WordPress Plugin Marketplace 2.4.0 - Remote Code Execution (Add Admin)

WordPress Plugin Marketplace 2.4.0 - Remote Code Execution Add Admin !/usr/bin/python Exploit Name: WP Marketplace 2.4.0 Remote Command Execution Vulnerability discovered by Kacper Szurek http://security.szurek.pl Exploit written by Claudio Viviani...

WordPress Plugin WP Symposium 14.11 - Arbitrary File Upload

WordPress Plugin WP Symposium 14.11 - Arbitrary File Upload !/usr/bin/python Exploit Name: Wordpress WP Symposium 14.11 Shell Upload Vulnerability Vulnerability discovered by Claudio Viviani Exploit written by Claudio Viviani 2014-11-27: Discovered vulnerability 2014-12-01: Vendor Notification...

WordPress Plugin Download Manager 2.7.4 - Remote Code Execution

!/usr/bin/python Exploit Name: Wordpress Download Manager 2.7.0-2.7.4 Remote Command Execution Vulnerability discovered by SUCURI TEAM http://blog.sucuri.net/2014/12/security-advisory-high-severity-wordpress-download-manager.html Exploit written by Claudio Viviani 2014-12-03: Discovered...

WordPress WP Symposium 14.11 Shell Upload

!/usr/bin/python Exploit Name: Wordpress WP Symposium 14.11 Shell Upload Vulnerability Vulnerability discovered by Claudio Viviani Exploit written by Claudio Viviani 2014-11-27: Discovered vulnerability 2014-12-01: Vendor Notification Twitter 2014-12-02: Vendor Notification Web Site 2014-12-04:...

Joomla RD Download SQL Injection

!/usr/bin/python Exploit Name: Joomla RD Download SQL Injection Version: Unknown Exploit discovered and written by Claudio Viviani Dork google 1: inurl:index.php?option=comrddownload Dork google 2: inurl:/component/rddownload/ Tested on BackBox 3.x http connection import urllib, urllib2 string...