This Metasploit module exploits the file upload vulnerability of baldr malware panel in order to achieve arbitrary code execution.
4da9fd2ffdcce769456b0f4efa3464cdc760398d6c00430570f596892e606f78ATutor version 2.2.4 suffers from a language_import arbitrary file upload that allows for command execution.
68b1f5ef4f43ce98748eca51235dfb77dab8a8340683912b52e996264a98eec7This Metasploit module exploits an authenticated insecure file upload and code execution flaw in Ahsay Backup versions 7.x through 8.1.1.50. To successfully execute the upload credentials are needed, default on Ahsay Backup trial accounts are enabled so an account can be created. It can be exploited in Windows and Linux environments to get remote code execution (usually as SYSTEM). This module has been tested successfully on Ahsay Backup v8.1.1.50 with Windows 2003 SP2 Server. Because of this flaw all connected clients can be configured to execute a command before the backup starts. Allowing an attacker to takeover even more systems and make it rain shells!
83afb5ef0b4fb3cbf8a67a2f3aef040fe1e3f8026ef03cddf56dee9c7ba91e49Ahsay Backup versions 7.x through 8.1.1.50 suffer from authenticated arbitrary file upload and remote code execution vulnerabilities.
8f297f63226a55c017752fbfc4e3ad2b92918ea609bfd8418e0ea5ca9cf59421Cisco Data Center Network Manager (DCNM) versions 11.1(1) and below suffer from authentication bypass, arbitrary file upload, arbitrary file download, and information disclosure vulnerabilities.
dfd36cfbc7507485cec0e3cf8334543371b3ffebfedce49529db5c62ccf35e6cWordPress Satoshi theme version 2.0 suffers from cross site request forgery and remote file upload vulnerabilities.
bf43d54e3d03215a0039911c353e90c20be07c4887ad233b784ba4063a99ebfcJoomla Attachments component version 3.x suffers from a remote file upload vulnerability.
d5cf192e5152e876357d03867d1696944ce222fb9fd6fc28bbda9eb210bdfceceLabFTW version 1.8.5 suffers from arbitrary file upload and code execution vulnerabilities.
6740b6eb0bb94e7f81a3aab91e04f9d4cbf240e5ee05f834f815594d93776d7eThis Metasploit module exploits a remote code execution vulnerability found in GetSimpleCMS versions 3.3.15 and below. An arbitrary file upload (PHPcode for example) vulnerability can be triggered by an authenticated user, however authentication can be bypassed by leaking the cms API key to target the session manager.
4df2c6bb69a9fe3da21e575c7d71f0dc7d51d1f49ccf6cff0a23ef2afb22ff8dGAT-Ship Web Module versions prior to 1.40 suffer from an unrestricted file upload vulnerability.
29b659482027b40950b1a55c4531b6749375a0bdfd8e2c1ecbc694deaca21696This Metasploit module allows the user to run commands on the server with the teacher user privilege. The 'Upload files' section in the 'File Manager' field contains an arbitrary file upload vulnerability.
e818dbce1a6208f6186c65252ddd95a25f1f0b84f2a4a999e93d6590533bfe01PhreeBooks ERP version 5.2.3 suffers from an arbitrary file upload vulnerability.
8946af8607d01cdbb4bbf87907507e414123374fc00ec083466a26acdbe24cb7Classified Ad Lister version 2.0 suffers from an arbitrary file upload vulnerability.
63542f9d1c1104d0942738c1161df7996e1cf20ff40574c1071e3ef5584f6e3bThis Metasploit module exploits a file upload vulnerability that allows for remote command execution in Showtime2 module versions 3.6.2 and below in CMS Made Simple (CMSMS). An authenticated user with "Use Showtime2" privilege could exploit the vulnerability. The vulnerability exists in the Showtime2 module, where the class "class.showtime2_image.php" does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG). Tested on Showtime2 3.6.2, 3.6.1, 3.6.0, 3.5.4, 3.5.3, 3.5.2, 3.5.1, 3.5.0, 3.4.5, 3.4.3, 3.4.2 on CMS Made Simple (CMSMS) 2.2.9.1.
1df098a0e8333fb97bab3cd80dd2de6a5ea4a18a6d09b8daa9ff38cd10e5965aSPIP CMS versions 2.x and 3.x suffer from unauthenticated add administrator and arbitrary file upload vulnerabilities.
a7387c189d176bff2a0e9afc63e2bfada0350e829685bdc4a61f682b38596b2dCSZ CMS version 1.2.1 suffers from an arbitrary file upload vulnerability.
fb0146810cbfc9471813abe9fc9f601d9f297f6f71207fba22dc34802a43ccaaCMS Made Simple Showtime2 module version 3.6.2 suffers from an authenticated arbitrary file upload vulnerability.
fa20c0dbf5abddd0ecf04e638c87694a61d978bf9edf8380b83ae038d3fe85d9This Metasploit module exploits a file upload vulnerability Booked 2.7.5. In the "Look and Feel" section of the management panel, you can modify the Logo-Favico-CSS files. Upload sections has file extension control except favicon part. You can upload the file with the extension you want through the Favicon field. The file you upload is written to the main directory of the site under the name "custom-favicon". After you upload the php payload to the main directory, the exploit executes the payload and receives a shell.
fd1000e5cac89ace858ec8875c56402a580102eca4787adce2c81e8909ed4842This Metasploit module exploits an arbitrary file upload vulnerability in Feng Office version 3.7.0.5. The application allows unauthenticated users to upload arbitrary files. There is no control of any session. All files are sent under /tmp directory. The .htaccess file under the /tmp directory prevents files with the php, php2, and php3 extensions. This exploit creates the php payload and moves the payload to the main directory via shtml. After moving the php payload to the main directory, the exploit executes payload and receives a shell.
a940da2e6fa296310cce651b821c9fdf8c7a9ec1bb8147e392837045d45532aaJoomla Alberghi component version 2.1.3 suffers from arbitrary file upload and remote SQL injection vulnerabilities.
4108d89cd5aacaa5aba00bce1d89efdaca7515189ceb474f8a7a6e3a9ecd5ac2Webiness Inventory version 2.3 suffers from an arbitrary file upload vulnerability.
6a948a73f6a62c627c29bebbebdd3b8689ed5297ffbfd18a4154c4f41d07a5d7Zoho ManageEngine ServiceDesk Plus (SDP) versions prior to 10.0 build 10012 suffer from an arbitrary file upload vulnerability.
e370325c125ed93cabb906e3e837c2afb415d355b1cb2e06e3d4ed6f06c3a997UniSharp Laravel File Manager version 2.0.0-alpha7 suffers from an arbitrary file upload vulnerability.
f67d9939b12edf8fa0798c677008aa300033f210c22c4530b791b22cdd35192eWordPress Jssor-Slider plugin version 3.1.24 suffers from cross site request forgery and remote file upload vulnerabilities.
4e5ec89d243458ded11b3a5410778f396b0f09bffeb8a9b6b43aeee55cdff04aTinyMCE JBimages plugin versions 3.x from JustBoilMe suffers from an arbitrary file upload vulnerability.
8a859dccbf46db9bb0c847fd7f6ca4b05f01004735fdf588805f0463a8a30647
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed