This Metasploit module exploits an arbitrary PHP code execution flaw in the WordPress blogging software plugin known as Foxypress. The vulnerability allows for arbitrary file upload and remote code execution via the uploadify.php script. The Foxypress plugin versions 0.4.1.1 to 0.4.2.1 are vulnerable.
b017c0df7061322735956c2e5f849f22a187dfba7fc928876d14b674c70fddd8WordPress Xerte Online plugin version 0.32 suffers from a remote shell upload vulnerability.
9e1471059686b4e961c8ac940f2e04b1d4052bceac37ae587baadfee1050b3ceWordPress Uploader plugin version 1.0.4 suffers from a remote shell upload vulnerability.
53b75f19799c13d11b6607cc9cba345c09e212d55444b7c54c4828de32017cb8WordPress ReFlex Gallery plugin version 1.3 suffers from a remote shell upload vulnerability.
5a7972cf9303988631377a1aedd2e7506e0f1d4a9da51cc427459146ada8d3e3WordPress Shopping Cart version 8.1.14 from Level Four Store Front suffers from remote SQL injection and shell upload vulnerabilities.
951abd74837c5df0549439721f23a575abafcc05749422fca7d29dd93f63fd3fThis Metasploit module exploits a vulnerability found in WordPress plugin Asset-Manager versions 2.0 and below. By abusing the upload.php file, a malicious user can upload a file to a temp directory without authentication, which results in arbitrary code execution.
81b75da9229bb9ea397205ad2f8f36a7be52ab7edb32882060a059e87e819740This Metasploit module exploits a vulnerability found in WP-Property <= 1.35.0 WordPress plugin. By abusing the uploadify.php file, a malicious user can upload a file to a temp directory without authentication, which results in arbitrary code execution.
4dee1bdd031612bb43cd354c2c2c0169a80a8ac8b06c72612651dcb736f31e37This Metasploit module exploits a vulnerability found in EGallery 1.2 By abusing the uploadify.php file, a malicious user can upload a file to the egallery/ directory without any authentication, which results in arbitrary code execution. The module has been tested successfully on Ubuntu 10.04.
526da632857518ba04c937502d05234c1849101abc35c576432b65f2a4fbe5d5Advanced MP3 Player Infusion version 2.01 suffers from a remote shell upload vulnerability.
0d53259e616b4161775a0b9272f7b7ef1d1569e48797e4a3ba27a9c8136edeffJAKCMS version 2.2.6 suffers from a remote shell upload vulnerability.
8979837fbdfb46b12bd7cad18d277dc1d78e57253e57f5b607581b9edb59d77eDrupal Drag and Drop third party module version 6.x-1.5 suffers from a remote shell upload vulnerability.
d20be48fb476e6e13f7e457963b8e28ac136039c50a776c45993e46260ecf151Autopagina CMS version 2.8 suffers from a remote SQL injection vulnerability.
a563a2bdda1882cafa89faf3ca21ba53255d47d50c45f1edde7b0866d86b906fUmapresence version 2.6.0 suffers from remote shell upload and file deletion vulnerabilities.
34c100c2e912e0c0e0f50bd32af4870f83873de3311da8742d14b3108c80e283Uploadify-amazon-s3 version 1.01 suffers from an unauthenticated remote shell upload vulnerability.
3fedca85b43e85a694af66f50341b8b58f1c1f02698b86a7a56803fb85064a59WordPress Fancy Gallery third party module version 1.2.4 suffers from an unauthenticated remote shell upload vulnerability.
8a2fb5b1f4ae8ecef95b382c7596ce5d79fb9b70f251562bb8aec2f2af9f5f9eSilverstripe Pixlr Image Editor third party module version 1.0.4 suffers from an unauthenticated remote shell upload vulnerability.
92892941f615b9e1625148e66de6d4d5988ac58f60888dc1ef2d18d0ebbf6912WordPress Flip Book third party module version 1.0 suffers from an unauthenticated remote shell upload vulnerability.
445dc1cba025683e25702468ac7b05c787028b8bb03fba668b4d7e571c112022Wolf CMS / Frog CMS BD uploadR third party module suffers from an unauthenticated remote shell upload vulnerability.
7862b280d447ca7cc95905170c85512b0e3708ccdf66616a1a377cdd51241072e107 Articulate third party module version 1.1.1 suffers from an unauthenticated remote shell upload vulnerability.
41b99ecb1b11992f69a368336dd53421e432b6e6aac49f238f066819b66025b8WordPress Ajax Multi Upload third party module version 1.1 suffers from an unauthenticated remote shell upload vulnerability.
6a9bf1a55bac81bf7a7209412588bbfae984b0ccd4a0657024b25eb69f8a678be107 Tap plugin version 2.0 suffers from a remote shell upload vulnerability.
16d450b6820569c25505641914654435ddd38724cabde859aebdd200c217525be107 Radio Plan plugin version 2.06 suffers from a remote shell upload vulnerability.
5220d8a9f509f1a911a75ce3797603c70b92f27bd86d8e23024038f88f0290cae107 Hupsi Share plugin version 1.00 suffers from a remote shell upload vulnerability.
01edcafd988a763a0655922e61b5d35515bc3ba601616b9aca3fb8f4ed687449e107 Image Gallery plugin version 0.9.7.1 suffers from a remote file disclosure vulnerability.
1f7d952a66337a9793777b6c5584a8fced88cabd97560d6834e5f3fd3fb3029ee107 Hupsi Media Gallery plugin version 1.0 suffers from a remote shell upload vulnerability.
cf798872e71c9fa0094aa28aab7cb5fe4bb92f07513ffad6e92a20748e2682d9
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed