what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 1,029 RSS Feed

File Upload Files

WSO2 4.0.0 / 4.1.0 / 4.2.0 Shell Upload
Posted Nov 11, 2024
Site github.com

WS02 versions 4.0.0, 4.1.0, and 4.2.0 are susceptible to remote code execution via an arbitrary file upload vulnerability.

tags | exploit, remote, arbitrary, code execution, file upload
SHA-256 | 88bbb0e549a78d6ccac8792066a572155603f8e8b352a29a78237e92f01cd2a7
ABB Cylon Aspect 3.08.01 File Upload MD5 Checksum Bypass
Posted Nov 1, 2024
Authored by LiquidWorm | Site zeroscience.mk

ABB Cylon Aspect version 3.08.01 has a vulnerability in caldavInstall.php, caldavInstallAgendav.php, and caldavUpload.php files, where the presence of an EXPERTMODE parameter activates a badassMode feature. This mode allows an unauthenticated attacker to bypass MD5 checksum validation during file uploads. By enabling badassMode and setting the skipChecksum parameter, the system skips integrity verification, allowing attackers to upload or install altered CalDAV zip files without authentication. This vulnerability permits unauthorized file modifications, potentially exposing the system to tampering or malicious uploads.

tags | exploit, php, file upload
SHA-256 | accf80983115dc5908f4545001f436450bd05752c8b5b6b674a1efd83446277b
Transport Management System 1.0 Arbitrary File Upload
Posted Oct 4, 2024
Authored by indoushka

Transport Management System version 1.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 1cd66e393ca7966dfbaac0ad1a1b3a444b9752a015b512e8517095c91f4717e2
Simple Music Management System 1.0 Arbitrary File Upload
Posted Oct 1, 2024
Authored by indoushka

Simple Music Management System version 1.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 199208c90ef7b0a9bafb453966c1c18290282b16dd26a3535aa7d2869e44e262
Printing Business Records Management System 1.0 Arbitrary File Upload
Posted Oct 1, 2024
Authored by indoushka

Printing Business Records Management System version 1.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 8751b24fbc8f067b192e862d9c15c970e7302c26f87c9d0cc2333260c476a884
Online Eyewear Shop 1.0 Arbitrary File Upload
Posted Oct 1, 2024
Authored by indoushka

Online Eyewear Shop version 1.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 1f14cfc963330f0a01f9c4aced1f7de282ae44271edc1a4cd158e539df7c983e
Event Management System 1.0 Arbitrary File Upload
Posted Oct 1, 2024
Authored by indoushka

Event Management System version 1.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 131043ebb9ab67fd7a914885356e55ba6ab7a264cc269b23797acfbc70234823
Student Enrollment 1.0 Arbitrary File Upload
Posted Sep 30, 2024
Authored by indoushka

Student Enrollment version 1.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 49cc50e326b3fd62447d476f81a9de0cba690a49f3f4ee75a6bc4a78f3795d14
Rupee Invoice System 1.0 Arbitrary File Upload
Posted Sep 26, 2024
Authored by indoushka

Rupee Invoice System version 1.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 6fb3380fdbd9dc68d4cb8441ac475f25ac1ecd1029d07f228a330be33ec7258c
Online Job Search System 1.0 Arbitrary File Upload
Posted Sep 25, 2024
Authored by indoushka

Online Job Search System version 1.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 25f5aa2a29c64ab981939ce3c1c10082aa1a07beb7098128132b5921c035bc9d
Online Flight Booking System 1.0 Arbitrary File Upload
Posted Sep 25, 2024
Authored by indoushka

Online Flight Booking System version 1.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | cbda91dc01c92da5a98f256f2b262f13fd4937433fae73274fba8113fbbc7648
Traccar 5.12 Remote Code Execution
Posted Sep 24, 2024
Authored by Naveen Sunkavally, Michael Heinzl, yiliufeng168 | Site metasploit.com

This Metasploit module exploits a remote code execution vulnerability in Traccar versions 5.1 through 5.12. Remote code execution can be obtained by combining path traversal and an unrestricted file upload vulnerabilities. By default, the application allows self-registration, enabling any user to register an account and exploit the issues. Moreover, the application runs by default with root privileges, potentially resulting in a complete system compromise. This Metasploit module, which should work on any Red Hat-based Linux system, exploits these issues by adding a new cronjob file that executes the specified payload.

tags | exploit, remote, root, vulnerability, code execution, file upload
systems | linux, redhat
advisories | CVE-2024-24809, CVE-2024-31214
SHA-256 | 0bc1add3ef020b8c6e70e1d2ec3bfd3d9c59d68531db58229710061c08ef8c2e
Travel Management System Project 1.0 Arbitrary File Upload
Posted Sep 20, 2024
Authored by indoushka

Travel Management System Project version 1.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 759d3158646088d395fadb366a34f4e08fcbf04963fd9527824e9428498ffc2b
Online Traffic Offense 1.0 CSRF / Arbitrary File Upload
Posted Sep 18, 2024
Authored by indoushka

Online Traffic Offense version 1.0 suffers from cross site request forgery and arbitrary file upload vulnerabilities.

tags | exploit, arbitrary, vulnerability, file upload, csrf
SHA-256 | e5a827b48fc4659294048f669ce8dc8150ad3c9cea88685a31c1e4fff34cdbbd
Online Notice Board System 1.0 Arbitrary File Upload
Posted Sep 17, 2024
Authored by indoushka

Online Notice Board System version 1.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | ab3ddd76fa0a76019b10579096221df8438dc75c5be821cc1ebffb0b0e85e47b
Online Bus Ticket Booking Website 1.0 Arbitary File Upload
Posted Sep 17, 2024
Authored by indoushka

Online Bus Ticket Booking Website version 1.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | d02b982816fa96d983d448b4dac321ae5fc15af8c9aaf37b74b02f7189a5feb4
Expense Management System 1.0 Arbitrary File Upload
Posted Sep 17, 2024
Authored by indoushka

Expense Management System version 1.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 66dcc2bef5476bdd41cb8a565bbbb520bf475144f6f9a701f2b3796408386473
Online Job Recruitment Portal Project 1.0 Arbitrary File Upload
Posted Sep 16, 2024
Authored by indoushka

Online Job Recruitment Portal Project version 1.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 0b11185c3ea1add14d0fab396e3abc79b89450ee26fe1d4c4eb27856f33193ea
SPIP BigUp 4.3.1 / 4.2.15 / 4.1.17 Unauthenticated Remote Code Execution
Posted Sep 12, 2024
Authored by Valentin Lobstein, Laluka, Julien Voisin, Vozec | Site metasploit.com

This Metasploit module exploits a Remote Code Execution vulnerability in the BigUp plugin of SPIP. The vulnerability lies in the lister_fichiers_par_champs function, which is triggered when the bigup_retrouver_fichiers parameter is set to any value. By exploiting the improper handling of multipart form data in file uploads, an attacker can inject and execute arbitrary PHP code on the target server. This critical vulnerability affects all versions of SPIP from 4.0 up to and including 4.3.1, 4.2.15, and 4.1.17. It allows unauthenticated users to execute arbitrary code remotely via the public interface. The vulnerability has been patched in versions 4.3.2, 4.2.16, and 4.1.18.

tags | exploit, remote, arbitrary, php, code execution, file upload
advisories | CVE-2024-8517
SHA-256 | 470929e92864600915a7773675e61c23486f09b86f3d05d72951628b436ed7c0
Queuing Simple Chatbot 1.0 Shell Upload
Posted Sep 11, 2024
Authored by indoushka

Queuing Simple Chatbot version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, file upload
SHA-256 | 1ac1abe713bae44f313173560ae4b2399dcbac5f41ce3ca8ddd25b5daa57b3ff
Crime Complaints Reporting Management System 1.0 Arbitrary File Upload
Posted Sep 6, 2024
Authored by indoushka

Crime Complaints Reporting Management System version 1.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 3cc5618e76f72a62cd86bf2b3fd5f9a047a06734d88af32677fe76edb0e529b0
Student Attendance Management System 1.0 Arbitrary File Upload
Posted Sep 4, 2024
Authored by indoushka

Student Attendance Management System version 1.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 8301589003c010f20ac529eb42cbb71ab3534415a910f9e4049f5a4439af953d
Online Travel Agency System 1.0 Arbitrary File Upload
Posted Sep 3, 2024
Authored by indoushka

Online Travel Agency System version 1.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 5d679af79681b3230bebbb01358d179220b220e1d69d8bcf6fa3c2dfc830be0f
Hostel Management System 1.0 Arbitrary File Upload
Posted Sep 2, 2024
Authored by indoushka

Hostel Management System version 1.0 version 1.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 27f8218a09b1dbd02541ebb3a01b906007cc837ea1498cdeb2bc7e08eaf27619
MediaWiki SVG XML Entity Expansion Remote File Access
Posted Sep 1, 2024
Authored by juan vazquez, Christian Mehlmauer, Daniel Franke | Site metasploit.com

This Metasploit module attempts to read a remote file from the server using a vulnerability in the way MediaWiki handles SVG files. The vulnerability occurs while trying to expand external entities with the SYSTEM identifier. In order to work MediaWiki must be configured to accept upload of SVG files. If anonymous uploads are allowed the username and password arent required, otherwise they are. This Metasploit module has been tested successfully on MediaWiki 1.19.4, 1.20.3 on Ubuntu 10.04 and Ubuntu 12.10. Older versions were also tested but do not seem to be vulnerable to this vulnerability. The following MediaWiki requirements must be met: File upload must be enabled, $wgFileExtensions[] must include svg, $wgSVGConverter must be set to something other than false.

tags | exploit, remote, file upload
systems | linux, ubuntu
SHA-256 | 71615d7c455fb2156a5414c500e8bff8843420ced30f06fff70abbf96f287ac8
Page 1 of 42
Back12345Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close