WordPress DesignFolio+ Theme File Upload

Exploit Title: Wordpress Theme DesignFolio+ Arbitrary File Upload Vulnerability Google dork: inurl:wp-content/themes/DesignFolio-Plus Author: CrashBandicot Date: 04.03.2015 OSVDB-ID: 119623 Vendor HomePage: https://github.com/UpThemes/DesignFolio-Plus Software Link:...

CVE-2014-7835

CVE-2014-7835 affects Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3. The webservice/upload.php handler fails to ensure uploaded files are placed in a private/draft area, allowing remote authenticated users to upload JavaScript in the profile-picture area and perform cross-site scripting (XSS)....

GetSimpleCMS PHP File Upload Exploit

This Metasploit module exploits a file upload vulnerability in GetSimple CMS. By abusing the upload.php file, a malicious authenticated user can upload an arbitrary file, including PHP code, which results in arbitrary code execution. This module requires Metasploit: http//metasploit.com/download...

Echelon - media-upload.php Remote File Upload

The echelon WordPress theme was affected by a media-upload.php Remote File Upload security vulnerability...

PDW File Browser - upload.php Arbitrary File Upload

The pdw-file-browser WordPress plugin was affected by an upload.php Arbitrary File Upload security vulnerability...

Asset Manager - upload.php Arbitrary Code Execution

The asset-manager WordPress plugin was affected by an upload.php Arbitrary Code Execution security vulnerability...

Smart Slideshow - upload.php Multiple File Extension Upload Arbitrary Code Execution

The smart-slide-show WordPress plugin was affected by an upload.php Multiple File Extension Upload Arbitrary Code Execution security vulnerability...

Dokeos LMS <= 1.8.5 (include) Remote Code Execution Exploit

No description provided by source. !/usr/bin/perl Dokeos LMS = 1.8.5 include Remote Code Execution Exploit Description --------------------------------------------------------------- Dokeos LMS contains one flaw that allows an attacker to include a local file with html extension. The issue is due...

Ppim <= 1.0 (Arbitrary File Delete/XSS) Multiple Vulnerabilities

No description provided by source. Author : BeyazKurt Contact : [email protected] Script : Ppim v1.0 Bu ne bicim script adidir amk :D Download : http://scripts.ringsworld.com/organizers/ppim.zip D0rk : inurl:events.php?listallevents File Delete Vulnerability: upload.php...

NetLink Arbitrary File Upload Vulnerability

No description provided by source. ====================================== NetLink Remote Arbitrary File Upload Vulnerability Download: http://sourceforge.net/projects/kp-netlink/ by lumut-- Homepage: lumutcherenza.biz ====================================== upload.php ?php extract$POST; if $submit...

Battle Scrypt Shell Upload Vulnerability

No description provided by source. Exploit Title: Battle Scrypt Shell Upload Vulnerability Date: 19.05.2010 Author: DigitALL Software Link: http://www.scrypted.com/battlescrypt.html Tested on: Windows Xp Sp3 Code : d0rk: Powered by Battle Scrypt or inurl:upload.php For Script Kidde : Exploit: Go ...

Barbo91 'upload.php' Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/37512/info Barbo91 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

contentnow 1.30 (upload/xss) Multiple Vulnerabilities

No description provided by source. ContentNow Directory Traversalupload.php ------------------------------------------ -vulnerability By: Timq -http://securitydb.org -Team Root-Shell -Email:timqathushmail.com ------------------------------------------ It appears that it is possible to view any...

Velhost Uploader Script 1.2 - Local File Inclusion Vulnerability

No description provided by source. =============================================================== velhost uploader script v1.2 Local File Inclusion Vulnerability =============================================================== + velhost uploader script v1.2 Local File Inclusion Vulnerability...

Wordpress Relocate Upload Plugin 0.14 Remote File Inclusion

在relocate-upload.php文件第16行,没有对传入的abspath进行过滤,导致任意文件本地远程文件包含 if isset$GET'rufolder' // WP setup and function access define'WPUSETHEMES', false; requireonceurldecode$GET'abspath'.'/wp-load.php'; // save us looking for it, it's passed as a GET parameterarameter...

WordPress dzs-videogallery Plugins Remote File Upload Vulnerability

No description provided by source. Exploit Title: WordPress dzs-videogallery Plugins Remote File Upload Vulnerability Author: iskorpitx Date: 22/11/2013 Vendor Homepage: http://digitalzoomstudio.net Themes Link: http://digitalzoomstudio.net/docs/wpvideogallery/ Infected File: upload.php Category:...

FreeWPS 2.11 Upload.PHP Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20494/info FreeWPS is prone to a remote command-execution vulnerability. Attackers can exploit this issue to execute arbitrary system commands with the privileges of the webserver process. FreeWPS version 2.11 is vulnerab...

WordPress OptimizePress Theme File Upload Remote Code Execution

A file upload vulnerability has been reported in the Wordpress theme OptimizePress. The vulnerability is due to an insecure file upload on the media-upload.php component. A remote attacker could trigger this flaw by sending a crafted HTTP request to the vulnerable system...

NS_ASG 6.3 /upload.php 任意文件上传漏洞

No description provided by source...

CVE-2013-5951

Multiple cross-site scripting XSS vulnerabilities in eXtplorer 2.1.3, when used as a component for Joomla!, allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 application.js.php in scripts/ or 2 admin.php, 3 copymove.php, 4 functions.php, 5 header.php, or 6...