Larry W. Cashdollar - Security Researcher - Exploit Intelligence Platform

CVE-2014-8603 EXPLOITDB WRITEUP

Xcloner - Improper Input Validation

cloner.functions.php in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to execute arbitrary code via shell metacharacters in the (1) file name when creating a backup or vectors related to the (2) $_CONFIG[tarpath], (3) $exclude, (4) $_CONFIG['tarcompress'], (5) $_CONFIG['filename'], (6) $_CONFIG['exfile_tar'], (7) $_CONFIG[sqldump], (8) $_CONFIG['mysql_host'], (9) $_CONFIG['mysql_pass'], (10) $_CONFIG['mysql_user'], (11) $database_name, or (12) $sqlfile variable.

View Code

CVE-2014-8604 EXPLOITDB WRITEUP

Xcloner - Information Disclosure

The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! returns the MySQL password in cleartext to a text box in the configuration panel, which allows remote attackers to obtain sensitive information via unspecified vectors.

View Code

CVE-2014-8605 EXPLOITDB WRITEUP

Xcloner - Access Control

The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! stores database backup files with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to a backup file in administrators/backups/.

View Code

CVE-2014-8606 EXPLOITDB WRITEUP

Xcloner - Path Traversal

Directory traversal vulnerability in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to read arbitrary files via a .. (dot dot) in the file parameter in a json_return action in the xcloner_show page to wp-admin/admin-ajax.php.

View Code

CVE-2018-1002008 EXPLOITDB MEDIUM text WRITEUP

WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable.

CVSS 4.8

View Code

CVE-2018-1002007 EXPLOITDB MEDIUM text WRITEUP

WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id.

CVSS 4.8

View Code

CVE-2018-1002006 EXPLOITDB MEDIUM text WRITEUP

XSS - Privilege Escalation

These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes

CVSS 4.8

View Code

CVE-2018-1002005 EXPLOITDB MEDIUM text WRITEUP

XSS - Bft List Html Php

These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter.

CVSS 4.8

View Code

CVE-2018-1002004 EXPLOITDB MEDIUM text WRITEUP

WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.

CVSS 4.8

View Code

CVE-2018-1002003 EXPLOITDB MEDIUM text WRITEUP

WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.

CVSS 4.8

View Code

CVE-2018-1002002 EXPLOITDB MEDIUM text WRITEUP

WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.

CVSS 4.8

View Code

CVE-2018-1002001 EXPLOITDB MEDIUM text WRITEUP

WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.

CVSS 4.8

View Code

CVE-2018-1002000 EXPLOITDB HIGH text WRITEUP

WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - SQL Injection

There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request.

CVSS 7.2

View Code

CVE-2015-4614 EXPLOITDB text WORKING POC

Easy2map < 1.2.4 - SQL Injection

Multiple SQL injection vulnerabilities in includes/Function.php in the Easy2Map plugin before 1.2.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the mapName parameter in an e2m_img_save_map_name action to wp-admin/admin-ajax.php and other unspecified vectors.

View Code

CVE-2018-9206 METASPLOIT CRITICAL ruby WORKING POC

Blueimp jQuery-File-Upload <=9.22.0 - File Upload

Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0

CVSS 9.8

View Code

CVE-2010-1183 EXPLOITDB bash WORKING POC

Oracle Solaris - Info Disclosure

Certain patch-installation scripts in Oracle Solaris allow local users to append data to arbitrary files via a symlink attack on the /tmp/CLEANUP temporary file, related to use of Update Manager.

View Code

CVE-2000-0589 EXPLOITDB c WORKING POC

Sawmill - Cryptographic Issue

SawMill 5.0.21 uses weak encryption to store passwords, which allows attackers to easily decrypt the password and modify the SawMill configuration.

View Code

CVE-2001-0059 EXPLOITDB perl WORKING POC

Solaris - Local Privilege Escalation

patchadd in Solaris allows local users to overwrite arbitrary files via a symlink attack.

View Code

CVE-2001-0764 EXPLOITDB c WORKING POC

Juergen Schoenwaelder Scotty - Buffer Overflow

Buffer overflow in ntping in scotty 2.1.0 allows local users to execute arbitrary code via a long hostname as a command line argument.

View Code

CVE-2002-0296 EXPLOITDB bash WORKING POC

Tarantella Enterprise 3 - Local File Overwrite

The installation of Tarantella Enterprise 3 allows local users to overwrite arbitrary files via a symlink attack on the "spinning" temporary file.

View Code

EIP-2026-114173 EXPLOITDB text WORKING POC

WordPress Plugin VideoWhisper Video Conference Integration 4.91.8 - Arbitrary File Upload

View Code

EIP-2026-114176 EXPLOITDB text WORKING POC

WordPress Plugin VideoWhisper Video Presentation 3.31.17 - Arbitrary File Upload

View Code

CVE-2015-5471 EXPLOITDB MEDIUM text WORKING POC

Swim Team plugin <1.44.10777 - Path Traversal

Absolute path traversal vulnerability in include/user/download.php in the Swim Team plugin 1.44.10777 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter.

CVSS 5.3

View Code

CVE-2015-5468 EXPLOITDB HIGH text WORKING POC

WP e-Commerce Shop Styling <2.6 - Path Traversal

Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin before 2.6 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to includes/download.php.

CVSS 7.5

View Code

EIP-2026-114053 EXPLOITDB text WORKING POC

WordPress Plugin Simple Image Manipulator 1.0 - Arbitrary File Download

View Code