Wolf CMS 0.8.2 Shell Upload

,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------' Exploit Title : Wolf CMS Arbitrary File Upload Exploit Date : 16 April...

WordPress MiwoFTP Plugin 1.0.5 CSRF Arbitrary File Deletion Exploit

Exploit for php platform in category web applications WordPress MiwoFTP Plugin 1.0.5 CSRF Arbitrary File Deletion Exploit Vendor: Miwisoft LLC Product web page: http://www.miwisoft.com Affected version: 1.0.5 Summary: MiwoFTP is a smart, fast and lightweight file manager plugin that operates from...

WordPress MiwoFTP 1.0.5 CSRF / Cross Site Scripting

WordPress MiwoFTP Plugin 1.0.5 Multiple CSRF XSS Vulnerabilities Vendor: Miwisoft LLC Product web page: http://www.miwisoft.com Affected version: 1.0.5 Summary: MiwoFTP is a smart, fast and lightweight file manager plugin that operates from the back-end of WordPress. Desc: MiwoFTP WP Plugin...

WordPress MiwoFTP 1.0.5 Cross Site Request Forgery

WordPress MiwoFTP Plugin 1.0.5 CSRF Arbitrary File Deletion Exploit Vendor: Miwisoft LLC Product web page: http://www.miwisoft.com Affected version: 1.0.5 Summary: MiwoFTP is a smart, fast and lightweight file manager plugin that operates from the back-end of WordPress. Desc: Input passed to the...

WordPress Plugin MiwoFTP 1.0.5 - Arbitrary File Download (1)

WordPress Plugin MiwoFTP 1.0.5 - Arbitrary File Download 1 Exploit Title :WordPress MiwoFTP Plugin 1.0.5 Arbitrary File Download Exploit Vendor :Miwisoft LLC Vendor Homepage :http://www.miwisoft.com Version :1.0.5 Tested on :Win7/Chrome/Firefox Exploit Author :Necmettin COSKUN...

WordPress MiwoFTP Plugin 1.0.5 CSRF Arbitrary File Creation Exploit (RCE)

Exploit for php platform in category web applications WordPress MiwoFTP Plugin 1.0.5 CSRF Arbitrary File Creation Exploit RCE Vendor: Miwisoft LLC Product web page: http://www.miwisoft.com Affected version: 1.0.5 Summary: MiwoFTP is a smart, fast and lightweight file manager plugin that operates...

WordPress Plugin MiwoFTP 1.0.5 - Arbitrary File Download (1)

Exploit Title :WordPress MiwoFTP Plugin 1.0.5 Arbitrary File Download Exploit Vendor :Miwisoft LLC Vendor Homepage :http://www.miwisoft.com Version :1.0.5 Tested on :Win7/Chrome/Firefox Exploit Author :Necmettin COSKUN =@babayarisi Discovery date :04/15/2015 MiwoFTP is a file manager plugin for...

WordPress Plugin MiwoFTP 1.0.5 - Multiple Cross-Site Request Forgery Cross-Site Scripting Vulnerabilities

WordPress Plugin MiwoFTP 1.0.5 - Multiple Cross-Site Request Forgery Cross-Site Scripting Vulnerabilities WordPress MiwoFTP Plugin 1.0.5 Multiple CSRF XSS Vulnerabilities Vendor: Miwisoft LLC Product web page: http://www.miwisoft.com Affected version: 1.0.5 Summary: MiwoFTP is a smart, fast and...

WordPress MiwoFTP Plugin 1.0.5 CSRF Arbitrary File Deletion Exploit

Summary MiwoFTP is a smart, fast and lightweight file manager plugin that operates from the back-end of WordPress. Description Input passed to the 'selitems' parameter is not properly sanitised before being used to delete files. This can be exploited to delete files with the permissions of the we...

WordPress Plugin MiwoFTP 1.0.5 - Cross-Site Request Forgery / Arbitrary File Deletion

WordPress MiwoFTP Plugin 1.0.5 CSRF Arbitrary File Deletion Exploit Vendor: Miwisoft LLC Product web page: http://www.miwisoft.com Affected version: 1.0.5 Summary: MiwoFTP is a smart, fast and lightweight file manager plugin that operates from the back-end of WordPress. Desc: Input passed to the...

JVN#97099798: eXtplorer vulnerable to cross-site scripting

eXtplorer is a web-based file manager. eXtplorer contains multiple cross-site scripting vulnerabilities. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Products...

MiwoFTP - File & Folder Manager <= 1.0.4 - Arbitrary File Disclosure

A hook is added to ‘init’ in the file ‘miwoftp/miwoftp.php’. This hook is triggered whenever a user visits the front end of the site. The function specified in this hook will proceed to allow the user to download a file within the scope of the home directory of the site. Various values from the G...

MiwoFTP - File & Folder Manager <= 1.0.4 - Arbitrary File Disclosure

A hook is added to ‘init’ in the file ‘miwoftp/miwoftp.php’. This hook is triggered whenever a user visits the front end of the site. The function specified in this hook will proceed to allow the user to download a file within the scope of the home directory of the site. Various values from the G...

Concrete CMS: Self Xss on File Replace

In File manager there is an Replace option to replace files from three resources . 1. from computer 2.incoming 3.Remote files For remote files if we put http://example.com/" in the url box It reflects xss. Poc: https://www.dropbox.com/s/m7pb9wiwxix1oyu/replacexss.mkv?dl=0 Thanks...

EUVD-2015-1559

Multiple cross-site scripting XSS vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 horder, 2 jakcatid, 3 jakcontent, 4 jakcss, 5 jakdeletelog, 6 jakemail, 7 jakextfile, 8 jakfile, 9 jakhookshow, 10 jakimg, 11 jakjavascript, 12...

DAws - Advanced Web Shell (Windows/Linux)

There's multiple things that makes DAws better than every Web Shell out there: 1. Bypasses Disablers; DAws isn't just about using a particular function to get the job done, it uses up to 6 functions if needed, for example, if shellexec was disabled it would automatically use exec or passthru or...

CVE-2015-1053

Cross-site scripting XSS vulnerability in the administrative backend in Croogo before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to admin/filemanager/filemanager/editfile...

vBulletin MicroCART 1.1.4 - Arbitrary File(s) Deletion, SQL Injection & XSS Vulnerabilities

Exploit for php platform in category web applications Exploit Title: vBulletin MicroCART 1.1.4 - Arbitrary Files Deletion, SQL Injection & XSS Date: January 8, 2015 Exploit Author: Technidev https://technidev.com Vendor Homepage: https://vbulletin.com Software Link:...

Installatron GQ File Manager SQL Injection Vulnerability

Installatron GQ File Manager is a web-based GQ file manager from Installatron. Installatron GQ File Manager 0.2.5 suffers from a SQL injection vulnerability that allows remote attackers to execute arbitrary commands via indexphp creation parameters...

CVE-2014-9445

SQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remote attackers to execute arbitrary SQL commands via the create parameter to index.php. NOTE: this can be leveraged for cross-site scripting XSS attacks by creating a file that generates an error...