seeing is believing
Showing 76 - 100 of 746 RSS Feed

File Upload Files

Notes 4.5 Arbitrary File Upload
Posted May 10, 2016
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Notes version 4.5 for iOS suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
systems | ios
MD5 | 4febbab5b43fa042bdd014d05495b7db
Advantech WebAccess 8.0 Dashboard Viewer Arbitrary File Upload
Posted Apr 22, 2016
Authored by rgod, Zhou Yu | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability found in Advantech WebAccess 8.0. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebAccess Dashboard Viewer. Insufficient validation within the uploadImageCommon function in the UploadAjaxAction script allows unauthenticated callers to upload arbitrary code (instead of an image) to the server, which will then be executed under the high-privilege context of the IIS AppPool.

tags | exploit, remote, arbitrary, file upload
advisories | CVE-2016-0854
MD5 | 0cd699d2ba08a1eea8e330908b98312a
Exponent CMS 2.3.5 File Upload Cross Site Scripting
Posted Apr 21, 2016
Authored by Sachin Wagh

Exponent CMS version 2.3.5 suffers from a file upload vulnerability that allows for cross site scripting.

tags | exploit, xss, file upload
advisories | CVE-2015-8684
MD5 | b037db1157567f017d07398a919ac6b4
Novell ServiceDesk Authenticated File Upload
Posted Apr 18, 2016
Authored by Pedro Ribeiro | Site metasploit.com

This Metasploit module exploits an authenticated arbitrary file upload via directory traversal to execute code on the target. It has been tested on versions 6.5 and 7.1.0, in Windows and Linux installations of Novell ServiceDesk, as well as the Virtual Appliance provided by Novell.

tags | exploit, arbitrary, file upload
systems | linux, windows
advisories | CVE-2016-1593
MD5 | d722296cd47cfba9661f305b5965b0a7
EMC Unisphere For VMAX Virtual Appliance File Upload
Posted Apr 15, 2016
Site emc.com

EMC Unisphere for VMAX Virtual Appliance contains a fix for an arbitrary file upload vulnerability. This vulnerability could expose the VMAX Virtual Appliance to be potentially compromised by malicious users. EMC Unisphere for VMAX Virtual Appliance version prior to 8.2.0 are affected.

tags | advisory, arbitrary, file upload
advisories | CVE-2016-0889
MD5 | 8d9239114253b2404de3a1ad4be2cedd
AirOS 6.x Arbitrary File Upload
Posted Apr 15, 2016
Authored by Vincent Yiu

AirOS version 6.x suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | 4048504f5593441fb36630e9feade057
Dell KACE K1000 File Upload
Posted Apr 13, 2016
Authored by Brendan Coles, Bradley Austin | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in Kace K1000 versions 5.0 to 5.3, 5.4 prior to 5.4.76849, and 5.5 prior to 5.5.90547 which allows unauthenticated users to execute arbitrary commands under the context of the 'www' user. This Metasploit module also abuses the 'KSudoClient::RunCommandWait' function to gain root privileges. This Metasploit module has been tested successfully with Dell KACE K1000 version 5.3.

tags | exploit, arbitrary, root, file upload
MD5 | c04ab65765d94cdc1e56b808b44fc1bc
Novell Service Desk 7.1.0 Code Execution / Information Disclosure
Posted Apr 11, 2016
Authored by Pedro Ribeiro

Novell Service Desk versions 7.1.0 and below suffer from code execution, information disclosure, cross site scripting, remote file upload, HQL injection, and traversal vulnerabilities.

tags | exploit, remote, vulnerability, code execution, xss, info disclosure, file upload
advisories | CVE-2016-1593, CVE-2016-1594, CVE-2016-1595, CVE-2016-1596
MD5 | 96ca11a4d3ed6007f2182749ed202e09
BugCrowd CSV Injection
Posted Apr 4, 2016
Authored by Hack Ex

BugCrowd's file upload allows for CSVs that may have malicious formulas in them.

tags | exploit, file upload
MD5 | 3b24f437b0b15d5a61aaf99bd723b3e0
Apache Jetspeed Arbitrary File Upload
Posted Mar 31, 2016
Authored by wvu, Andreas Lindh | Site metasploit.com

This Metasploit module exploits the unsecured User Manager REST API and a ZIP file path traversal in Apache Jetspeed-2, versions 2.3.0 and unknown earlier versions, to upload and execute a shell. Note: this exploit will create, use, and then delete a new admin user. Warning: in testing, exploiting the file upload clobbered the web interface beyond repair. No workaround has been found yet. Use this module at your own risk. No check will be implemented.

tags | exploit, web, shell, file upload
advisories | CVE-2016-0709, CVE-2016-0710
MD5 | 55991d9f8e870de6ba19c6811c89f66b
Easy Hosting Control Panel 0.37.9 Bypass / File Upload / Disclosure
Posted Mar 30, 2016
Authored by Kyle Lovett

Easy Hosting Control Panel versions 0.29 through 0.37.9 suffer from information disclosure, authentication bypass, clear text password storage, and remote file upload vulnerabilities.

tags | exploit, remote, vulnerability, bypass, info disclosure, file upload
MD5 | 9d781120ac3ccba338e1aeb6ce565e1c
Kaltura Community Edition 11.1.0-2 Code Execution / File Upload / File Read
Posted Mar 12, 2016
Authored by Daniel Jensen | Site security-assessment.com

The Kaltura platform contains a number of vulnerabilities, allowing unauthenticated users to execute code, read files, and access services listening on the localhost interface. Vulnerabilities present in the application also allow authenticated users to execute code by uploading a file, and perform stored cross site scripting attacks from the Kaltura Management Console into the admin console. Weak cryptographic secret generation allows unauthenticated users to bruteforce password reset tokens for accounts, and allows low level users to perform privilege escalation attacks.

tags | exploit, vulnerability, xss, file upload
MD5 | c7050648ed43cc5d4feaeaa9bf7972f3
WordPress SP Projects And Document Manager 2.5.9.6 XSS / SQL Injection
Posted Mar 7, 2016
Authored by Michael Helwig

WordPress SP Projects and Document Manager plugin version 2.5.9.6 suffers from code execution, cross site scripting, remote shell upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, code execution, xss, sql injection, file upload
MD5 | f0ee8e78d641daa37faf343aa8631f66
WordPress CP Polls 1.0.8 File Upload / Cross Site Scripting
Posted Mar 2, 2016
Authored by Joaquin Ramirez Martinez

WordPress CP Polls plugin version 1.0.8 suffers from a persistent cross site scripting vulnerability via file upload.

tags | exploit, xss, file upload
MD5 | 35799603b69fe6d77b709b4eb08e9805
perfact::mpa Insecure Direct Object Reference
Posted Mar 1, 2016
Authored by Matthias Deeg, Sven Freund

SySS GmbH found out that unauthorized users are able to download arbitrary files of other users that have been uploaded via the file upload functionality. As the file names of uploaded files are incremental integer values, it is possible to enumerate and download all uploaded files without any authorization.

tags | exploit, arbitrary, file upload
MD5 | 144e141f58e04e5f34a3cd1065a4e29a
NETGEAR ProSafe Network Management System 300 Arbitrary File Upload
Posted Feb 29, 2016
Authored by Pedro Ribeiro | Site metasploit.com

Netgear's ProSafe NMS300 is a network management utility that runs on Windows systems. The application has a file upload vulnerability that can be exploited by an unauthenticated remote attacker to execute code as the SYSTEM user. Two servlets are vulnerable, FileUploadController (located at /lib-1.0/external/flash/fileUpload.do) and FileUpload2Controller (located at /fileUpload.do). This Metasploit module exploits the latter, and has been tested with versions 1.5.0.2, 1.4.0.17 and 1.1.0.13.

tags | exploit, remote, file upload
systems | windows
advisories | CVE-2016-1525
MD5 | 3d6c659220bc9733c182c19629aadafe
HD Video Player 2.5 Local File Inclusion / File Upload
Posted Feb 14, 2016
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

HD Video Player version 2.5 suffers from file upload and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, file inclusion, file upload
MD5 | 532e78a8284097e3df06a7d6f96b4ad6
SIMOGEO FileManager 2.3.0 File Upload
Posted Feb 12, 2016
Authored by HaHwul

SIMOGEO FileManager version 2.3.0 suffers from a remote unauthenticated arbitrary file upload vulnerability.

tags | exploit, remote, arbitrary, file upload
MD5 | 072ea1096f8e0d932dfea97fa765fcf4
Yeager CMS 1.2.1 File Upload / SQL Injection / XSS / SSRF
Posted Feb 11, 2016
Authored by P. Morimoto | Site sec-consult.com

Yeager CMS version 1.2.1 suffers from cross site scripting, remote file upload, server-side request forgery, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, file upload
advisories | CVE-2015-7567, CVE-2015-7568, CVE-2015-7569, CVE-2015-7570, CVE-2015-7571, CVE-2015-7572
MD5 | 52c426706da7c84f5ccd2b0fd6939d01
File Sharing Manager 1.0 Local File Inclusion / File Upload
Posted Feb 11, 2016
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

File Sharing Manager version 1.0 suffers from local file inclusion and remote file upload vulnerabilities.

tags | exploit, remote, local, vulnerability, file inclusion, file upload
MD5 | eaedfd5785c0a9dfda966f034d006a98
Symphony CMS 2.6.5 SQL Injection / File Upload
Posted Feb 9, 2016
Authored by Filippo Cavallarin

Symphony CMS version 2.6.5 suffers from remote file upload and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, file upload
MD5 | 5ba5376c7ffba97a3910b4d7ac900c7a
WordPress WP User Frontend 3.4.6 File Upload
Posted Feb 9, 2016
Authored by panVagenas

WordPress WP User Frontend plugin version 3.4.6 suffers from a remote file upload vulnerability.

tags | exploit, remote, file upload
MD5 | 8ca80e8696eb758461a2f13047371196
Mobile Drive Free 1.8 Local File Inclusion / File Upload
Posted Feb 7, 2016
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Mobile Drive Free 1.8 suffers from local file inclusion and remote file upload vulnerabilities.

tags | exploit, remote, local, vulnerability, file inclusion, file upload
MD5 | f991558840cbad3b3ac63e6188d6a9e7
ThumbDrive 1.1 Local File Inclusion / File Upload
Posted Feb 7, 2016
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

ThumbDrive version 1.1 suffers from local file inclusion and remote file upload vulnerabilities.

tags | exploit, remote, local, vulnerability, file inclusion, file upload
MD5 | babfb9997dad35bad5866d2fb7cfc210
osTicket 1.9.12 XSS / File Upload / Access Bypass / Session Fixation
Posted Feb 6, 2016
Authored by Enrico Cinquini, Giovanni Cerrato

osTicket version 1.9.12 suffers from authentication bypass, session fixation, file upload, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, bypass, file upload
MD5 | e4ae9c91f937545f666496593c2c2a23
Page 4 of 30
Back23456Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    8 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close