PHPGurukul Zoo Management System version 1.0 suffers from a remote shell upload vulnerability.
dca1f178a16cf53e52736d7b787820a9fbabb32e64848116ca5fc2680795d6d7Roxy File Manager version 1.4.5 proof of concept exploit for a PHP file upload restriction bypass vulnerability.
56429affeb38a91070ee24b0aaf512970594ce033504501832983da83e9dea5aFoxit PDF Editor (iOS) version 11.3.1 suffers from an arbitrary file upload vulnerability.
eee6585def5e7c7d4e32865c6af95620ceb8365f388cac02687c0e833289acfaUbuntu Security Notice 5269-1 - Keryn Knight discovered that Django incorrectly handled certain template tags. A remote attacker could possibly use this issue to perform a cross-site scripting attack. Alan Ryan discovered that Django incorrectly handled file uploads. A remote attacker could possibly use this issue to cause Django to hang, resulting in a denial of service.
44ead4d24055dc9998855e1e79daf13648af011234c8ab7db00a1edd78b0a0fcLanda Driving School Management System version 2.0.1 suffers from an arbitrary file upload vulnerability.
1e684f4bf2740af67139b537773580e9c66f842543ab7922604bfaaf83b03922This Metasploit module exploits CVE-2021-44077, an unauthenticated remote code execution vulnerability in ManageEngine ServiceDesk Plus, to upload an EXE (msiexec.exe) and execute it as the SYSTEM account. Note that build 11305 is vulnerable to the authentication bypass but not the file upload. The module will check for an exploitable build.
244ae2538bc9ec8f90e308561999a95ddf997764203cb31dbd2e32b039b73273AbanteCart e-commerce platform versions prior to 1.3.2 suffer from cross site scripting and file upload vulnerabilities.
1d18e94320294ca7bb9c057c9b6c90c647799d170ceda260890a08b559774f32Online Learning System version 2.0 remote code execution exploit that leverages SQL injection, authentication bypass, and file upload vulnerabilities.
e13c0631f420057004b808a4af6435c2db1224089738b4762896aa208c6c4df8This Metasploit module exploits an unauthenticated file upload and command injection vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE). The patched versions are 13.10.3, 13.9.6, and 13.8.8. Exploitation will result in command execution as the git user.
674d3772ec48b70f0ba624c93a36ffde9a6d313b18359aa19702fc270257ff56Alchemy CMS versions 2.x through 6.0.0 suffers from an arbitrary file upload vulnerability.
6bd3ac8df72360c8b2283948f43f6eca26db0404536d856dac8456679bf76b08This Metasploit module exploits a file upload in VMware vCenter Server's analytics/telemetry (CEIP) service to write a system crontab and execute shell commands as the root user. Note that CEIP must be enabled for the target to be exploitable by this module. CEIP is enabled by default.
036b2591e4ef8beb3558c821f06ea5bf7c27f8226edd7019163d2a719de158acCollege Management System version 1.0 suffers from an arbitrary file upload vulnerability.
86c8805556c5e66a65a17ebcb0557527109d4682af2a0bb382e6b163bb6ceb14Phpwcms version 1.9.30 suffers from a cross site scripting vulnerability via the file upload functionality.
b13080fa702d0a623b11c613c2d06c2c1b46321813ade15e2e32f9ac9fab0c42ECOA building automation systems suffer from path traversal and arbitrary file upload vulnerabilities. Many versions are affected.
ea7f9bd9279b87a7dac72d39679684829a62542b790b1b70e36bca9e2ed2428bGFI Mail Archiver versions 15.1 and below Telerik UI component unauthenticated arbitrary file upload exploit.
0b1a0d410ba11ee018218bfcea858e6ee0a4a8bd1ea77bbc349ee71ceba0f198This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in WordPress SP Project and Document plugin versions prior to 4.22. The security check only searches for lowercase file extensions such as .php, making it possible to upload .pHP files for instance. Finally, the uploaded payload can be triggered by a call to /wp-content/uploads/sp-client-document-manager/<user_id>/<random_payload_name>.php.
7d2c3f217f9d96a1b8933d18886edae37099a342dcf9addd2e24438914311c20This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in WordPress Modern Events Calendar plugin versions prior to 5.16.5. This is due to an incorrect check of the uploaded file extension. Indeed, by using text/csv content-type in a request, it is possible to upload a .php payload as is is not forbidden by the plugin. Finally, the uploaded payload can be triggered by a call to /wp-content/uploads/<random_payload_name>.php.
69c7df31917c6908273c697f81d8629ab2b33991a9590623c7646f14dbb26004This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in Wordpress plugin Backup Guard versions prior to 1.6.0. This is due to an incorrect check of the uploaded file extension which should be of SGBP type. Then, the uploaded payload can be triggered by a call to /wp-content/uploads/backup-guard/<random_payload_name>.php.
3cec1dda9d347f45f65889e051e7fd1d9dc38d9c3e6197d8f4224ca67cb32a27This Metasploit module exploits an arbitrary file upload in the WordPress wpDiscuz plugin versions from 7.0.0 through 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable server.
fab2eeb88db6a1f9b11eed6c490a6ca021dd6f8237a47b405d41bd041a36af45This Metasploit module exploits the file upload vulnerability of Lightweight self-hosted facebook-styled PHP blog and allows remote code execution.
60500517de9e732c50f65c2b42ef9aab7b59dcf4310f936b690f3460d981d122This Metasploit module allows an attacker with a privileged rConfig account to start a reverse shell due to an arbitrary file upload vulnerability in /lib/crud/vendors.crud.php.
9898d80071dec7ddeb79d05a6d3e6a34bfd2027a8c1422f650410e9a1cb4219cThis Metasploit module exploits an unauthenticated file upload vulnerability in Cisco HyperFlex HX Data Platform's /upload endpoint to upload and execute a payload as the Tomcat user.
f5c93c1dbb7c46d018f80b02b7e8b65d92e05da4eaa8f1ef27222f385aefb954This document illustrates proof of concept exploitation of a vulnerability in WordPress versions 5.6.0 through 5.7.0 that gives a user the ability to upload files on a server and exploit an XML parsing issue in the Media Library using an MP3 file upload that leads to an XXE attack.
6f2b6fbc58bcb6f703bd6d4a439b0bd64de13c645bc50f0f2f21b49152561b36QNAP MusicStation and MalwareRemover are affected by arbitrary file upload and command injection vulnerabilities, leading to pre-authentication remote command execution with root privileges on the NAS.
dddda20f7202ce5358af06526c5259d1f75a28b841ba2fcc6fd3fd23682bb880Schlix CMS version 2.2.6-6 suffers from an arbitrary file upload and a directory traversal that together can lead to remote command execution.
fca5df7ad0d34a5f7b8addf705a53ad2dd0527cb631c1a47240bfd8afd22f8d1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed