
Ruby on Rails Dynamic Render File Upload Remote Code Execution
Posted Oct 13, 2016
Site metasploit.com

This Metasploit module exploits a remote code execution vulnerability in the explicit render method when leveraging user parameters. This Metasploit module has been tested across multiple versions of Ruby on Rails. The technique used by this module requires the specified endpoint to be using dynamic render paths. Also, the vulnerable target will need a POST endpoint for the TempFile upload, this can literally be any endpoint. This Metasploit module does not use the log inclusion method of exploitation due to it not being universal enough. Instead, a new code injection technique was found and used whereby an attacker can upload temporary image files against any POST endpoint and use them for the inclusion attack. Finally, you only get one shot at this if you are testing with the builtin rails server, use caution.

tags | exploit, remote, code execution, file upload, ruby
advisories | CVE-2016-0752
MD5 | 330df82eae0981c2ca7cc8777a63a53c
Forbiz Infoway CMS File Upload / Cross Site Scripting
Posted Oct 7, 2016
Authored by M.R.S.L.Y

Forbiz Infoway CMS suffers from cross site scripting and remote file upload vulnerabilities.

tags | exploit, remote, vulnerability, xss, file upload
MD5 | cf087eb872d7b1021640d1d09a7e2744
EMC ViPR SRM XSS / CSRF / File Upload / Brute Force
Posted Sep 13, 2016
Site emc.com

EMC ViPR SRM versions prior to 3.7.2 suffer from cross site request forgery, cross site scripting, brute force, and remote file upload vulnerabilities.

tags | advisory, remote, vulnerability, xss, file upload, csrf
advisories | CVE-2016-0922, CVE-2016-6641, CVE-2016-6642, CVE-2016-6643
MD5 | 35b4414787c6f34d8dd86c193785b71b
WordPress Cubed Theme 1.2 CSRF / File Upload
Posted Sep 9, 2016
Authored by howucan

WordPress Cubed theme version 1.2 suffers from cross site request forgery and remote file upload vulnerabilities.

tags | exploit, remote, vulnerability, file upload, csrf
MD5 | fa4196605f52b02f8cd82e5c9562d32e
Jobberbase 2.0 Disclosure / XSS / Code Execution / Upload
Posted Sep 8, 2016
Authored by Ross Marks

Jobberbase version 2.0 suffers from code execution, open redirect, path disclosure, unrestricted file upload, and SQL injection vulnerabilities.

tags | exploit, vulnerability, code execution, xss, sql injection, info disclosure, file upload
MD5 | fe6cd5ec5043dc4c0ac9d9e0f99b84be
BSNL Teracom Router Firmware Rewrite / Link Modification
Posted Sep 3, 2016
Authored by Ajay Gowtham

BSNL Teracom routers suffer from a firmware rewrite via unrestricted file upload issue and a link modification issue.

tags | exploit, file upload
MD5 | c08a87b7f8ebdcb824d75caf9d0045ab
Barracuda Web App Firewall/Load Balancer Post Auth Remote Root Exploit (2)
Posted Jul 26, 2016
Authored by Russell Sanford | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in the Barracuda Web App Firewall Firmware Version <= 8.0.1.007 and Load Balancer Firmware <= v5.4.0.004 by exploiting a two vulnerabilities in the web administration interface. The first bug leverages a Arbitrary File Upload vulnerability to create a malicious file containing shell commands before using a second bug meant to clean up left-over core files on the device to execute them. By sending a specially crafted requests it's possible to inject system commands while escalating to root do to relaxed sudo configurations on the appliances.

tags | exploit, remote, web, arbitrary, shell, root, vulnerability, file upload
MD5 | e1652406ee326c56040c4cfc3a3a472c
Tiki Wiki 15.1 Unauthenticated File Upload
Posted Jul 12, 2016
Authored by Mehmet Ince | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in Tiki Wiki versions 15.1 and below which could be abused to allow unauthenticated users to execute arbitrary code under the context of the web server user. The issue comes with one of the 3rd party components. Name of that components is ELFinder -version 2.0-. This components comes with default example page which demonstrates file operations such as upload, remove, rename, create directory etc. Default configuration does not force validations such as file extension, content-type etc. Thus, unauthenticated user can upload PHP file. The exploit has been tested on Debian 8.x 64-bit and Tiki Wiki 15.1.

tags | exploit, web, arbitrary, php, file upload
systems | linux, debian
MD5 | 75ff5f78056283806bf48c4b08b4edfc
GNU Wget Arbitrary File Upload / Potential Remote Code Execution
Posted Jul 6, 2016
Authored by Dawid Golunski

GNU Wget versions prior to 1.18 suffer from an arbitrary file upload vulnerability that may allow for remote code execution.

tags | exploit, remote, arbitrary, code execution, file upload
advisories | CVE-2016-4971
MD5 | c1bff7c5ea44db8d87e028c13050cabc
Teampass 2.1.26 Arbitrary File Upload
Posted Jul 6, 2016
Authored by Peter Kok | Site vulnerability-lab.com

Teampass version 2.1.26 suffers from a remote authenticated file upload vulnerability that may allow for code execution.

tags | exploit, remote, code execution, file upload
MD5 | f26594fd5dac0172639bf267355e99df
Nagios XI Chained Remote Code Execution
Posted Jul 6, 2016
Authored by wvu, Francesco Oddo | Site metasploit.com

This Metasploit module exploits an SQL injection, auth bypass, file upload, command injection, and privilege escalation in Nagios XI <= 5.2.7 to pop a root shell.

tags | exploit, shell, root, sql injection, file upload
MD5 | f70bea86a23da44db72654aedbe0c274
WordPress CodeCanyon Real3D FlipBook 2.18.8 File Deletion / Upload / XSS
Posted Jul 5, 2016
Authored by Mukarram Khalid

WordPress CodeCanyon Real3D FlipBook plugin version 2.18.8 suffers from unauthenticated file deletion, file upload, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, file upload
MD5 | a6f0fad26239bf3152b28b3b1ba8e436
Debian Security Advisory 3614-1
Posted Jul 2, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3614-1 - The TERASOLUNA Framework Development Team discovered a denial of service vulnerability in Apache Commons FileUpload, a package to make it easy to add robust, high-performance, file upload capability to servlets and web applications. A remote attacker can take advantage of this flaw by sending file upload requests that cause the HTTP server using the Apache Commons Fileupload library to become unresponsive, preventing the server from servicing other requests.

tags | advisory, remote, web, denial of service, file upload
systems | linux, debian
advisories | CVE-2016-3092
MD5 | 8842da40ae7c42b85da4c1c180d199b4
Debian Security Advisory 3611-1
Posted Jun 30, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3611-1 - The TERASOLUNA Framework Development Team discovered a denial of service vulnerability in Apache Commons FileUpload, a package to make it easy to add robust, high-performance, file upload capability to servlets and web applications. A remote attacker can take advantage of this flaw by sending file upload requests that cause the HTTP server using the Apache Commons Fileupload library to become unresponsive, preventing the server from servicing other requests.

tags | advisory, remote, web, denial of service, file upload
systems | linux, debian
advisories | CVE-2016-3092
MD5 | eaa31806900c66154bd56d14b7920190
Sierra Wireless AirLink Raven XE Industrial 3G Gateway CSRF / File Upload
Posted Jun 23, 2016
Authored by Karn Ganeshen

Sierra Wireless AirLink Raven XE Industrial 3G Gateway suffers from cross site request forgery, information disclosure, and remote file upload vulnerabilities.

tags | exploit, remote, vulnerability, info disclosure, file upload, csrf
MD5 | 3e6d79e2ff5f919a1799a9ffb4c203b2
Getsimple CMS 3.3.10 Shell Upload
Posted Jun 23, 2016
Authored by s0nk3y

Getsimple CMS versions 3.3.10 and below suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell, file upload
MD5 | c539f6d7da6408ce658be6ae9c0c17bb
WordPress Contus Video Comments 1.0 File Upload
Posted Jun 22, 2016
Authored by Larry W. Cashdollar

WordPress Contus Video Comments plugin version 1.0 suffers from a remote file upload vulnerability.

tags | exploit, remote, file inclusion, file upload
MD5 | 878ac11298bc7d34f344850054ac0a6d
Wolf CMS 0.8.2 Arbitrary PHP File Upload
Posted Jun 22, 2016
Authored by Nahendra Bhati, Rahmat Nurfauzi | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in Wolf CMS version 0.8.2. This application has an upload feature that allows an authenticated user with administrator roles to upload arbitrary files to the '/public' directory.

tags | exploit, arbitrary, file upload
advisories | CVE-2015-6567, CVE-2015-6568
MD5 | 66beb761f39c59b3da55b23a9f9564fc
Relay Ajax Directory Manager 1.5.3 File Upload / Command Execution
Posted May 31, 2016
Site redteam-pentesting.de

Relay Ajax Directory Manager versions relayb01-071706, 1.5.1, and 1.5.3 suffer from an unauthenticated file upload vulnerability that can result in a shell upload.

tags | exploit, shell, file upload
MD5 | 70c083691ddb4ee8164629e359687241
WordPress Ninja Forms Unauthenticated File Upload
Posted May 27, 2016
Authored by Rob Carr, James Golovich | Site metasploit.com

Versions 2.9.36 to 2.9.42 of the Ninja Forms plugin contain an unauthenticated file upload vulnerability, allowing guests to upload arbitrary PHP code that can be executed in the context of the web server.

tags | exploit, web, arbitrary, php, file upload
advisories | CVE-2016-1209
MD5 | f03f7b3010a384cc311fa74d6dc49d0f
Oracle ATS Arbitrary File Upload
Posted May 24, 2016
Authored by wvu, Zhou Yu | Site metasploit.com

This Metasploit module exploits an authentication bypass and arbitrary file upload in Oracle Application Testing Suite (OATS), version 12.4.0.2.0 and unknown earlier versions, to upload and execute a JSP shell.

tags | exploit, arbitrary, shell, file upload
MD5 | 70475f3d47267994bd9b861afc21614b
Page 3 of 30
Back12345Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close