Exploit the possiblities
Showing 76 - 100 of 769 RSS Feed

File Upload Files

Ruby on Rails Dynamic Render File Upload Remote Code Execution
Posted Oct 13, 2016
Site metasploit.com

This Metasploit module exploits a remote code execution vulnerability in the explicit render method when leveraging user parameters. This Metasploit module has been tested across multiple versions of Ruby on Rails. The technique used by this module requires the specified endpoint to be using dynamic render paths. Also, the vulnerable target will need a POST endpoint for the TempFile upload, this can literally be any endpoint. This Metasploit module does not use the log inclusion method of exploitation due to it not being universal enough. Instead, a new code injection technique was found and used whereby an attacker can upload temporary image files against any POST endpoint and use them for the inclusion attack. Finally, you only get one shot at this if you are testing with the builtin rails server, use caution.

tags | exploit, remote, code execution, file upload, ruby
advisories | CVE-2016-0752
MD5 | 330df82eae0981c2ca7cc8777a63a53c
Forbiz Infoway CMS File Upload / Cross Site Scripting
Posted Oct 7, 2016
Authored by M.R.S.L.Y

Forbiz Infoway CMS suffers from cross site scripting and remote file upload vulnerabilities.

tags | exploit, remote, vulnerability, xss, file upload
MD5 | cf087eb872d7b1021640d1d09a7e2744
EMC ViPR SRM XSS / CSRF / File Upload / Brute Force
Posted Sep 13, 2016
Site emc.com

EMC ViPR SRM versions prior to 3.7.2 suffer from cross site request forgery, cross site scripting, brute force, and remote file upload vulnerabilities.

tags | advisory, remote, vulnerability, xss, file upload, csrf
advisories | CVE-2016-0922, CVE-2016-6641, CVE-2016-6642, CVE-2016-6643
MD5 | 35b4414787c6f34d8dd86c193785b71b
WordPress Cubed Theme 1.2 CSRF / File Upload
Posted Sep 9, 2016
Authored by howucan

WordPress Cubed theme version 1.2 suffers from cross site request forgery and remote file upload vulnerabilities.

tags | exploit, remote, vulnerability, file upload, csrf
MD5 | fa4196605f52b02f8cd82e5c9562d32e
Jobberbase 2.0 Disclosure / XSS / Code Execution / Upload
Posted Sep 8, 2016
Authored by Ross Marks

Jobberbase version 2.0 suffers from code execution, open redirect, path disclosure, unrestricted file upload, and SQL injection vulnerabilities.

tags | exploit, vulnerability, code execution, xss, sql injection, info disclosure, file upload
MD5 | fe6cd5ec5043dc4c0ac9d9e0f99b84be
BSNL Teracom Router Firmware Rewrite / Link Modification
Posted Sep 3, 2016
Authored by Ajay Gowtham

BSNL Teracom routers suffer from a firmware rewrite via unrestricted file upload issue and a link modification issue.

tags | exploit, file upload
MD5 | c08a87b7f8ebdcb824d75caf9d0045ab
Barracuda Web App Firewall/Load Balancer Post Auth Remote Root Exploit (2)
Posted Jul 26, 2016
Authored by Russell Sanford | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in the Barracuda Web App Firewall Firmware Version <= 8.0.1.007 and Load Balancer Firmware <= v5.4.0.004 by exploiting a two vulnerabilities in the web administration interface. The first bug leverages a Arbitrary File Upload vulnerability to create a malicious file containing shell commands before using a second bug meant to clean up left-over core files on the device to execute them. By sending a specially crafted requests it's possible to inject system commands while escalating to root do to relaxed sudo configurations on the appliances.

tags | exploit, remote, web, arbitrary, shell, root, vulnerability, file upload
MD5 | e1652406ee326c56040c4cfc3a3a472c
Tiki Wiki 15.1 Unauthenticated File Upload
Posted Jul 12, 2016
Authored by Mehmet Ince | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in Tiki Wiki versions 15.1 and below which could be abused to allow unauthenticated users to execute arbitrary code under the context of the web server user. The issue comes with one of the 3rd party components. Name of that components is ELFinder -version 2.0-. This components comes with default example page which demonstrates file operations such as upload, remove, rename, create directory etc. Default configuration does not force validations such as file extension, content-type etc. Thus, unauthenticated user can upload PHP file. The exploit has been tested on Debian 8.x 64-bit and Tiki Wiki 15.1.

tags | exploit, web, arbitrary, php, file upload
systems | linux, debian
MD5 | 75ff5f78056283806bf48c4b08b4edfc
GNU Wget Arbitrary File Upload / Potential Remote Code Execution
Posted Jul 6, 2016
Authored by Dawid Golunski

GNU Wget versions prior to 1.18 suffer from an arbitrary file upload vulnerability that may allow for remote code execution.

tags | exploit, remote, arbitrary, code execution, file upload
advisories | CVE-2016-4971
MD5 | c1bff7c5ea44db8d87e028c13050cabc
Teampass 2.1.26 Arbitrary File Upload
Posted Jul 6, 2016
Authored by Peter Kok | Site vulnerability-lab.com

Teampass version 2.1.26 suffers from a remote authenticated file upload vulnerability that may allow for code execution.

tags | exploit, remote, code execution, file upload
MD5 | f26594fd5dac0172639bf267355e99df
Nagios XI Chained Remote Code Execution
Posted Jul 6, 2016
Authored by wvu, Francesco Oddo | Site metasploit.com

This Metasploit module exploits an SQL injection, auth bypass, file upload, command injection, and privilege escalation in Nagios XI <= 5.2.7 to pop a root shell.

tags | exploit, shell, root, sql injection, file upload
MD5 | f70bea86a23da44db72654aedbe0c274
WordPress CodeCanyon Real3D FlipBook 2.18.8 File Deletion / Upload / XSS
Posted Jul 5, 2016
Authored by Mukarram Khalid

WordPress CodeCanyon Real3D FlipBook plugin version 2.18.8 suffers from unauthenticated file deletion, file upload, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, file upload
MD5 | a6f0fad26239bf3152b28b3b1ba8e436
Debian Security Advisory 3614-1
Posted Jul 2, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3614-1 - The TERASOLUNA Framework Development Team discovered a denial of service vulnerability in Apache Commons FileUpload, a package to make it easy to add robust, high-performance, file upload capability to servlets and web applications. A remote attacker can take advantage of this flaw by sending file upload requests that cause the HTTP server using the Apache Commons Fileupload library to become unresponsive, preventing the server from servicing other requests.

tags | advisory, remote, web, denial of service, file upload
systems | linux, debian
advisories | CVE-2016-3092
MD5 | 8842da40ae7c42b85da4c1c180d199b4
Debian Security Advisory 3611-1
Posted Jun 30, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3611-1 - The TERASOLUNA Framework Development Team discovered a denial of service vulnerability in Apache Commons FileUpload, a package to make it easy to add robust, high-performance, file upload capability to servlets and web applications. A remote attacker can take advantage of this flaw by sending file upload requests that cause the HTTP server using the Apache Commons Fileupload library to become unresponsive, preventing the server from servicing other requests.

tags | advisory, remote, web, denial of service, file upload
systems | linux, debian
advisories | CVE-2016-3092
MD5 | eaa31806900c66154bd56d14b7920190
Sierra Wireless AirLink Raven XE Industrial 3G Gateway CSRF / File Upload
Posted Jun 23, 2016
Authored by Karn Ganeshen

Sierra Wireless AirLink Raven XE Industrial 3G Gateway suffers from cross site request forgery, information disclosure, and remote file upload vulnerabilities.

tags | exploit, remote, vulnerability, info disclosure, file upload, csrf
MD5 | 3e6d79e2ff5f919a1799a9ffb4c203b2
Getsimple CMS 3.3.10 Shell Upload
Posted Jun 23, 2016
Authored by s0nk3y

Getsimple CMS versions 3.3.10 and below suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell, file upload
MD5 | c539f6d7da6408ce658be6ae9c0c17bb
WordPress Contus Video Comments 1.0 File Upload
Posted Jun 22, 2016
Authored by Larry W. Cashdollar

WordPress Contus Video Comments plugin version 1.0 suffers from a remote file upload vulnerability.

tags | exploit, remote, file inclusion, file upload
MD5 | 878ac11298bc7d34f344850054ac0a6d
Wolf CMS 0.8.2 Arbitrary PHP File Upload
Posted Jun 22, 2016
Authored by Nahendra Bhati, Rahmat Nurfauzi | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in Wolf CMS version 0.8.2. This application has an upload feature that allows an authenticated user with administrator roles to upload arbitrary files to the '/public' directory.

tags | exploit, arbitrary, file upload
advisories | CVE-2015-6567, CVE-2015-6568
MD5 | 66beb761f39c59b3da55b23a9f9564fc
Relay Ajax Directory Manager 1.5.3 File Upload / Command Execution
Posted May 31, 2016
Site redteam-pentesting.de

Relay Ajax Directory Manager versions relayb01-071706, 1.5.1, and 1.5.3 suffer from an unauthenticated file upload vulnerability that can result in a shell upload.

tags | exploit, shell, file upload
MD5 | 70c083691ddb4ee8164629e359687241
WordPress Ninja Forms Unauthenticated File Upload
Posted May 27, 2016
Authored by Rob Carr, James Golovich | Site metasploit.com

Versions 2.9.36 to 2.9.42 of the Ninja Forms plugin contain an unauthenticated file upload vulnerability, allowing guests to upload arbitrary PHP code that can be executed in the context of the web server.

tags | exploit, web, arbitrary, php, file upload
advisories | CVE-2016-1209
MD5 | f03f7b3010a384cc311fa74d6dc49d0f
Oracle ATS Arbitrary File Upload
Posted May 24, 2016
Authored by wvu, Zhou Yu | Site metasploit.com

This Metasploit module exploits an authentication bypass and arbitrary file upload in Oracle Application Testing Suite (OATS), version 12.4.0.2.0 and unknown earlier versions, to upload and execute a JSP shell.

tags | exploit, arbitrary, shell, file upload
MD5 | 70475f3d47267994bd9b861afc21614b
Ubiquiti airOS Arbitrary File Upload
Posted May 24, 2016
Authored by wvu, 93c08539 | Site metasploit.com

This Metasploit module exploits a pre-auth file upload to install a new root user to /etc/passwd and an SSH key to /etc/dropbear/authorized_keys. FYI, /etc/{passwd,dropbear/authorized_keys} will be overwritten. /etc/persistent/rc.poststart will be overwritten if PERSIST_ETC is true. This method is used by the "mf" malware infecting these devices.

tags | exploit, root, file upload
MD5 | e267290a4d5fe45ab492cc0d0ab34602
LG NAS N1A1 10119 Access Bypass / Directory Traversal / SQL Injection
Posted May 19, 2016
Authored by Gergely Eberhardt

LG NAS N1A1 version 10119 suffers from insecure direct object reference, SQL injection, directory traversal, arbitrary file upload/download, and sensitive information disclosure vulnerabilities. Full proof of concept exploit included.

tags | exploit, arbitrary, vulnerability, sql injection, proof of concept, info disclosure, file upload
MD5 | f3d1592fda0e69b32e25049543d0f95a
Notes 4.5 Arbitrary File Upload
Posted May 10, 2016
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Notes version 4.5 for iOS suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
systems | ios
MD5 | 4febbab5b43fa042bdd014d05495b7db
Advantech WebAccess 8.0 Dashboard Viewer Arbitrary File Upload
Posted Apr 22, 2016
Authored by rgod, Zhou Yu | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability found in Advantech WebAccess 8.0. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebAccess Dashboard Viewer. Insufficient validation within the uploadImageCommon function in the UploadAjaxAction script allows unauthenticated callers to upload arbitrary code (instead of an image) to the server, which will then be executed under the high-privilege context of the IIS AppPool.

tags | exploit, remote, arbitrary, file upload
advisories | CVE-2016-0854
MD5 | 0cd699d2ba08a1eea8e330908b98312a
Page 4 of 31
Back23456Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

February 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    15 Files
  • 2
    Feb 2nd
    15 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    13 Files
  • 5
    Feb 5th
    16 Files
  • 6
    Feb 6th
    15 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    15 Files
  • 9
    Feb 9th
    18 Files
  • 10
    Feb 10th
    8 Files
  • 11
    Feb 11th
    8 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    15 Files
  • 14
    Feb 14th
    15 Files
  • 15
    Feb 15th
    17 Files
  • 16
    Feb 16th
    18 Files
  • 17
    Feb 17th
    37 Files
  • 18
    Feb 18th
    2 Files
  • 19
    Feb 19th
    11 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close