Java 7 Update 11 vulnerability to download and execute

Java 7 Update 11 vulnerability to download and execute. With this applet you can boot from a remote host and execute the file, bypassing pisochnitsy java, also affected and older. Usage Info All material is provided with source code, and you will be able to easily assemble ready exploit replacing...

PhotoStore 4.0.7 Arbitary File Execution

Exploit for php platform in category web applications ​ . \ /| | \ \ \ \ | | | | / \ / \ /\ / \ / / / / / \ /\ / \ / / / | | | Y \ / \ | | \ /\ \ \ | | /\ /\ / || || /\ \ /|| / /// \ /|| \ // / / / / / / http://tcc.sch.id ​ Exploit title : PhotoStore 4.0.7 shell upload Author...

WordPress Theme Suco - 'themify-ajax.php' Arbitrary File Upload

source: https://www.securityfocus.com/bid/63836/info The Suco themes for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. An attacker may leverage this issue to upload...

Double Executable File Extension Arbitrary File Execution

Certain malicious executable files can be hidden using double extension filenames...

Open Flash Chart 2 Arbitrary File Upload

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "Open Flash Chart v2 Arbitrary File Upload", 'Description' = %q This module exploits a file upload vulnerability found in Open Flash...

WordPress Theme Daily Deal - Arbitrary File Upload

WordPress Theme Daily Deal - Arbitrary File Upload source: https://www.securityfocus.com/bid/63257/info The Daily Deal theme is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. An attack...

Debian Security Advisory DSA 2591-1 (mahara - several vulnerabilities)

Multiple security issues have been found in Mahara, an electronic portfolio, weblog, and resume builder, which can result in cross-site scripting, clickjacking or arbitrary file execution. OpenVAS Vulnerability Test $Id: deb25911.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from...

Mitsubishi MC-WorkX 8.02 File Execution

Mitsubishi MC-WorkX Suite Insecure ActiveX Control IcoLaunch This proof of concept will launch an arbritrary executable when the Login Client button is clicked. An attacker could use this to have the victim launch malicious code from a remote share. Calc is used in this example...

Mitsubishi MC-WorkX 8.02 ActiveX Control (IcoLaunch) File Execution

Exploit for windows platform in category remote exploits Mitsubishi MC-WorkX Suite Insecure ActiveX Control IcoLaunch This proof of concept will launch an arbritrary executable when the Login Client button is clicked. An attacker could use this to have the victim launch malicious code from a remo...

Mitsubishi MC-WorkX 8.02 - ActiveX Control IcoLaunch File Execution

Mitsubishi MC-WorkX 8.02 - ActiveX Control IcoLaunch File Execution Mitsubishi MC-WorkX Suite Insecure ActiveX Control IcoLaunch This proof of concept will launch an arbritrary executable when the Login Client button is clicked. An attacker could use this to have the victim launch malicious code...

Microsoft Word CVE-2013-3851 Remote Memory Corruption Vulnerability

Description Microsoft Word is prone to a remote memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions. Technologies Affected Microsoft...

Spitefire CMS 1.1.4 Cross Site Request Forgery

Exploit Title: spitefire CMS - CSRF / ADD / EDTI / UPLOAD FILE Date: 2013 15 August Exploit Author: Yashar shahinzadeh Special thanks to Mormoroth Credit goes for: http://y-shahinzadeh.ir & ha.cker.ir Vendor Homepage: http://spitfire.clausmuus.de/ Tested on: Linux & Windows, PHP 5.2.9 Affected...

CVE-2013-0150

Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products "when APM is provisioned," allows remote attackers to upload and execut...

CVE-2013-0150

Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products "when APM is provisioned," allows remote attackers to upload and execut...

PT-2013-2133 · F5 · Firepass +1

Name of the Vulnerable Software and Affected Versions: F5 BIG-IP APM versions 10.1.0 through 10.2.4 F5 BIG-IP APM versions 11.0.0 through 11.3.0 FirePass versions 6.0.0 through 6.1.0 FirePass version 7.0.0 Description: A directory traversal issue exists in the client-side components of the affect...

CVE-2013-5021

Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remot...

AVAST Universal Core Installer - Multiple Vulnerabilities

Document Title: =============== AVAST Universal Core Installer - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=966 Release Date: ============= 2013-06-27 Vulnerability Laboratory ID VL-ID: ==================================== 9...

The WSS project management system Post get shell-vulnerability warning-the black bar safety net

The POST data Vulnerability file to execute arbitrary suffix of the file to save 漏洞 文件 /chart/php-ofc-library/ofcuploadimage.php Use: /chart/php-ofc-library/ofcuploadimage.php?name=hfy.php hfy.php file name Post any data 保存 位置 http://localhost/chart/tmp-upload-images/hfy.php ! ! The latest versio...

OpenEMR - Arbitrary '.PHP' File Upload (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "OpenEMR PHP File...

WordPress Advanced Custom Fields Remote File Inclusion

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'WordPress Plugin Advanced Custom Fiel...