Claudio Viviani

59 exploits Active since May 2014
EIP-2026-114272 EXPLOITDB python WORKING POC
WordPress Plugin wpDataTables 1.5.3 - Arbitrary File Upload
CVE-2014-10021 EXPLOITDB python WORKING POC
Wpsymposiumpro WP Symposium - Unrestricted File Upload
Unrestricted file upload vulnerability in UploadHandler.php in the WP Symposium plugin 14.11 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in server/php/.
EIP-2026-114200 EXPLOITDB text WORKING POC
WordPress Plugin Work The Flow File Upload 2.5.2 - Arbitrary File Upload
EIP-2026-113917 EXPLOITDB bash WORKING POC
WordPress Plugin N-Media Website Contact Form with File Upload 1.3.4 - Arbitrary File Upload (2)
CVE-2014-8739 EXPLOITDB CRITICAL python WORKING POC
jQuery File Upload Plugin <6.4.4 - RCE
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014.
CVSS 9.8
EIP-2026-113550 EXPLOITDB text WORKING POC
WordPress Plugin Ajax Store Locator 1.2 - Arbitrary File Download
EIP-2026-113551 EXPLOITDB text WORKING POC
WordPress Plugin Ajax Store Locator 1.2 - SQL Injection
EIP-2026-113557 EXPLOITDB text WORKING POC
WordPress Plugin All In One WP Security & Firewall 3.9.0 - SQL Injection
CVE-2014-4944 EXPLOITDB text WRITEUP
BSK PDF Manager 1.3.2 - SQL Injection
Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in the BSK PDF Manager plugin 1.3.2 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) categoryid or (2) pdfid parameter to wp-admin/admin.php.
CVE-2014-8586 EXPLOITDB text WORKING POC
CP Multi View Event Calendar - SQL Injection
SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter.
EIP-2026-113689 EXPLOITDB python WORKING POC
WordPress Plugin Download Manager 2.7.4 - Remote Code Execution
EIP-2026-113695 EXPLOITDB text WORKING POC
WordPress Plugin Duplicator 0.5.14 - SQL Injection / Cross-Site Request Forgery
CVE-2014-5201 EXPLOITDB text WORKING POC
Gallery Objects - SQL Injection
SQL injection vulnerability in the Gallery Objects plugin 0.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the viewid parameter in a go_view_object action to wp-admin/admin-ajax.php.
CVE-2014-8375 EXPLOITDB text WORKING POC
Gb-plugins GB Gallery Slideshow - SQL Injection
SQL injection vulnerability in GBgallery.php in the GB Gallery Slideshow plugin 1.5 for WordPress allows remote administrators to execute arbitrary SQL commands via the selected_group parameter in a gb_ajax_get_group action to wp-admin/admin-ajax.php.
CVE-2014-7153 EXPLOITDB text WORKING POC
Huge-IT Image Gallery <1.0.1 - SQL Injection
SQL injection vulnerability in the editgallery function in admin/gallery_func.php in the Huge-IT Image Gallery plugin 1.0.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the removeslide parameter to wp-admin/admin.php.
CVE-2014-9014 EXPLOITDB MEDIUM python WORKING POC
WP Marketplace <2.4.1 - Path Traversal
Directory traversal vulnerability in the ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin before 2.4.1 for WordPress allows remote authenticated users to download arbitrary files via a .. (dot dot) in the file parameter.
CVSS 4.3
EIP-2026-113916 EXPLOITDB text WORKING POC
WordPress Plugin N-Media Website Contact Form with File Upload 1.3.4 - Arbitrary File Upload (1)
EIP-2026-113924 EXPLOITDB text WORKING POC
WordPress Plugin NEX-Forms < 3.0 - SQL Injection
EIP-2026-108872 EXPLOITDB text WRITEUP
Joomla! Component spidervideoplayer - 'theme' SQL Injection
EIP-2026-108868 EXPLOITDB python WORKING POC
Joomla! Component Spider Contacts 1.3.6 - 'contacts_id' SQL Injection
EIP-2026-108864 EXPLOITDB python WORKING POC
Joomla! Component Spider Calendar 3.2.6 - SQL Injection
EIP-2026-108352 EXPLOITDB text WRITEUP
Joomla! Component com_formmaker 3.4 - SQL Injection
EIP-2026-108344 EXPLOITDB python WORKING POC
Joomla! Component com_facegallery 1.0 - Multiple Vulnerabilities
EIP-2026-108434 EXPLOITDB python WORKING POC
Joomla! Component com_macgallery 1.5 - Arbitrary File Download
EIP-2026-108363 EXPLOITDB python WORKING POC
Joomla! Component com_hdflvplayer < 2.1.0.1 - Arbitrary File Download