WordPress Plugin Ultimate Product Catalog 3.8.6 - Arbitrary File Upload

Exploit Title: Wordpress Ultimate-Product-Catalog v3.8.6 Arbitrary file RCE Date: 2016-06-23 Google Dork: Index of /wp-content/plugins/ultimate-product-catalogue/ Exploit Author: Joaquin Ramirez Martinez i0akiN SEC-LABORATORY Vendor Homepage: http://www.EtoileWebDesign.com/ plugin uri:...

WordPress File Upload Plugin <= 3.8.5 - Insufficient File Extension Blacklisting

Because of this vulnerability, it is possible to bypass the protection by using some extensions: .shtml, .jsp, .cer etc. Solution Upgrade this plugin...

CVE-2016-1183

NTT Data TERASOLUNA Server Framework for JavaWEB 2.0.0.1 through 2.0.6.1, as used in Fujitsu Interstage Business Application Server and other products, allows remote attackers to bypass a file-extension protection mechanism, and consequently read arbitrary files, via a crafted pathname...

CVE-2016-1183

The CVE-2016-1183 entry affects TERASOLUNA Server Framework for Java(WEB) versions 2.0.0.1 through 2.0.6.1. According to the connected sources, a vulnerability exists in the file-extension restriction mechanism of the framework, allowing a remote attacker to bypass the filter via a specially craf...

CVE-2016-1183

NTT Data TERASOLUNA Server Framework for JavaWEB 2.0.0.1 through 2.0.6.1, as used in Fujitsu Interstage Business Application Server and other products, allows remote attackers to bypass a file-extension protection mechanism, and consequently read arbitrary files, via a crafted pathname...

Roxy Fileman 1.4.4 - Arbitrary File Upload

Exploit Title: Roxy Fileman = 1.4.4 Forbidden File Upload Vulnerability Google Dork: intitle:"Roxy file manager" Date: 15-06-2016 Exploit Author: Tyrell Sassen Vendor Homepage: http://www.roxyfileman.com/ Software Link: http://www.roxyfileman.com/download.php?f=1.4.4-php Version: 1.4.4 Tested on:...

Roxy Fileman 1.4.4 - Arbitrary File Upload

Roxy Fileman 1.4.4 - Arbitrary File Upload Exploit Title: Roxy Fileman = 1.4.4 Forbidden File Upload Vulnerability Google Dork: intitle:"Roxy file manager" Date: 15-06-2016 Exploit Author: Tyrell Sassen Vendor Homepage: http://www.roxyfileman.com/ Software Link:...

Roxy File Manager 1.4.4 Shell Upload

Exploit Title: Roxy Fileman = 1.4.4 Forbidden File Upload Vulnerability Google Dork: intitle:"Roxy file manager" Date: 15-06-2016 Exploit Author: Tyrell Sassen Vendor Homepage: http://www.roxyfileman.com/ Software Link: http://www.roxyfileman.com/download.php?f=1.4.4-php Version: 1.4.4 Tested on:...

蝉知CMS5.3 CRSF getshell

简要描述： 蝉知CMS5.3 CRSF getshell 详细说明： /system/module/package/control.php public function upload$type = 'extension' $this-view-canManage = array'result' = 'success'; if!$this-loadModel'guarder'-verify $this-view-canManage = $this-loadModel'common'-verifyAdmin; if$SERVER'REQUESTMETHOD' == 'POST'...

The vulnerability of the Safari browser, which allows a hacker to trigger a service failure

The vulnerability of the Downloads function in the Safari browser is related to an incorrect file extension. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service interruptions through a specially crafted website...

Apple OSX File With Non-Executable File Extension Arbitrary File Execution

Certain malicious OSX files can be hidden using arbitrary filename extensions. A remote attacker could exploit this vulnerability to entice unsuspecting users to execute arbitrary files...

Suspicious Executable Mail Attachment

Certain malicious executable files can be hidden using a different extension for the file. A remote attacker could exploit this vulnerability to entice unsuspecting users to execute a malicious mail attachment. This method is often used by ransomware such as Locky, Cerber, CryptoXXX, and others...

SIMOGEO FileManager 2.3.0 File Upload

Exploit Title: SIMOGEO FileManager 2.3.0 - File Upload Vulnerability Date: 2015-12-09 Exploit Author: HaHwul Exploit Author Blog: http://www.codeblack.net Vendor Homepage: https://github.com/simogeo/Filemanager Software Link: git clone http://github.com/simogeo/Filemanager.git Version: 2.3.0 Test...

MyScript Memo 3.0 Persistent Script Insertion

Document Title: =============== MyScript Memo v3.0 iOS - Mail Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1706 Release Date: ============= 2016-02-10 Vulnerability Laboratory ID VL-ID: ==================================== 170...

bitrix.scan Bitrix 1.0.3 Path Traversal

Advisory ID: HTB23278 Product: bitrix.xscan Bitrix module Vendor: Bitrix Vulnerable Versions: 1.0.3 and probably prior Tested Version: 1.0.3 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18, 2015 Vendor Patch: November 24, 2015 Public Disclosure:...

SIMOGEO FileManager 2.3.0 - Multiple Vulnerabilities

SIMOGEO FileManager 2.3.0 - Multiple Vulnerabilities Exploit Title: SIMOGEO FileManager 2.3.0 - Path Traversal Vulnerability Date: 2015-12-09 Exploit Author: HaHwul Exploit Author Blog: http://www.codeblack.net Vendor Homepage: https://github.com/simogeo/Filemanager Software Link: git clone...

WordPress Plugin Users Ultra 1.5.50 - Unrestricted Arbitrary File Upload

Exploit Title: WordPress Users Ultra Plugin Unrestricted File Upload Discovery Date: 2015/10/27 Public Disclosure Date: 2015/12/01 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: http://usersultra.com Software Link:...

SiteServer XSS+background uploading(the chicken help combination still very adorable)-vulnerability warning-the black bar safety net

Siteserver XSS+background randomly generated webshell Test version: SiteServer V3. 4. 3 1, The storage-typeXSS, www.xxx.com/UserCenter/main.aspx website content submission, click published,to edit click on the source-insert a periodXSSS,such as”scriptalert2 2 2 2 2 2 2 2 2 2 2/script,click on...

CVE-2015-5074 - Arbitrary File Upload In X2Engine Inc. X2Engine

Vulnerability title: Arbitrary File Upload In X2Engine Inc. X2Engine CVE: CVE-2015-5074 Vendor: X2Engine Inc. Product: X2Engine Affected version: 4.2 Fixed version: 5.2 Reported by: Simone Quatrini Details: It was discovered that authenticated users were able to upload files of any type providing...

TeamSpeak Client <= 3.0.18.1 - RFI to RCE Exploit

Exploit for windows platform in category remote exploits Exploit Title: "PwnSpeak" a 0day Exploit for TeamSpeak Client / 0x6FB30B11 my pgp keyid Vendor Homepage: https://www.teamspeak.com/ Application: TeamSpeak 3 Version: TeamSpeak3 Client 3.0.0 - 3.0.18.1 Platforms: Windows, Mac OS X and Linux...