Evince - CBT File Command Injection (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/zip' class MetasploitModule 'Evince CBT File Command Injection', 'Description' = %q This module exploits a command injection vulnerability in Evince before...

WordPress Media File Manager Path Traversal Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.Media File Manager plugin is a media library folder/category management plugin used in it. A path traversal vulnerability...

Unspecified Vulnerability in WordPress Media File Manager

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.Media File Manager plugin is a media library folder/category management plugin used in it. An unspecified vulnerability exis...

WordPress Media File Manager Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.Media File Manager plugin is a media library folder/category management plugin used in it. A cross-site scripting...

U.S. Dept Of Defense: RCE on https://█████/ Using CVE-2017-9248

Summary: https://█████████/ is hosting an unpatched version of the Telerik DialogHandler Telerik.Web.UI.DialogHandler.aspx allowing for the machine key to be brute forced. The machine key can be used to access the DNN file manager to upload arbitrary files including ASPX giving a web shell and RC...

Evince CBT File Command Injection

This module exploits a command injection vulnerability in Evince before version 3.24.1 when opening comic book .cbt files. Some file manager software, such as Nautilus and Atril, may allow automatic exploitation without user interaction due to thumbnailer preview functionality. Note that limited...

CVE-2018-19041

The Media File Manager plugin 1.4.2 for WordPress allows XSS via the dir parameter of an mrelocatorgetdir action to the wp-admin/admin-ajax.php URI...

CVE-2018-19043

The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file renaming specifying a "from" and "to" filename via a ../ directory traversal in the dir parameter of an mrelocatorrename action to the wp-admin/admin-ajax.php URI...

CVE-2018-19042

The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file movement via a ../ directory traversal in the dirfrom and dirto parameters of an mrelocatormove action to the wp-admin/admin-ajax.php URI...

Directory traversal

The Media File Manager plugin 1.4.2 for WordPress allows directory listing via a ../ directory traversal in the dir parameter of an mrelocatorgetdir action to the wp-admin/admin-ajax.php URI...

CVE-2018-19040

The Media File Manager plugin 1.4.2 for WordPress allows directory listing via a ../ directory traversal in the dir parameter of an mrelocatorgetdir action to the wp-admin/admin-ajax.php URI...

CVE-2018-19040

The Media File Manager plugin 1.4.2 for WordPress allows directory listing via a ../ directory traversal in the dir parameter of an mrelocatorgetdir action to the wp-admin/admin-ajax.php URI...

CVE-2018-19043

The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file renaming specifying a "from" and "to" filename via a ../ directory traversal in the dir parameter of an mrelocatorrename action to the wp-admin/admin-ajax.php URI...

Directory traversal

The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file renaming specifying a "from" and "to" filename via a ../ directory traversal in the dir parameter of an mrelocatorrename action to the wp-admin/admin-ajax.php URI...

CVE-2018-19042

The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file movement via a ../ directory traversal in the dirfrom and dirto parameters of an mrelocatormove action to the wp-admin/admin-ajax.php URI...

Directory traversal

The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file movement via a ../ directory traversal in the dirfrom and dirto parameters of an mrelocatormove action to the wp-admin/admin-ajax.php URI...

CVE-2018-19040

The Media File Manager plugin 1.4.2 for WordPress allows directory listing via a ../ directory traversal in the dir parameter of an mrelocatorgetdir action to the wp-admin/admin-ajax.php URI...

CVE-2018-19043

The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file renaming specifying a "from" and "to" filename via a ../ directory traversal in the dir parameter of an mrelocatorrename action to the wp-admin/admin-ajax.php URI...

CVE-2018-19041

The Media File Manager plugin 1.4.2 for WordPress allows XSS via the dir parameter of an mrelocatorgetdir action to the wp-admin/admin-ajax.php URI...

CVE-2018-19042

The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file movement via a ../ directory traversal in the dirfrom and dirto parameters of an mrelocatormove action to the wp-admin/admin-ajax.php URI...