exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 101 - 125 of 982 RSS Feed

File Upload Files

openMAINT 1.1-2.4.2 Arbitrary File Upload
Posted Oct 12, 2020
Authored by mrb3n

openMAINT version 1.1-2.4.2 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | a26477f39b4617b2b78e146c4bedb8e5e49793b1405220c3427519405c789d51
MaraCMS 7.5 Remote Code Execution
Posted Sep 28, 2020
Authored by Erik Wynter, Michele Cisternino | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability in MaraCMS versions 7.5 and below in order to execute arbitrary commands. The module first attempts to authenticate to MaraCMS. It then tries to upload a malicious PHP file to the web root via an HTTP POST request to codebase/handler.php. If the php target is selected, the payload is embedded in the uploaded file and the module attempts to execute the payload via an HTTP GET request to this file. For the linux and windows targets, the module uploads a simple PHP web shell. Subsequently, it leverages the CmdStager mixin to deliver the final payload via a series of HTTP GET requests to the PHP web shell. Valid credentials for a MaraCMS admin or manager account are required. This module has been successfully tested against MaraCMS 7.5 running on Windows Server 2012 (XAMPP server).

tags | exploit, web, arbitrary, shell, root, php, file upload
systems | linux, windows
advisories | CVE-2020-25042
SHA-256 | 46bcd0fb88548beb443fdf27155d8d4343ca495c9eb2a3289d06a46da4ac2b7b
Seat Reservation System 1.0 Shell Upload
Posted Sep 21, 2020
Authored by Rahul Ramkumar

Seat Reservation System version 1.0 suffers from an unauthenticated file upload vulnerability that allows for remote code execution.

tags | exploit, remote, code execution, file upload
advisories | CVE-2020-25763
SHA-256 | f51980f4cdcbccbc7521c2a7dab9d0a487666c168a76426fc20232877e5f661b
Hyland OnBase Arbitrary File Upload
Posted Sep 11, 2020
Authored by Adaptive Security Consulting

All versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from an arbitrary file upload vulnerability.

tags | advisory, arbitrary, file upload
SHA-256 | 73f58c444371c240444b5a1298b127bc7083b9a6ceedbd305c49dcca16f44ec3
Joomla GMapFP J3.5 / J3.5F Arbitrary File Upload
Posted Sep 7, 2020
Authored by thelastvvv

Joomla GMapFP component versions J3.5 and J3.5F suffer from an unauthenticated arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
advisories | CVE-2020-23972
SHA-256 | 4563c49b5f140d4c97097c0714861f19d0ef0655690b42573600db44b51a3c2a
flatCore CMS 1.5.5 Cross Site Scripting / Arbitrary File Upload
Posted Aug 8, 2020
Authored by Farhan Rahman, Azrul Ikhwan Zulkifli | Site sec-consult.com

flatCore CMS versions 1.5.5 and below suffer from cross site scripting and arbitrary file upload vulnerabilities.

tags | exploit, arbitrary, vulnerability, xss, file upload
SHA-256 | 9815638f104a3e7980277234b49f1ecb97d771220babb5af06d2de42d18f2af1
Online Shopping Alphaware 1.0 Arbitrary File Upload
Posted Aug 6, 2020
Authored by Edo Maland

Online Shopping Alphaware version 1.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 1c73f02370cfc464f48e9e0329d3295cf79cee55b8d21245f13bb4fa92008374
October CMS Build 465 XSS / File Read / File Deletion / CSV Injection
Posted Aug 3, 2020
Authored by Sivanesh Ashok

October CMS builds 465 and below suffer from arbitrary file read, arbitrary file deletion, file uploading to arbitrary locations, persistent and reflective cross site scripting, and CSV injection vulnerabilities.

tags | exploit, arbitrary, vulnerability, xss, file upload
advisories | CVE-2020-11083, CVE-2020-5295, CVE-2020-5296, CVE-2020-5297, CVE-2020-5298, CVE-2020-5299
SHA-256 | db161c36ea18421b21654c361479e95224d40c18622344eb445b051377246742
Baldr Botnet Panel Shell Upload
Posted Jul 29, 2020
Authored by Ege Balci | Site metasploit.com

This Metasploit module exploits a arbitrary file upload vulnerability within the Baldr stealer malware control panel. Attackers can turn this vulnerability into remote code execution by adding malicious PHP code inside the victim logs ZIP file and registering a new bot to the panel by uploading the ZIP file under the logs directory. On versions 3.0 and 3.1 victim logs are ciphered by a random 4 byte XOR key. This exploit module retrieves the IP specific XOR key from panel gate and registers a new victim to the panel with adding the selected payload inside the victim logs.

tags | exploit, remote, arbitrary, php, code execution, file upload
SHA-256 | eead6190f3debc909c6e03fa4150c29da6936794b738a1702f89596b906fc97f
Socket.io-file 2.0.31 Arbitrary File Upload
Posted Jul 27, 2020
Authored by Cr0wTom

Socket.io-file versions 2.0.31 and below suffer from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 711ef348c9b7a811fcc015a0073c09cabd304fdb53657ca775b0e1598313780e
LibreHealth 2.0.0 Remote Code Execution
Posted Jul 20, 2020
Authored by Bobby Cooke

LibreHealth version 2.0.0 authentication remote code execution exploit that leverages file upload.

tags | exploit, remote, code execution, file upload
SHA-256 | 72dc0f0110132301f3990ed51cc51e800ab71dfb943e71ad251f75ff30848051
WonderCMS 3.1.0 XSS / Directory Traversal / File Upload
Posted Jul 17, 2020
Authored by Calvin Phang | Site sec-consult.com

WonderCMS versions 3.1.0 and below suffer from directory traversal, persistent cross site scripting, and file upload vulnerabilities.

tags | advisory, vulnerability, xss, file upload
SHA-256 | c8f9cd68ea4db3c53c6e6bf260ab07eced2819f903c6aa21f0fb40a29486efcf
Webtareas 2.1 / 2.1p File Upload / Information Disclosure
Posted Jul 9, 2020
Authored by AppleBois

Webtareas versions 2.1 and 2.1p suffer from unauthenticated file uploads that allow for remote code execution and expose directory listings.

tags | exploit, remote, code execution, info disclosure, file upload
SHA-256 | 50d4e7012c5d0dd6638cdbd956d6d2350c54598bb9e29b1aaf08aea28992ed75
ATutor 2.2.4 Directory Traversal / Remote Code Execution
Posted Jun 30, 2020
Authored by liquidsky, Erik Wynter | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability together with a directory traversal flaw in ATutor versions 2.2.4, 2.2.2 and 2.2.1 in order to execute arbitrary commands.

tags | exploit, arbitrary, file upload
advisories | CVE-2019-12169
SHA-256 | 344a78946baa67ebb531073dad88904763b7f86e0bf52c4f8197e8fc0c0f179d
Online Student Enrollment System 1.0 Arbitrary File Upload
Posted Jun 22, 2020
Authored by BKpatron

Online Student Enrollment System version 1.0 suffers from an unauthenticated arbitrary file vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 064a9332857173fea7fedcc2737f6d91ed1dfad56d7b15adb5bc5b7a3441673c
SmarterMail 16 Arbitrary File Upload
Posted Jun 13, 2020
Authored by vvhack.org

SmarterMail 16 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | d99f22976a0cdef98e659c1ee2684d7744855682a5a86267c256f46720d99efd
Exploiting Unrestricted File Upload Via Plugin Uploader In WordPress
Posted Jun 9, 2020
Authored by Isha Gupta

Whitepaper called Exploiting Unrestricted File Upload via Plugin Uploader in WordPress.

tags | paper, file upload
SHA-256 | efdbdb90e446a0fac9ede57a38883f4aa80f9e270ca7fa7750a06b3b479136af
WordPress Drag And Drop Multi File Uploader Remote Code Execution
Posted Jun 4, 2020
Authored by h00die, Austin Martin | Site metasploit.com

This Metasploit module exploits a file upload feature of Drag and Drop Multi File Upload - Contact Form 7 for versions prior to 1.3.4. The allowed file extension list can be bypassed by appending a %, allowing for php shells to be uploaded. No authentication is required for exploitation.

tags | exploit, shell, php, file upload
advisories | CVE-2020-12800
SHA-256 | d94c9f0362d25709f05afe545bc81aff8520f8eb38e83726bf24a2463da16a0a
WordPress Drag And Drop File Upload Contact Form 1.3.3.2 Shell Upload
Posted May 27, 2020
Authored by Austin Martin

WordPress Drag and Drop File Upload Contact Form plugin version 1.3.3.2 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, file upload
SHA-256 | 36da7f722845fbc942179b4637fb9e3df8d66888734d49a9f4a425645863787a
qdPM 9.1 Arbitrary File Upload
Posted May 12, 2020
Authored by Besim Altinok, Ismail Bozkurt

qdPM version 9.1 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 29677c9aeba89af9fcf295f75937caccf52029e7fa9463e55173aedd624ed875
CuteNews 2.1.2 Authenticated Shell Upload
Posted May 12, 2020
Authored by Vigov5

CuteNews version 2.1.2 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, file upload
SHA-256 | 1bf71f9d33300d7dc2cc4132c6b15db181f3b4df8f6712432611c28b8929c56a
Kartris 1.6 Arbitrary File Upload
Posted May 9, 2020
Authored by Nhat Ha

Kartris version 1.6 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 1893df3860645717ed77b36829cd27018d61135d550260a8e7b0722461344c66
Online Clothing Store 1.0 Arbitrary File Upload
Posted May 7, 2020
Authored by Saurav Shukla, Sushant Kamble

Online Clothing Store version 1.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 3581d88084c332b91b7c1e30cd3add420f3ee25d09c0a63cb6311a42c32529e4
HardDrive 2.1 Arbitrary File Upload
Posted Apr 30, 2020
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

HardDrive version 2.1 for iOS suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
systems | ios
SHA-256 | 0c34b14b82c1c179e184b9fb03967beb613f81201373e46509c51dd3086c8082
Gigamon GigaVUE 5.5.01.11 Directory Traversal / File Upload
Posted Apr 29, 2020
Authored by Balazs Hambalko

Gigamon GigaVUE version 5.5.01.11 suffers from directory traversal and file upload with command execution vulnerabilities. Gigamon has chosen to sunset this product and not offer a patch.

tags | exploit, vulnerability, file inclusion, file upload
advisories | CVE-2020-12251, CVE-2020-12252
SHA-256 | 4f94429e64d9c424c9369febb776c41eae261c908658edff22b96292c43a0a65
Page 5 of 40
Back34567Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close