Lucene search
+L

136 matches found

Snyk
Snyk
added 2021/09/09 2:29 p.m.2 views

Arbitrary File Upload

Overview plupload is a Plupload is JavaScript API for building file uploaders. It supports multiple file selection, file filtering, chunked upload, client side image downsizing and when necessary can fallback to alternative runtimes, like Flash and Silverlight. Affected versions of this package a...

8.8CVSS7AI score0.00993EPSS
Exploits0References2
0day.today
0day.today
added 2019/03/08 12:0 a.m.100 views

phpBB 3.2.3 - Remote Code Execution Exploit

Exploit for php platform in category web applications phpBB 3.2.3 - Remote Code Execution Exploit // All greets goes to RIPS Tech // Run this JS on Attachment Settings ACP page var pluploadsalt = ''; var formtoken = ''; var creationtime = ''; var filepath =...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2019/03/07 12:0 a.m.52 views

phpBB 3.2.3 Remote Code Execution

// All greets goes to RIPS Tech // Run this JS on Attachment Settings ACP page var pluploadsalt = ''; var formtoken = ''; var creationtime = ''; var filepath = 'phar://./../files/plupload/$saltaaae9cba5fdadb1f0c384934cd20d11czip.part'; // md5'evil.zip' = aaae9cba5fdadb1f0c384934cd20d11czip // you...

0.2AI score
Exploits0
Veracode
Veracode
added 2018/11/16 6:48 a.m.26 views

Cross-Site Scripting (XSS)

Plupload is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the id parameter to steal session tokens or perform unwanted actions on behalf of the user...

4.3CVSS5.9AI score0.03135EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2018/11/16 6:34 a.m.27 views

Same Origin Policy Bypass

Plupload is vulnerable to same origin policy bypass. Overly permissive Flash allows scripts from any domain to be run, allowing remote attackers to bypass the same origin policy via crafted swf content...

5CVSS6.1AI score0.05323EPSS
Exploits0References11Affected Software1
0day.today
0day.today
added 2018/05/24 12:0 a.m.25 views

WordPress Peugeot Music Plugin - Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Peugeot Music - Arbitrary File Upload Google Dork: inurl:/wp-content/plugins/peugeot-music-plugin/ Exploit Author: Mr.7z Vendor Homepage: - Software Link: - Version: 1.0 Tested on: Windows 10 64bit Home Edition...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2018/05/23 12:0 a.m.23 views

WordPress Plugin Peugeot Music - Arbitrary File Upload

WordPress Plugin Peugeot Music - Arbitrary File Upload Exploit Title: Wordpress Plugin Peugeot Music - Arbitrary File Upload Google Dork: inurl:/wp-content/plugins/peugeot-music-plugin/ Date: 2018-05-23 Exploit Author: Mr.7z Vendor Homepage: - Software Link: - Version: 1.0 Tested on: Windows 10...

0.4AI score
Exploits0
0day.today
0day.today
added 2018/04/17 12:0 a.m.113 views

Joomla jDownloads 3.2.58 Component Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Joomla! Component jDownloads 3.2.58 - Cross Site Scripting Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.jdownloads.com/ Software Link:...

6.4AI score0.04073EPSS
Exploits4
Exploit DB
Exploit DB
added 2018/04/17 12:0 a.m.51 views

Joomla! Component jDownloads 3.2.58 - Cross Site Scripting

Exploit Title: Joomla! Component jDownloads 3.2.58 - Cross Site Scripting Google Dork: N/A Date: 14-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.jdownloads.com/ Software Link:...

6.1CVSS6.3AI score0.04073EPSS
Exploits4
OSV
OSV
added 2017/11/17 9:29 a.m.5 views

CVE-2017-16871

The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the pluploadaction function in /wp-content/plugins/updraftplus/admin.php has a race condition before deleting a file associated with the name parameter. NOTE: the vendor reports that this does not cross ...

8.1CVSS6AI score0.01647EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2017/11/17 12:0 a.m.7 views

PT-2017-14608 · WordPress · Updraftplus

Name of the Vulnerable Software and Affected Versions: UpdraftPlus plugin versions 1.13.12 and earlier Description: The issue allows remote PHP code execution due to a race condition in the plupload action function before deleting a file associated with the name parameter in...

8.1CVSS8.4AI score0.01647EPSS
Exploits1References4
Veracode
Veracode
added 2017/05/15 7:52 a.m.37 views

Cross-site Scripting (XSS)

plupload is vulnerable to cross-site scripting XSS attacks. The moxie.swf file contains a function that takes in user input and returns a result via a callback endpoint. This can allow a malicious user to inject and execute arbitrary script through a Same Origin Method Execution SOME attack...

6.1CVSS6.3AI score0.05361EPSS
Exploits0References4Affected Software1
Openbugbounty
Openbugbounty
added 2016/10/13 1:11 p.m.12 views

hill-burry.com XSS vulnerability

Open Bug Bounty ID: OBB-186364 Description| Value ---|--- Affected Website:| hill-burry.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/07/07 12:0 a.m.23 views

WordPress < 4.5.2 Multiple Vulnerabilities (ImageTragick)

Binary data 9387.prm...

10CVSS7.3AI score0.97485EPSS
Exploits13References8
NVD
NVD
added 2016/05/22 1:59 a.m.20 views

CVE-2016-4566

Cross-site scripting XSS vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution SOME attack...

6.1CVSS6.2AI score0.05361EPSS
Exploits0References8
OSV
OSV
added 2016/05/22 1:59 a.m.3 views

DEBIAN-CVE-2016-4566

Cross-site scripting XSS vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution SOME attack...

6.1CVSS5.8AI score0.05361EPSS
Exploits0References1
OSV
OSV
added 2016/05/22 1:59 a.m.8 views

CVE-2016-4566

Cross-site scripting XSS vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution SOME attack...

6.1CVSS5.7AI score
Exploits0References8
Prion
Prion
added 2016/05/22 1:59 a.m.24 views

Cross site scripting

Cross-site scripting XSS vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution SOME attack...

4.3CVSS6.1AI score0.05361EPSS
Exploits0References8Affected Software2
UbuntuCve
UbuntuCve
added 2016/05/22 1:59 a.m.30 views

CVE-2016-4566

Cross-site scripting XSS vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution SOME attack...

6.1CVSS6.5AI score0.05361EPSS
Exploits0References3
OSV
OSV
added 2016/05/22 1:59 a.m.3 views

UBUNTU-CVE-2016-4566

Cross-site scripting XSS vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution SOME attack...

6.1CVSS6.5AI score0.05361EPSS
Exploits0References4
Rows per page
Query Builder