exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 151 - 175 of 982 RSS Feed

File Upload Files

WordPress Satoshi 2.0 Cross Site Request Forgery / File Upload
Posted Jun 5, 2019
Authored by KingSkrupellos

WordPress Satoshi theme version 2.0 suffers from cross site request forgery and remote file upload vulnerabilities.

tags | exploit, remote, vulnerability, file upload, csrf
SHA-256 | bf43d54e3d03215a0039911c353e90c20be07c4887ad233b784ba4063a99ebfc
Joomla Attachments 3.x File Upload
Posted May 26, 2019
Authored by KingSkrupellos

Joomla Attachments component version 3.x suffers from a remote file upload vulnerability.

tags | exploit, remote, file upload
SHA-256 | d5cf192e5152e876357d03867d1696944ce222fb9fd6fc28bbda9eb210bdfcec
eLabFTW 1.8.5 Arbitrary File Upload / Remote Code Execution
Posted May 20, 2019
Authored by liquidsky

eLabFTW version 1.8.5 suffers from arbitrary file upload and code execution vulnerabilities.

tags | exploit, arbitrary, vulnerability, code execution, file upload
SHA-256 | 6740b6eb0bb94e7f81a3aab91e04f9d4cbf240e5ee05f834f815594d93776d7e
GetSimpleCMS 3.3.15 Remote Code Execution
Posted May 16, 2019
Authored by truerand0m | Site metasploit.com

This Metasploit module exploits a remote code execution vulnerability found in GetSimpleCMS versions 3.3.15 and below. An arbitrary file upload (PHPcode for example) vulnerability can be triggered by an authenticated user, however authentication can be bypassed by leaking the cms API key to target the session manager.

tags | exploit, remote, arbitrary, code execution, file upload
advisories | CVE-2019-11231
SHA-256 | 4df2c6bb69a9fe3da21e575c7d71f0dc7d51d1f49ccf6cff0a23ef2afb22ff8d
GAT-Ship Web Module Unrestricted File Upload
Posted Apr 26, 2019
Authored by Gionathan Reale

GAT-Ship Web Module versions prior to 1.40 suffer from an unrestricted file upload vulnerability.

tags | advisory, web, file upload
advisories | CVE-2019-11028
SHA-256 | 29b659482027b40950b1a55c4531b6749375a0bdfd8e2c1ecbc694deaca21696
ATutor file_manager Remote Code Execution
Posted Apr 12, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module allows the user to run commands on the server with the teacher user privilege. The 'Upload files' section in the 'File Manager' field contains an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | e818dbce1a6208f6186c65252ddd95a25f1f0b84f2a4a999e93d6590533bfe01
PhreeBooks ERP 5.2.3 Arbitrary File Upload
Posted Apr 3, 2019
Authored by Abdullah Celebi

PhreeBooks ERP version 5.2.3 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 8946af8607d01cdbb4bbf87907507e414123374fc00ec083466a26acdbe24cb7
Classified Ad Lister 2.0 Arbitrary File Upload
Posted Apr 1, 2019
Authored by Mehmet Emiroglu

Classified Ad Lister version 2.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 63542f9d1c1104d0942738c1161df7996e1cf20ff40574c1071e3ef5584f6e3b
CMS Made Simple (CMSMS) Showtime2 File Upload Remote Command Execution
Posted Mar 27, 2019
Authored by Daniele Scanu, Fabio Cogno | Site metasploit.com

This Metasploit module exploits a file upload vulnerability that allows for remote command execution in Showtime2 module versions 3.6.2 and below in CMS Made Simple (CMSMS). An authenticated user with "Use Showtime2" privilege could exploit the vulnerability. The vulnerability exists in the Showtime2 module, where the class "class.showtime2_image.php" does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG). Tested on Showtime2 3.6.2, 3.6.1, 3.6.0, 3.5.4, 3.5.3, 3.5.2, 3.5.1, 3.5.0, 3.4.5, 3.4.3, 3.4.2 on CMS Made Simple (CMSMS) 2.2.9.1.

tags | exploit, remote, php, file upload
advisories | CVE-2019-9692
SHA-256 | 1df098a0e8333fb97bab3cd80dd2de6a5ea4a18a6d09b8daa9ff38cd10e5965a
SPIP CMS 2.x / 3.x Add Administrator / File Upload
Posted Mar 26, 2019
Authored by KingSkrupellos

SPIP CMS versions 2.x and 3.x suffer from unauthenticated add administrator and arbitrary file upload vulnerabilities.

tags | exploit, arbitrary, vulnerability, add administrator, file upload
SHA-256 | a7387c189d176bff2a0e9afc63e2bfada0350e829685bdc4a61f682b38596b2d
CSZ CMS 1.2.1 Arbitrary File Upload
Posted Mar 17, 2019
Authored by Mehmet Emiroglu

CSZ CMS version 1.2.1 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | fb0146810cbfc9471813abe9fc9f601d9f297f6f71207fba22dc34802a43ccaa
CMS Made Simple Showtime2 3.6.2 Arbitrary File Upload
Posted Mar 15, 2019
Authored by Daniele Scanu

CMS Made Simple Showtime2 module version 3.6.2 suffers from an authenticated arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
advisories | CVE-2019-9692
SHA-256 | fa20c0dbf5abddd0ecf04e638c87694a61d978bf9edf8380b83ae038d3fe85d9
Booked Scheduler 2.7.5 Remote Command Execution
Posted Mar 5, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits a file upload vulnerability Booked 2.7.5. In the "Look and Feel" section of the management panel, you can modify the Logo-Favico-CSS files. Upload sections has file extension control except favicon part. You can upload the file with the extension you want through the Favicon field. The file you upload is written to the main directory of the site under the name "custom-favicon". After you upload the php payload to the main directory, the exploit executes the payload and receives a shell.

tags | exploit, shell, php, file upload
SHA-256 | fd1000e5cac89ace858ec8875c56402a580102eca4787adce2c81e8909ed4842
Feng Office 3.7.0.5 Remote Command Execution
Posted Feb 28, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability in Feng Office version 3.7.0.5. The application allows unauthenticated users to upload arbitrary files. There is no control of any session. All files are sent under /tmp directory. The .htaccess file under the /tmp directory prevents files with the php, php2, and php3 extensions. This exploit creates the php payload and moves the payload to the main directory via shtml. After moving the php payload to the main directory, the exploit executes payload and receives a shell.

tags | exploit, arbitrary, shell, php, file upload
SHA-256 | a940da2e6fa296310cce651b821c9fdf8c7a9ec1bb8147e392837045d45532aa
Joomla Alberghi 2.1.3 File Upload / SQL Injection
Posted Feb 27, 2019
Authored by KingSkrupellos

Joomla Alberghi component version 2.1.3 suffers from arbitrary file upload and remote SQL injection vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, sql injection, file upload
SHA-256 | 4108d89cd5aacaa5aba00bce1d89efdaca7515189ceb474f8a7a6e3a9ecd5ac2
Webiness Inventory 2.3 Arbitrary File Upload
Posted Feb 19, 2019
Authored by Mehmet Emiroglu

Webiness Inventory version 2.3 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
advisories | CVE-2019-8404
SHA-256 | 6a948a73f6a62c627c29bebbebdd3b8689ed5297ffbfd18a4154c4f41d07a5d7
Zoho ManageEngine ServiceDesk Plus (SDP) Arbitrary File Upload
Posted Feb 19, 2019
Authored by Dao Duy Hung

Zoho ManageEngine ServiceDesk Plus (SDP) versions prior to 10.0 build 10012 suffer from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
advisories | CVE-2019-8394
SHA-256 | e370325c125ed93cabb906e3e837c2afb415d355b1cb2e06e3d4ed6f06c3a997
UniSharp Laravel File Manager 2.0.0-alpha7 Arbitrary File Upload
Posted Feb 15, 2019
Authored by Mohammad Danish

UniSharp Laravel File Manager version 2.0.0-alpha7 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | f67d9939b12edf8fa0798c677008aa300033f210c22c4530b791b22cdd35192e
WordPress Jssor-Slider 3.1.24 Cross Site Request Forgery / File Upload
Posted Feb 14, 2019
Authored by KingSkrupellos

WordPress Jssor-Slider plugin version 3.1.24 suffers from cross site request forgery and remote file upload vulnerabilities.

tags | exploit, remote, vulnerability, file upload, csrf
SHA-256 | 4e5ec89d243458ded11b3a5410778f396b0f09bffeb8a9b6b43aeee55cdff04a
TinyMCE JBimages 3.x JustBoilMe Arbitrary File Upload
Posted Feb 14, 2019
Authored by KingSkrupellos

TinyMCE JBimages plugin versions 3.x from JustBoilMe suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 8a859dccbf46db9bb0c847fd7f6ca4b05f01004735fdf588805f0463a8a30647
Slims CMS Senayan Library Management System 7.0 Shell Upload
Posted Feb 14, 2019
Authored by KingSkrupellos

Slims CMS Senayan Library Management System version 7.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, file upload
SHA-256 | 3a2d5f2cef0b7c0913f8ec95ec92588289cca7cf6d5890212329a2cc68b6e8de
RVSiteBuilder RVGlobalSoft CMS 7.0 Bypass / Disclosure / SQL Injection
Posted Feb 14, 2019
Authored by KingSkrupellos

RVSiteBuilder RVGlobalSoft CMS version 7.0 suffers from bypass, database disclosure, file download, path disclosure, remote file upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure, file upload
SHA-256 | bf7f23d5c0d4de74e897a5b9ebfae16164f9f11c8e83854683f9029df2fd3c7e
Joomla RSForm 1.5 Database Disclosure / SQL Injection
Posted Feb 5, 2019
Authored by KingSkrupellos

Joomla RSForm component version 1.5 suffers from database disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure, file upload
SHA-256 | d882560a12637951943225a41fcba7384756f7f20994323d08737db732d8bc16
Blueimp jQuery File Upload 9.22.0 Arbitrary File Upload
Posted Jan 17, 2019
Authored by Larry W. Cashdollar

Blueimp jQuery File Upload versions 9.22.0 and below suffer from a remote file upload vulnerability.

tags | exploit, remote, file upload
advisories | CVE-2018-9206
SHA-256 | e9f157afd7f59180b86e0627f3b9de79d4da7a9d147657e0cbddcbeeed0173eb
Web Design SQL Injection 2019/01/16
Posted Jan 16, 2019
Authored by KingSkrupellos

Desarrollado por Creator Solution Argentina, Desarrollado por Diaz Creativos Venezuella, Desenvolvido por Ritech Sistemas Brazil, Desarrollado por Rodrigo Guidetti RG21 Argentina, and Criacao sitesrapidos.com.br Web Design Brazil suffer from remote SQL injection vulnerabilities. Desarrollado por Diaz Creativos Venezuella also suffers from a file upload vulnerability.

tags | exploit, remote, web, vulnerability, sql injection, file upload
SHA-256 | 7f1551c440e4b35038cd546886f8cd2add3bb6648d093aade9dae8762ed8160b
Page 7 of 40
Back56789Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close