Lucene search
K

127 matches found

0day.today
0day.today
added 2012/06/08 12:0 a.m.19 views

Meeplace Shell Upload - Uploadify Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2012/06/05 12:0 a.m.29 views

WordPress Plugin Marketplace Plugin 1.5.0 < 1.6.1 - Arbitrary File Upload

Description : Wordpress Plugins - WP Marketplace Shell Upload Vulnerability Version : 1.5.0 - 1.6.1 Link : http://wordpress.org/extend/plugins/wpmarketplace/ Plugins : http://downloads.wordpress.org/plugin/wpmarketplace.zip Date : 26-05-2012 Google Dork : inurl:/wp-content/plugins/wpmarketplace/...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2012/05/25 12:0 a.m.25 views

appRain CMF - Arbitrary '.PHP' File Upload (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "appRain CMF...

6.8CVSS7AI score0.32413EPSS
Exploits6
Metasploit
Metasploit
added 2012/05/23 10:50 p.m.25 views

appRain CMF Arbitrary PHP File Upload Vulnerability

This module exploits a vulnerability found in appRain's Content Management Framework CMF, version 0.1.5 or less. By abusing the uploadify.php file, a malicious user can upload a file to the uploads/ directory without any authentication, which results in arbitrary code execution. This module...

6.8CVSS7.5AI score0.32413EPSS
Exploits6
securityvulns
securityvulns
added 2012/04/23 12:0 a.m.55 views

[waraxe-2012-SA#085] - Reflected XSS in Uploadify Integration Wordpress plugin

waraxe-2012-SA085 - Reflected XSS in Uploadify Integration Wordpress plugin =============================================================================== Author: Janek Vind "waraxe" Date: 06. April 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-85.html Description of vulnerabl...

0.9AI score
Exploits0
Packet Storm
Packet Storm
added 2012/04/10 12:0 a.m.28 views

Uploadify Integration 0.9.6 Cross Site Scripting

waraxe-2012-SA085 - Reflected XSS in Uploadify Integration Wordpress plugin =============================================================================== Author: Janek Vind "waraxe" Date: 06. April 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-85.html Description of vulnerabl...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.97 views

[waraxe-2012-SA#082] - File Existence Disclosure in Uploadify 3.0.0

waraxe-2012-SA082 - File Existence Disclosure in Uploadify 3.0.0 =============================================================================== Author: Janek Vind "waraxe" Date: 05. April 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-82.html Description of vulnerable software:...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.121 views

[waraxe-2012-SA#083] - Multiple Vulnerabilities in Uploadify 2.1.4

waraxe-2012-SA083 - Multiple Vulnerabilities in Uploadify 2.1.4 =============================================================================== Author: Janek Vind "waraxe" Date: 05. April 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-83.html Description of vulnerable software:...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2012/04/06 12:0 a.m.22 views

WordPress Plugin Uploadify Integration 0.9.6 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/52944/info Uploadify Integration plugin for WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browse...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2012/04/06 12:0 a.m.30 views

Uploadify 2.1.4 Cross Site Scripting / Shell Upload

waraxe-2012-SA083 - Multiple Vulnerabilities in Uploadify 2.1.4 =============================================================================== Author: Janek Vind "waraxe" Date: 05. April 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-83.html Description of vulnerable software:...

Exploits0
Patchstack
Patchstack
added 2012/04/06 12:0 a.m.9 views

WordPress Uploadify Integration Plugin 0.9.6 - Multiple Cross Site Scripting Vulnerabilities

WordPress Uploadify Integration plugin is prone to multiple cross-site scripting vulnerabilities. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal...

2.3AI score
Exploits0References1Affected Software1
exploitpack
exploitpack
added 2012/04/06 12:0 a.m.23 views

WordPress Plugin Uploadify Integration 0.9.6 - Multiple Cross-Site Scripting Vulnerabilities

WordPress Plugin Uploadify Integration 0.9.6 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/52944/info Uploadify Integration plugin for WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplie...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2012/04/06 12:0 a.m.40 views

Uploadify 3.0.0 File Existence Disclosure

waraxe-2012-SA082 - File Existence Disclosure in Uploadify 3.0.0 =============================================================================== Author: Janek Vind "waraxe" Date: 05. April 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-82.html Description of vulnerable software:...

7.4AI score
Exploits0
CVE
CVE
added 2011/12/27 11:0 a.m.47 views

CVE-2011-3841

The CVE-2011-3841 entry concerns the WordPress WP Symposium plugin vulnerability: a Cross-Site Scripting (XSS) flaw in the file uploadify/get_profile_avatar.php that allows arbitrary script/HTML injection via the uid parameter. Affected versions are before 11.12.08. Root cause: input handling in ...

4.3CVSS6AI score0.02368EPSS
Exploits0References5Affected Software1
Patchstack
Patchstack
added 2011/09/26 12:0 a.m.24 views

WordPress Symposium Plugin <= 11.12.07 - XSS

Because of this vulnerability in uploadify/getprofileavatar.php, the attackers can inject arbitrary web script or HTML via the "uid" parameter. Solution Update the plugin...

4.3CVSS2.8AI score0.02368EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2011/02/24 12:0 a.m.61 views

WordPress Uploadify Plugin 1.0 Remote File Upload

GotGeek Labs http://www.gotgeek.com.br/ WordPress Uploadify Plugin 1.0 Remote File Upload + Description Adds a shortcode to embed the necessary elements to use Uploadify in a page or post which will give your website visitors the ability to upload large files. By default the files will be uploade...

7.2AI score
Exploits0
Packet Storm
Packet Storm
added 2011/02/22 12:0 a.m.26 views

WordPress Uploadify 1.0 Shell Upload

GotGeek Labs http://www.gotgeek.com.br/ WordPress Uploadify Plugin 1.0 Remote File Upload + Description Adds a shortcode to embed the necessary elements to use Uploadify in a page or post which will give your website visitors the ability to upload large files. By default the files will be uploade...

7AI score
Exploits0
WPVulnDB
WPVulnDB
added 2011/02/21 12:0 a.m.9 views

Uploadify 1.0 - Unauthenticated Arbitrary File Upload

This vulnerability has been seen exploited in the wild...

2.5AI score
Exploits0References1Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2011/02/21 12:0 a.m.4 views

VulnCheck KEV: CVE-2011-10041

Uploadify WordPress plugin versions up to and including 1.0 contain an arbitrary file upload vulnerability in processupload.php due to missing file type validation. An unauthenticated remote attacker can upload arbitrary files to the affected WordPress site, which may allow remote code execution...

9.3CVSS6.1AI score0.008EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2011/01/25 12:0 a.m.41 views

WordPress Uploader 1.0.0 Shell Upload

------------------------------------------------------------------------ Software................WordPress Uploader 1.0.0 Vulnerability...........Arbitrary Upload Download................http://wordpress.org/extend/plugins/uploader/ Release Date............1/24/2011 Tested On...............Window...

7.4AI score
Exploits0
Rows per page
Query Builder