Larry W. Cashdollar

55 exploits Active since Feb 1999
CVE-2014-8603 EXPLOITDB WRITEUP
XCloner 3.1.1 and 3.5.1 - Authenticated Remote Code Execution via Shell Metacharacter Injection
cloner.functions.php in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to execute arbitrary code via shell metacharacters in the (1) file name when creating a backup or vectors related to the (2) $_CONFIG[tarpath], (3) $exclude, (4) $_CONFIG['tarcompress'], (5) $_CONFIG['filename'], (6) $_CONFIG['exfile_tar'], (7) $_CONFIG[sqldump], (8) $_CONFIG['mysql_host'], (9) $_CONFIG['mysql_pass'], (10) $_CONFIG['mysql_user'], (11) $database_name, or (12) $sqlfile variable.
CVE-2014-8604 EXPLOITDB WRITEUP
XCloner 3.1.1 and 3.5.1 - Unauthenticated Exposure of MySQL Password in Configuration Panel
The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! returns the MySQL password in cleartext to a text box in the configuration panel, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2014-8605 EXPLOITDB WRITEUP
XCloner 3.1.1 and 3.5.1 - Unauthenticated Sensitive Information Exposure via Predictable Backup File Names
The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! stores database backup files with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to a backup file in administrators/backups/.
CVE-2014-8606 EXPLOITDB WRITEUP
XCloner 3.1.1 and 3.5.1 - Authenticated Path Traversal via File Parameter
Directory traversal vulnerability in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to read arbitrary files via a .. (dot dot) in the file parameter in a json_return action in the xcloner_show page to wp-admin/admin-ajax.php.
CVE-2018-1002008 EXPLOITDB MEDIUM text WRITEUP
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable.
CVSS 4.8
CVE-2018-1002007 EXPLOITDB MEDIUM text WRITEUP
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id.
CVSS 4.8
CVE-2018-1002006 EXPLOITDB MEDIUM text WRITEUP
Arigato Autoresponder and Newsletter 2.5.0-2.5.1.5 - Authenticated Stored Cross-Site Scripting via POST Variable Classes
These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes
CVSS 4.8
CVE-2018-1002005 EXPLOITDB MEDIUM text WRITEUP
Arigato Autoresponder and Newsletter 2.5.0-2.5.1.4 - Stored XSS via filter_signup_date
These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter.
CVSS 4.8
CVE-2018-1002004 EXPLOITDB MEDIUM text WRITEUP
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
CVSS 4.8
CVE-2018-1002003 EXPLOITDB MEDIUM text WRITEUP
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
CVSS 4.8
CVE-2018-1002002 EXPLOITDB MEDIUM text WRITEUP
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
CVSS 4.8
CVE-2018-1002001 EXPLOITDB MEDIUM text WRITEUP
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
CVSS 4.8
CVE-2018-1002000 EXPLOITDB HIGH text WRITEUP
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - SQL Injection
There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request.
CVSS 7.2
CVE-2015-4614 EXPLOITDB text WORKING POC
easy2map < 1.2.4 - SQL Injection via mapName Parameter
Multiple SQL injection vulnerabilities in includes/Function.php in the Easy2Map plugin before 1.2.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the mapName parameter in an e2m_img_save_map_name action to wp-admin/admin-ajax.php and other unspecified vectors.
CVE-2018-9206 METASPLOIT CRITICAL ruby WORKING POC
Blueimp jQuery-File-Upload <=9.22.0 - File Upload
Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0
CVSS 9.8
CVE-2010-1183 EXPLOITDB bash WORKING POC
Oracle Solaris - Arbitrary File Write via Symlink Attack on /tmp/CLEANUP
Certain patch-installation scripts in Oracle Solaris allow local users to append data to arbitrary files via a symlink attack on the /tmp/CLEANUP temporary file, related to use of Update Manager.
CVE-2000-0589 EXPLOITDB c WORKING POC
SawMill 5.0.21 - Weak Password Encryption
SawMill 5.0.21 uses weak encryption to store passwords, which allows attackers to easily decrypt the password and modify the SawMill configuration.
CVE-2001-0059 EXPLOITDB perl WORKING POC
Solaris - Local Privilege Escalation
patchadd in Solaris allows local users to overwrite arbitrary files via a symlink attack.
CVE-2001-0764 EXPLOITDB c WORKING POC
scotty 2.1.0 - Local Buffer Overflow via Long Hostname Command Line Argument
Buffer overflow in ntping in scotty 2.1.0 allows local users to execute arbitrary code via a long hostname as a command line argument.
CVE-2002-0296 EXPLOITDB bash WORKING POC
Tarantella Enterprise 3 - Local File Overwrite
The installation of Tarantella Enterprise 3 allows local users to overwrite arbitrary files via a symlink attack on the "spinning" temporary file.
EIP-2026-114173 EXPLOITDB text WORKING POC
WordPress Plugin VideoWhisper Video Conference Integration 4.91.8 - Arbitrary File Upload
EIP-2026-114176 EXPLOITDB text WORKING POC
WordPress Plugin VideoWhisper Video Presentation 3.31.17 - Arbitrary File Upload
CVE-2015-5471 EXPLOITDB MEDIUM text WORKING POC
Swim Team plugin <1.44.10777 - Path Traversal
Absolute path traversal vulnerability in include/user/download.php in the Swim Team plugin 1.44.10777 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter.
CVSS 5.3
CVE-2015-5468 EXPLOITDB HIGH text WORKING POC
WP e-Commerce Shop Styling <2.6 - Path Traversal
Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin before 2.6 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to includes/download.php.
CVSS 7.5
EIP-2026-114053 EXPLOITDB text WORKING POC
WordPress Plugin Simple Image Manipulator 1.0 - Arbitrary File Download