127 matches found
Meeplace Shell Upload - Uploadify Vulnerability
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...
WordPress Plugin Marketplace Plugin 1.5.0 < 1.6.1 - Arbitrary File Upload
Description : Wordpress Plugins - WP Marketplace Shell Upload Vulnerability Version : 1.5.0 - 1.6.1 Link : http://wordpress.org/extend/plugins/wpmarketplace/ Plugins : http://downloads.wordpress.org/plugin/wpmarketplace.zip Date : 26-05-2012 Google Dork : inurl:/wp-content/plugins/wpmarketplace/...
appRain CMF - Arbitrary '.PHP' File Upload (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "appRain CMF...
appRain CMF Arbitrary PHP File Upload Vulnerability
This module exploits a vulnerability found in appRain's Content Management Framework CMF, version 0.1.5 or less. By abusing the uploadify.php file, a malicious user can upload a file to the uploads/ directory without any authentication, which results in arbitrary code execution. This module...
[waraxe-2012-SA#085] - Reflected XSS in Uploadify Integration Wordpress plugin
waraxe-2012-SA085 - Reflected XSS in Uploadify Integration Wordpress plugin =============================================================================== Author: Janek Vind "waraxe" Date: 06. April 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-85.html Description of vulnerabl...
Uploadify Integration 0.9.6 Cross Site Scripting
waraxe-2012-SA085 - Reflected XSS in Uploadify Integration Wordpress plugin =============================================================================== Author: Janek Vind "waraxe" Date: 06. April 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-85.html Description of vulnerabl...
[waraxe-2012-SA#082] - File Existence Disclosure in Uploadify 3.0.0
waraxe-2012-SA082 - File Existence Disclosure in Uploadify 3.0.0 =============================================================================== Author: Janek Vind "waraxe" Date: 05. April 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-82.html Description of vulnerable software:...
[waraxe-2012-SA#083] - Multiple Vulnerabilities in Uploadify 2.1.4
waraxe-2012-SA083 - Multiple Vulnerabilities in Uploadify 2.1.4 =============================================================================== Author: Janek Vind "waraxe" Date: 05. April 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-83.html Description of vulnerable software:...
WordPress Plugin Uploadify Integration 0.9.6 - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/52944/info Uploadify Integration plugin for WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browse...
Uploadify 2.1.4 Cross Site Scripting / Shell Upload
waraxe-2012-SA083 - Multiple Vulnerabilities in Uploadify 2.1.4 =============================================================================== Author: Janek Vind "waraxe" Date: 05. April 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-83.html Description of vulnerable software:...
WordPress Uploadify Integration Plugin 0.9.6 - Multiple Cross Site Scripting Vulnerabilities
WordPress Uploadify Integration plugin is prone to multiple cross-site scripting vulnerabilities. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal...
WordPress Plugin Uploadify Integration 0.9.6 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin Uploadify Integration 0.9.6 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/52944/info Uploadify Integration plugin for WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplie...
Uploadify 3.0.0 File Existence Disclosure
waraxe-2012-SA082 - File Existence Disclosure in Uploadify 3.0.0 =============================================================================== Author: Janek Vind "waraxe" Date: 05. April 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-82.html Description of vulnerable software:...
CVE-2011-3841
The CVE-2011-3841 entry concerns the WordPress WP Symposium plugin vulnerability: a Cross-Site Scripting (XSS) flaw in the file uploadify/get_profile_avatar.php that allows arbitrary script/HTML injection via the uid parameter. Affected versions are before 11.12.08. Root cause: input handling in ...
WordPress Symposium Plugin <= 11.12.07 - XSS
Because of this vulnerability in uploadify/getprofileavatar.php, the attackers can inject arbitrary web script or HTML via the "uid" parameter. Solution Update the plugin...
WordPress Uploadify Plugin 1.0 Remote File Upload
GotGeek Labs http://www.gotgeek.com.br/ WordPress Uploadify Plugin 1.0 Remote File Upload + Description Adds a shortcode to embed the necessary elements to use Uploadify in a page or post which will give your website visitors the ability to upload large files. By default the files will be uploade...
WordPress Uploadify 1.0 Shell Upload
GotGeek Labs http://www.gotgeek.com.br/ WordPress Uploadify Plugin 1.0 Remote File Upload + Description Adds a shortcode to embed the necessary elements to use Uploadify in a page or post which will give your website visitors the ability to upload large files. By default the files will be uploade...
Uploadify 1.0 - Unauthenticated Arbitrary File Upload
This vulnerability has been seen exploited in the wild...
VulnCheck KEV: CVE-2011-10041
Uploadify WordPress plugin versions up to and including 1.0 contain an arbitrary file upload vulnerability in processupload.php due to missing file type validation. An unauthenticated remote attacker can upload arbitrary files to the affected WordPress site, which may allow remote code execution...
WordPress Uploader 1.0.0 Shell Upload
------------------------------------------------------------------------ Software................WordPress Uploader 1.0.0 Vulnerability...........Arbitrary Upload Download................http://wordpress.org/extend/plugins/uploader/ Release Date............1/24/2011 Tested On...............Window...