CVE-2014-9567

ProjectSend (formerly cFTP) is affected by CVE-2014-9567 via an Unrestricted file upload in process-upload.php, spanning r100–r561. A remote attacker can upload a PHP file and access it in upload/files/ or upload/temp/ to execute arbitrary PHP code. Impact is described as remote code execution wi...

ProjectSend - Arbitrary File Upload (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ProjectSend Arbitrary File Upload', 'Description' = %q This module exploits a file upload vulnerability in ProjectSend revisions 100...

CVE-2014-9567

creationtimestamp| type| source ---|---|--- 2014-12-31 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/35660 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/projectsenduploadexec.rb 2025-10-23 21:12:57+00:00|...

ProjectSend Arbitrary File Upload Exploit

This Metasploit module exploits a file upload vulnerability in ProjectSend revisions 100 to 561. The 'process-upload.php' file allows unauthenticated users to upload PHP files resulting in remote code execution as the web server user. This module requires Metasploit: http://metasploit.com/downloa...

ProjectSend Arbitrary File Upload

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ProjectSend Arbitrary File Upload', 'Description' = %q This module exploits a file upload vulnerability in ProjectSend revisions 100...

ProjectSend Arbitrary File Upload

This module exploits a file upload vulnerability in ProjectSend revisions 100 to 561. The 'process-upload.php' file allows unauthenticated users to upload PHP files resulting in remote code execution as the web server user. This module requires Metasploit: https://metasploit.com/download Current...

ProjectSend - Cross Site Scripting Vulnerability

ProjectSend version r561 Ultimate suffers from cross site scripting and path disclosure vulnerabilities. Exploit Title: ProjectSend - Cross Site Scripting & Full Path Disclosure Vulnerability's Date: 19/12/2014 Url Vendor: http://www.projectsend.org/ Vendor Name: ProjectSend Version: r561 Ultimat...

ProjectSend r561 Ultimate Cross Site Scripting / Path Disclosure

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INDEPENDENT SECURITY RESEARCHER PENETRATION TESTING SECURITY -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Exploit Title: ProjectSend - Cross Site Scripting & Full Path Disclosure Vulnerability's Date: 19/12/2014 Url Vendor: http://www.projectsend.org/ Vendor Name:...

ProjectSend r561 - Multiple Vulnerabilities

ProjectSend r561 - Multiple Vulnerabilities -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INDEPENDENT SECURITY RESEARCHER PENETRATION TESTING SECURITY -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Exploit Title: ProjectSend r561 - Cross Site Scripting & Full Path Disclosure Vulnerability's Date: 19/12/2014 Url...

ProjectSend r561 - Multiple Vulnerabilities

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INDEPENDENT SECURITY RESEARCHER PENETRATION TESTING SECURITY -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Exploit Title: ProjectSend r561 - Cross Site Scripting & Full Path Disclosure Vulnerability's Date: 19/12/2014 Url Vendor: http://www.projectsend.org/ Vendor Name...

ProjectSend r-561 - Arbitrary File Upload Exploit

Exploit for php platform in category web applications !/usr/bin/python Exploit Title: ProjectSend r-651 File Upload Date: December 01, 2014 Exploit Author: Fady Mohamed Osman Exploit-db id:2986 Vendor Homepage: http://www.projectsend.org/ Software Link: http://www.projectsend.org/download/67/...

ProjectSend r-561 - Arbitrary File Upload

ProjectSend r-561 - Arbitrary File Upload !/usr/bin/python Exploit Title: ProjectSend r-651 File Upload Date: December 01, 2014 Exploit Author: Fady Mohamed Osman Exploit-db id:2986 Vendor Homepage: http://www.projectsend.org/ Software Link: http://www.projectsend.org/download/67/ Version: r-561...

ProjectSend r-561 - Arbitrary File Upload

!/usr/bin/python Exploit Title: ProjectSend r-651 File Upload Date: December 01, 2014 Exploit Author: Fady Mohamed Osman Exploit-db id:2986 Vendor Homepage: http://www.projectsend.org/ Software Link: http://www.projectsend.org/download/67/ Version: r-561 Tested on: Kubuntu 14.10 x64 import sys...