Helpdezk 1.1.1 Shell Upload

Exploit Title: Helpdezk 1.1.1 - Arbitrary File Upload Dork: N/A Date: 2018-11-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.helpdezk.org/ Software Link: https://netcologne.dl.sourceforge.net/project/helpdezk/helpdezk-1.1.1.zip Version: 1.1.1 Category: Webapps Tested on:...

Kordil EDMS 2.2.60rc3 Shell Upload

Exploit Title: Kordil EDMS 2.2.60rc3 - Arbitrary File Upload Dork: N/A Date: 2018-11-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.kordil.net/ Software Link: https://vorboss.dl.sourceforge.net/project/kordiledms/Kordil%20EDMS%20v2.2.60rc3/kordiledmsinstaller.exe Version: 2.2.60rc3...

OCS Inventory NG ocsreports Shell Upload

Request 1 This request creates a temporary file containing PHP code in the /usr/share/ocsinventory-reports/ocsreports/a.php.a/ directory. POST /ocsreports/index.php?function=telepackage HTTP/1.1 Host: 192.168.5.135 User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:61.0 Gecko/20100101...

File Inclusion Vulnerability in Vanno Enterprise Management System PHP ch***.php File

Vanno Enterprise Management System PHP version 2.0 background channel.php file contains vulnerabilities A file inclusion vulnerability exists in the PHP ch.php file of the Vanno Enterprise Management System. An attacker can exploit the vulnerability to upload a shell and gain server privileges...

OCS Inventory NG ocsreports Shell Upload Vulnerability

OCS Inventory NG suffers from an ocsreports authenticated remote code execution vulnerability via a shell upload. OCS Inventory NG ocsreports Shell Upload Request 1 This request creates a temporary file containing PHP code in the /usr/share/ocsinventory-reports/ocsreports/a.php.a/ directory. POST...

File Containment Vulnerability in PHP de***.php file of Vanno Enterprise Management System

Vanno Enterprise Management System PHP is an enterprise website management system based on php+MySQL. A file inclusion vulnerability exists in the Vanno Enterprise Management System PHP de.php file. An attacker can exploit the vulnerability to upload a shell and gain server privileges...

Poppy Web Interface Generator 0.8 Shell Upload

Exploit Title: Poppy Web Interface Generator 0.8 - Arbitrary File Upload Dork: N/A Date: 2018-11-04 Exploit Author: Ihsan Sencan Vendor Homepage: http://poppy.dc-development.de/ Software Link: https://master.dl.sourceforge.net/project/poppy-beta-rc/poppy0.8betarc.zip Version: 0.8 Category: Webapp...

GoUrl Bitcoin Payment Gateway < 1.4.14 - Shell Upload

The GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership WordPress plugin was affected by a Shell Upload security vulnerability...

Notes Manager 1.0 Shell Upload

Exploit Title: Notes Manager 1.0 - Arbitrary File Upload Dork: N/A Date: 2018-10-30 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.webprojectbuilder.com/item/notes-management Software Link: https://astuteinternet.dl.sourceforge.net/project/notes-manager/notesmanagement.zip Version: 1.0...

School Attendance Monitoring System 1.0 Shell Upload

Exploit Title: School Attendance Monitoring System 1.0 - Arbitrary File Upload Dork: N/A Date: 2018-10-29 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link:...

Webiness Inventory 2.9 Shell Upload Exploit

Exploit for php platform in category web applications Exploit Title: Webiness Inventory 2.9 Arbitrary File Upload Exploit Author: Boumediene KADDOUR Unit: Algerie Telecom R&D Unit Software Link: https://github.com/webiness/webinessinventory Version: 2.9 46 foreach $FILES as $file 47 $fileName =...

Webiness Inventory 2.9 Shell Upload

Exploit Title: Webiness Inventory 2.9 Arbitrary File Upload Date: 10/27/2018 Exploit Author: Boumediene KADDOUR Unit: Algerie Telecom R&D Unit Software Link: https://github.com/webiness/webinessinventory Version: 2.9 46 foreach $FILES as $file 47 $fileName = $file'name'; 48 $fileTmp =...

Put2Win - Script To Automatize Shell Upload By PUT HTTP Method To Get Meterpreter

Script to automatize shell upload by PUT HTTP method to get meterpreter. Dependencies It's necessary to have installed nmap and msfvenom tools for a correct operation Installation git clone https://github.com/sysdevploit/put2win Usage ./Put2win.sh -h This script automatize shell upload by PUT HTT...

Watchguard AP100 AP102 AP200 1.2.9.15 - Remote Code Execution Exploit

Exploit for linux platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Watchguard AP Backdoor Shell', 'Description' = 'Watchguard AP's have a backdoor account...

Super CMS Blog Pro PHP Script 1.0 SQL Injection / Shell Upload

Exploit Title: Super Cms Blog Pro PHP Script v1.0 - Upload shell & SQL Injection Google Dork: N/A Date: 2018/25/7 Exploit Author: ShanoWeb Author Mail : MrdotNet2NetatGmaildotcom Vendor Homepage: https://www.codester.com/Seunex Software Buy:...

Super CMS Blog Pro PHP Script 1.0 SQL Injection / Shell Upload Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Super Cms Blog Pro PHP Script v1.0 - Upload shell & SQL Injection Google Dork: N/A Date: 2018/25/7 Exploit Author: ShanoWeb Author Mail : MrdotNet2NetatGmaildotcom Vendor Homepage: https://www.codester.com/Seunex Software Buy:...

LaraChurch 1.0 Shell Upload

Exploit Title: LaraChurch - Complete Church Management System - Remote Shell Upload Date: 2018/24/06 Exploit Author: ShanoWeb Author Mail : MrdotNet2NetatGmaildotcom Vendor Homepage: https://creatydev.com Software Buy:...

Mail.ru: Shell upload in partner service

Shell code upload RCE vulnerability in partner service provided as an additional functionality withing mail.ru branded service. On the moment of reporting, partner services are not covered by bug bounty program, the bounty was awarded due to potential problem criticality...

NUUO NVRmini2 / NVRsolo Shell Upload

NUUO NVRmini2 / NVRsolo Arbitrary File Upload Vulnerability ========================== Advisory: NUUO NVRmini2 / NVRsolo Arbitrary File Upload Vulnerability Author: M3@pandas From DBAppSecurity Affected Version: All ========================== Vulnerability Description ==========================...

Monero: forum.getmonero.org Shell upload

Summary: The method uploadProfile in the UsersController allows an attacker to upload a shell to the target server due to lack of image validation. Description: Steps To Reproduce: 1. Open POC https://forum.getmonero.org/uploads/profile/lNobodyl1527340454.php or...