Exploit the possiblities
Showing 101 - 125 of 762 RSS Feed

File Upload Files

Apache Jetspeed Arbitrary File Upload
Posted Mar 31, 2016
Authored by wvu, Andreas Lindh | Site metasploit.com

This Metasploit module exploits the unsecured User Manager REST API and a ZIP file path traversal in Apache Jetspeed-2, versions 2.3.0 and unknown earlier versions, to upload and execute a shell. Note: this exploit will create, use, and then delete a new admin user. Warning: in testing, exploiting the file upload clobbered the web interface beyond repair. No workaround has been found yet. Use this module at your own risk. No check will be implemented.

tags | exploit, web, shell, file upload
advisories | CVE-2016-0709, CVE-2016-0710
MD5 | 55991d9f8e870de6ba19c6811c89f66b
Easy Hosting Control Panel 0.37.9 Bypass / File Upload / Disclosure
Posted Mar 30, 2016
Authored by Kyle Lovett

Easy Hosting Control Panel versions 0.29 through 0.37.9 suffer from information disclosure, authentication bypass, clear text password storage, and remote file upload vulnerabilities.

tags | exploit, remote, vulnerability, bypass, info disclosure, file upload
MD5 | 9d781120ac3ccba338e1aeb6ce565e1c
Kaltura Community Edition 11.1.0-2 Code Execution / File Upload / File Read
Posted Mar 12, 2016
Authored by Daniel Jensen | Site security-assessment.com

The Kaltura platform contains a number of vulnerabilities, allowing unauthenticated users to execute code, read files, and access services listening on the localhost interface. Vulnerabilities present in the application also allow authenticated users to execute code by uploading a file, and perform stored cross site scripting attacks from the Kaltura Management Console into the admin console. Weak cryptographic secret generation allows unauthenticated users to bruteforce password reset tokens for accounts, and allows low level users to perform privilege escalation attacks.

tags | exploit, vulnerability, xss, file upload
MD5 | c7050648ed43cc5d4feaeaa9bf7972f3
WordPress SP Projects And Document Manager 2.5.9.6 XSS / SQL Injection
Posted Mar 7, 2016
Authored by Michael Helwig

WordPress SP Projects and Document Manager plugin version 2.5.9.6 suffers from code execution, cross site scripting, remote shell upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, code execution, xss, sql injection, file upload
MD5 | f0ee8e78d641daa37faf343aa8631f66
WordPress CP Polls 1.0.8 File Upload / Cross Site Scripting
Posted Mar 2, 2016
Authored by Joaquin Ramirez Martinez

WordPress CP Polls plugin version 1.0.8 suffers from a persistent cross site scripting vulnerability via file upload.

tags | exploit, xss, file upload
MD5 | 35799603b69fe6d77b709b4eb08e9805
perfact::mpa Insecure Direct Object Reference
Posted Mar 1, 2016
Authored by Matthias Deeg, Sven Freund

SySS GmbH found out that unauthorized users are able to download arbitrary files of other users that have been uploaded via the file upload functionality. As the file names of uploaded files are incremental integer values, it is possible to enumerate and download all uploaded files without any authorization.

tags | exploit, arbitrary, file upload
MD5 | 144e141f58e04e5f34a3cd1065a4e29a
NETGEAR ProSafe Network Management System 300 Arbitrary File Upload
Posted Feb 29, 2016
Authored by Pedro Ribeiro | Site metasploit.com

Netgear's ProSafe NMS300 is a network management utility that runs on Windows systems. The application has a file upload vulnerability that can be exploited by an unauthenticated remote attacker to execute code as the SYSTEM user. Two servlets are vulnerable, FileUploadController (located at /lib-1.0/external/flash/fileUpload.do) and FileUpload2Controller (located at /fileUpload.do). This Metasploit module exploits the latter, and has been tested with versions 1.5.0.2, 1.4.0.17 and 1.1.0.13.

tags | exploit, remote, file upload
systems | windows
advisories | CVE-2016-1525
MD5 | 3d6c659220bc9733c182c19629aadafe
HD Video Player 2.5 Local File Inclusion / File Upload
Posted Feb 14, 2016
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

HD Video Player version 2.5 suffers from file upload and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, file inclusion, file upload
MD5 | 532e78a8284097e3df06a7d6f96b4ad6
SIMOGEO FileManager 2.3.0 File Upload
Posted Feb 12, 2016
Authored by HaHwul

SIMOGEO FileManager version 2.3.0 suffers from a remote unauthenticated arbitrary file upload vulnerability.

tags | exploit, remote, arbitrary, file upload
MD5 | 072ea1096f8e0d932dfea97fa765fcf4
Yeager CMS 1.2.1 File Upload / SQL Injection / XSS / SSRF
Posted Feb 11, 2016
Authored by P. Morimoto | Site sec-consult.com

Yeager CMS version 1.2.1 suffers from cross site scripting, remote file upload, server-side request forgery, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, file upload
advisories | CVE-2015-7567, CVE-2015-7568, CVE-2015-7569, CVE-2015-7570, CVE-2015-7571, CVE-2015-7572
MD5 | 52c426706da7c84f5ccd2b0fd6939d01
File Sharing Manager 1.0 Local File Inclusion / File Upload
Posted Feb 11, 2016
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

File Sharing Manager version 1.0 suffers from local file inclusion and remote file upload vulnerabilities.

tags | exploit, remote, local, vulnerability, file inclusion, file upload
MD5 | eaedfd5785c0a9dfda966f034d006a98
Symphony CMS 2.6.5 SQL Injection / File Upload
Posted Feb 9, 2016
Authored by Filippo Cavallarin

Symphony CMS version 2.6.5 suffers from remote file upload and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, file upload
MD5 | 5ba5376c7ffba97a3910b4d7ac900c7a
WordPress WP User Frontend 3.4.6 File Upload
Posted Feb 9, 2016
Authored by panVagenas

WordPress WP User Frontend plugin version 3.4.6 suffers from a remote file upload vulnerability.

tags | exploit, remote, file upload
MD5 | 8ca80e8696eb758461a2f13047371196
Mobile Drive Free 1.8 Local File Inclusion / File Upload
Posted Feb 7, 2016
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Mobile Drive Free 1.8 suffers from local file inclusion and remote file upload vulnerabilities.

tags | exploit, remote, local, vulnerability, file inclusion, file upload
MD5 | f991558840cbad3b3ac63e6188d6a9e7
ThumbDrive 1.1 Local File Inclusion / File Upload
Posted Feb 7, 2016
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

ThumbDrive version 1.1 suffers from local file inclusion and remote file upload vulnerabilities.

tags | exploit, remote, local, vulnerability, file inclusion, file upload
MD5 | babfb9997dad35bad5866d2fb7cfc210
osTicket 1.9.12 XSS / File Upload / Access Bypass / Session Fixation
Posted Feb 6, 2016
Authored by Enrico Cinquini, Giovanni Cerrato

osTicket version 1.9.12 suffers from authentication bypass, session fixation, file upload, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, bypass, file upload
MD5 | e4ae9c91f937545f666496593c2c2a23
Mezzanine 4.1.0 Arbitrary File Upload
Posted Feb 3, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Mezzanine version 4.1.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | 4abc63f16a8522495a2d26bdd7e34126
File Hub 3.3 Arbitrary File Upload / Script Insertion
Posted Feb 1, 2016
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

File Hub version 3.3 suffers from script insertion and remote file upload vulnerabilities.

tags | exploit, remote, vulnerability, file upload
MD5 | e3bc008cb326dc281c6d41d5335727b0
Secure Item Hub 1.0 XSS / Code Execution / File Upload
Posted Jan 27, 2016
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Secure Item Hub version 1.0 suffers from input validation, code execution, and remote file upload vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file upload
MD5 | 8060801cf815a6a06bb7d7a942380a29
GRR 3.0.0-RC1 Remote Code Execution / File Upload
Posted Jan 21, 2016
Authored by kmkz

GRR versions 3.0.0-RC1 and below suffer from a remote code execution vulnerability with privilege escalation through a file upload filter bypass.

tags | exploit, remote, code execution, file upload
MD5 | 13a8cc1e44c11c12e9c2addac78f9e52
HP Security Bulletin HPSBGN03532 1
Posted Jan 13, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03532 1 - Potential security vulnerabilities have been identified in Intellicus and the client certificate upload components of HPE ArcSight Logger. The vulnerabilities could be remotely exploited by unauthorized users to allow bypass of security restrictions resulting in arbitrary code execution, file upload, and file deletion. Revision 1 of this advisory.

tags | advisory, arbitrary, vulnerability, code execution, file upload
advisories | CVE-2015-6863, CVE-2015-6864
MD5 | b877f3d39c0aed80f7ee7a280a67a119
D-Link DCS-931L Arbitrary File Upload
Posted Jan 6, 2016
Authored by Brendan Coles, J. Rach, Allen Harper, Mike Baucom | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in D-Link DCS-931L network cameras. The setFileUpload functionality allows authenticated users to upload files to anywhere on the file system, allowing system files to be overwritten, resulting in execution of arbitrary commands. This Metasploit module has been tested successfully on a D-Link DCS-931L with firmware versions 1.01_B7 (2013-04-19) and 1.04_B1 (2014-04-21). D-Link DCS-930L, DCS-932L, DCS-933L models are also reportedly affected, but untested.

tags | exploit, arbitrary, file upload
advisories | CVE-2015-2049
MD5 | c004fc97c48c539da2a1404559c5804c
Easy News Pro 1.5 Bypass / SQL Injection / File Upload
Posted Jan 4, 2016
Authored by indoushka

Easy News Pro version 1.5 suffers from bypass, arbitrary file upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, sql injection, file upload
MD5 | 6b813d787bda3c5a419696fd06b6bf2c
Bigware Shop 2.3.01 Cross Site Scripting / File Upload
Posted Dec 25, 2015
Authored by indoushka

Bigware Shop version 2.3.01 suffers from cross site scripting and remote file upload vulnerabilities.

tags | exploit, remote, vulnerability, xss, file upload
MD5 | 5c0b06d734609190e4658f891dc28b01
WordPress NextGEN Gallery 2.1.10 Shell Upload
Posted Dec 23, 2015
Authored by CSW Research Lab

WordPress NextGEN Gallery plugin version 2.1.10 suffers from a remote shell upload vulnerability.

tags | advisory, remote, shell, file upload
MD5 | d1d6f2b7a68ea003664f05d4a9eb51be
Page 5 of 31
Back34567Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

January 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    16 Files
  • 4
    Jan 4th
    39 Files
  • 5
    Jan 5th
    26 Files
  • 6
    Jan 6th
    40 Files
  • 7
    Jan 7th
    2 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    25 Files
  • 10
    Jan 10th
    28 Files
  • 11
    Jan 11th
    44 Files
  • 12
    Jan 12th
    32 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    4 Files
  • 15
    Jan 15th
    31 Files
  • 16
    Jan 16th
    15 Files
  • 17
    Jan 17th
    16 Files
  • 18
    Jan 18th
    24 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close