Exploit the possiblities
Showing 101 - 125 of 748 RSS Feed

File Upload Files

ThumbDrive 1.1 Local File Inclusion / File Upload
Posted Feb 7, 2016
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

ThumbDrive version 1.1 suffers from local file inclusion and remote file upload vulnerabilities.

tags | exploit, remote, local, vulnerability, file inclusion, file upload
MD5 | babfb9997dad35bad5866d2fb7cfc210
osTicket 1.9.12 XSS / File Upload / Access Bypass / Session Fixation
Posted Feb 6, 2016
Authored by Enrico Cinquini, Giovanni Cerrato

osTicket version 1.9.12 suffers from authentication bypass, session fixation, file upload, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, bypass, file upload
MD5 | e4ae9c91f937545f666496593c2c2a23
Mezzanine 4.1.0 Arbitrary File Upload
Posted Feb 3, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Mezzanine version 4.1.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | 4abc63f16a8522495a2d26bdd7e34126
File Hub 3.3 Arbitrary File Upload / Script Insertion
Posted Feb 1, 2016
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

File Hub version 3.3 suffers from script insertion and remote file upload vulnerabilities.

tags | exploit, remote, vulnerability, file upload
MD5 | e3bc008cb326dc281c6d41d5335727b0
Secure Item Hub 1.0 XSS / Code Execution / File Upload
Posted Jan 27, 2016
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Secure Item Hub version 1.0 suffers from input validation, code execution, and remote file upload vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file upload
MD5 | 8060801cf815a6a06bb7d7a942380a29
GRR 3.0.0-RC1 Remote Code Execution / File Upload
Posted Jan 21, 2016
Authored by kmkz

GRR versions 3.0.0-RC1 and below suffer from a remote code execution vulnerability with privilege escalation through a file upload filter bypass.

tags | exploit, remote, code execution, file upload
MD5 | 13a8cc1e44c11c12e9c2addac78f9e52
HP Security Bulletin HPSBGN03532 1
Posted Jan 13, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03532 1 - Potential security vulnerabilities have been identified in Intellicus and the client certificate upload components of HPE ArcSight Logger. The vulnerabilities could be remotely exploited by unauthorized users to allow bypass of security restrictions resulting in arbitrary code execution, file upload, and file deletion. Revision 1 of this advisory.

tags | advisory, arbitrary, vulnerability, code execution, file upload
advisories | CVE-2015-6863, CVE-2015-6864
MD5 | b877f3d39c0aed80f7ee7a280a67a119
D-Link DCS-931L Arbitrary File Upload
Posted Jan 6, 2016
Authored by Brendan Coles, J. Rach, Allen Harper, Mike Baucom | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in D-Link DCS-931L network cameras. The setFileUpload functionality allows authenticated users to upload files to anywhere on the file system, allowing system files to be overwritten, resulting in execution of arbitrary commands. This Metasploit module has been tested successfully on a D-Link DCS-931L with firmware versions 1.01_B7 (2013-04-19) and 1.04_B1 (2014-04-21). D-Link DCS-930L, DCS-932L, DCS-933L models are also reportedly affected, but untested.

tags | exploit, arbitrary, file upload
advisories | CVE-2015-2049
MD5 | c004fc97c48c539da2a1404559c5804c
Easy News Pro 1.5 Bypass / SQL Injection / File Upload
Posted Jan 4, 2016
Authored by indoushka

Easy News Pro version 1.5 suffers from bypass, arbitrary file upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, sql injection, file upload
MD5 | 6b813d787bda3c5a419696fd06b6bf2c
Bigware Shop 2.3.01 Cross Site Scripting / File Upload
Posted Dec 25, 2015
Authored by indoushka

Bigware Shop version 2.3.01 suffers from cross site scripting and remote file upload vulnerabilities.

tags | exploit, remote, vulnerability, xss, file upload
MD5 | 5c0b06d734609190e4658f891dc28b01
WordPress NextGEN Gallery 2.1.10 Shell Upload
Posted Dec 23, 2015
Authored by CSW Research Lab

WordPress NextGEN Gallery plugin version 2.1.10 suffers from a remote shell upload vulnerability.

tags | advisory, remote, shell, file upload
MD5 | d1d6f2b7a68ea003664f05d4a9eb51be
AContent 1.3 File Upload
Posted Dec 19, 2015
Authored by indoushka

AContent version 1.3 suffers from a remote arbitrary file upload vulnerability.

tags | exploit, remote, arbitrary, file upload
MD5 | a2448f38772cc1e98b58bde64773d8fb
YesWiki 1 / 2 File Upload / Directory Traversal
Posted Dec 8, 2015
Authored by indoushka

YesWiki versions 1 and 2 suffers from remote arbitrary file upload and directory traversal vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, file inclusion, file upload
MD5 | e17c9fd65b614a884bf6e4f1386e932c
Deadlock 1.01 Arbitrary File Upload
Posted Dec 7, 2015
Authored by indoushka

Deadlock version 1.01 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | a5a3d905bac311525045cc049fdf5629
ChromiumCart 0.8.1 Arbitrary File Upload
Posted Dec 7, 2015
Authored by indoushka

ChromiumCart version 0.8.1 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | 10df8434e76e87b5e112dcaabb7e83dc
ASP Dynamika 2.5 File Upload / SQL Injection
Posted Dec 7, 2015
Authored by indoushka

ASP Dynamika version 2.5 suffers from arbitrary file upload and remote SQL injection vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, sql injection, asp, file upload
MD5 | 76dfcd46a38b6fa6cef2b01bf008adff
WordPress Users Ultra 1.5.50 Unrestricted File Upload
Posted Nov 18, 2015
Authored by panVagenas

WordPress Users Ultra plugin version 1.5.50 suffers from an unrestricted file upload vulnerability.

tags | exploit, file upload
MD5 | 3a061ef83806eecdc850ad05133f3f6b
Idera Up.Time Monitoring Station 7.0 post2file.php Arbitrary File Upload Version 1
Posted Nov 13, 2015
Authored by Denis Andzakovic | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability found within the Up.Time monitoring server 7.2 and below. A malicious entity can upload a PHP file into the webroot without authentication, leading to arbitrary code execution. Although the vendor fixed Up.Time to prevent this vulnerability, it was not properly mitigated. To exploit against a newer version of Up.Time (such as 7.4), please use exploits/multi/http/uptime_file_upload_2.

tags | exploit, web, arbitrary, php, code execution, file upload
MD5 | 75859afe6a385a626bad1a03d9f8e831
Idera Up.Time Monitoring Station 7.4 post2file.php Arbitrary File Upload Version 2
Posted Nov 13, 2015
Authored by Denis Andzakovic | Site metasploit.com

This Metasploit module exploits a vulnerability found in Uptime version 7.4.0 and 7.5.0. The vulnerability began as a classic arbitrary file upload vulnerability in post2file.php, which can be exploited by exploits/multi/http/uptime_file_upload_1.rb, but it was mitigated by the vendor. Although the mitigation in place will prevent uptime_file_upload_1.rb from working, it can still be bypassed and gain privilege escalation, and allows the attacker to upload file again, and execute arbitrary commands.

tags | exploit, web, arbitrary, php, file upload
MD5 | 1cf7b5d392550c238a65f2b9ff6d5031
WordPress Ajax Load More PHP Upload
Posted Nov 9, 2015
Authored by temp66 | Site metasploit.com

This Metasploit module exploits an arbitrary file upload in the WordPress Ajax Load More version 2.8.1.1. It allows you to upload arbitrary php files and get remote code execution. This Metasploit module has been tested successfully on WordPress Ajax Load More 2.8.0 with WordPress 4.1.3 on Ubuntu 12.04/14.04 Server.

tags | exploit, remote, arbitrary, php, code execution, file upload
systems | linux, ubuntu
MD5 | 3ccb8b1da98de9f443c1c6e265a148eb
ATutor 2.2 File Upload
Posted Nov 4, 2015
Authored by EgiX

ATutor versions 2.2 and below suffer from a remote unrestricted file upload vulnerability.

tags | exploit, remote, file upload
advisories | CVE-2014-9752
MD5 | 07499b6750c1e85829c0817d87da1937
Th3 MMA mma.php Backdoor Arbitrary File Upload
Posted Oct 27, 2015
Authored by Jay Turla | Site metasploit.com

This Metasploit module exploits Th3 MMA mma.php Backdoor which allows an arbitrary file upload that leads to arbitrary code execution. This backdoor also echoes the Linux kernel version or operating system version because of the php_uname() function.

tags | exploit, arbitrary, kernel, php, code execution, file upload
systems | linux
MD5 | 26766b958880f49852cf7d50e27b5f16
ManageEngine ServiceDesk Plus Arbitrary File Upload
Posted Oct 8, 2015
Authored by Pedro Ribeiro | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in ManageEngine ServiceDesk Plus. The vulnerability exists in the FileUploader servlet which accepts unauthenticated file uploads. This Metasploit module has been tested successfully on versions v9 b9000 - b9102 in Windows and Linux. The MSP versions do not expose the vulnerable servlet.

tags | exploit, file upload
systems | linux, windows
MD5 | 5382da1d82ea16f8ac9e643c4b7104c2
GLPI 0.85.5 Remote Code Execution / File Upload
Posted Oct 7, 2015
Authored by Raffaele Forte

GLPI version 0.85.5 suffers from a file upload filter bypass vulnerability that allows for remote code execution.

tags | exploit, remote, code execution, bypass, file upload
MD5 | 6dfed8fd277f84d89a496e6687d4c746
ManageEngine ServiceDesk File Upload / Code Execution
Posted Oct 5, 2015
Authored by Pedro Ribeiro

ManageEngine ServiceDesk allows for remote code execution via an arbitrary file upload vulnerability. Builds prior to 9103 are affected.

tags | exploit, remote, arbitrary, code execution, file upload
MD5 | a3b912e40243bbda29c463be690630dc
Page 5 of 30
Back34567Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close