Adrien Thierry

14 exploits Active since Feb 2015
CVE-2012-10064 EXPLOITDB CRITICAL php WORKING POC
Omni Secure Files <0.1.14 - RCE
Omni Secure Files plugin versions prior to 0.1.14 contain an arbitrary file upload vulnerability in the bundled plupload example endpoint. The /wp-content/plugins/omni-secure-files/plupload/examples/upload.php handler allows unauthenticated uploads without enforcing safe file type restrictions, enabling an attacker to place attacker-controlled files under the plugin's uploads directory. This can lead to remote code execution if a server-executable file type is uploaded and subsequently accessed.
CVE-2012-6649 EXPLOITDB CRITICAL text WORKING POC
Devfarm WP Gpx Maps - Unrestricted File Upload
WordPress WP GPX Maps Plugin 1.1.21 allows remote attackers to execute arbitrary PHP code via improper file upload.
CVSS 9.8
EIP-2026-114155 EXPLOITDB text WORKING POC
WordPress Plugin User Meta 1.1.1 - Arbitrary File Upload
EIP-2026-114036 EXPLOITDB text WORKING POC
WordPress Plugin SfBrowser 1.4.5 - Arbitrary File Upload
EIP-2026-114121 EXPLOITDB text WORKING POC
WordPress Plugin Top Quark Architecture 2.10 - Arbitrary File Upload
EIP-2026-113960 EXPLOITDB text WORKING POC
WordPress Plugin Pica Photo Gallery 1.0 - Arbitrary File Upload
EIP-2026-113874 EXPLOITDB text WORKING POC
WordPress Plugin Mac Photo Gallery 2.7 - Arbitrary File Upload
EIP-2026-113674 EXPLOITDB text WORKING POC
WordPress Plugin Custom Content Type Manager 0.9.5.13-pl - Arbitrary File Upload
EIP-2026-113691 EXPLOITDB text WORKING POC
WordPress Plugin drag and drop file upload 0.1 - Arbitrary File Upload
EIP-2026-113771 EXPLOITDB php WORKING POC
WordPress Plugin Front End Upload 0.5.3 - Arbitrary File Upload
EIP-2026-113773 EXPLOITDB text WORKING POC
WordPress Plugin Front File Manager 0.1 - Arbitrary File Upload
EIP-2026-109232 EXPLOITDB text WORKING POC
MAARCH 1.4 - SQL Injection
CVE-2015-1587 EXPLOITDB php WORKING POC
Maarch LetterBox <2.8 - RCE
Unrestricted file upload vulnerability in file_to_index.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earlier allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a request to a predictable filename in tmp/.
EIP-2026-105875 EXPLOITDB text WORKING POC
ClanSuite 2.9 - Arbitrary File Upload