Roberto Soares Espreto

30 exploits Active since Aug 2014
CVE-2015-4133 EXPLOITDB ruby WORKING POC
reflex_gallery < 3.1.3 - Unauthenticated Arbitrary PHP File Upload via FileUploader
Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin before 3.1.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in uploads/ directory.
EIP-2026-104790 EXPLOITDB ruby WORKING POC
WordPress Plugin N-Media Website Contact Form - Arbitrary File Upload (Metasploit)
CVE-2014-8739 EXPLOITDB CRITICAL ruby WORKING POC
Creative Contact Form < 1.0.0 - Unauthenticated Arbitrary File Upload via jQuery File Upload Plugin
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014.
CVSS 9.8
EIP-2026-104787 EXPLOITDB ruby WORKING POC
WordPress Plugin Ajax Load More 2.8.1.1 - PHP Upload (Metasploit)
CVE-2015-6967 EXPLOITDB ruby WORKING POC
Nibbleblog < 4.0.4 - Remote Code Execution via My Image Plugin File Upload
Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in content/private/plugins/my_image/image.php.