Roberto Soares Espreto

29 exploits Active since Aug 2014
CVE-2015-4133 EXPLOITDB ruby WORKING POC
Reflex Gallery < 3.1.3 - Unrestricted File Upload
Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin before 3.1.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in uploads/ directory.
EIP-2026-104790 EXPLOITDB ruby WORKING POC
WordPress Plugin N-Media Website Contact Form - Arbitrary File Upload (Metasploit)
CVE-2014-8739 EXPLOITDB CRITICAL ruby WORKING POC
jQuery File Upload Plugin <6.4.4 - RCE
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014.
CVSS 9.8
EIP-2026-104787 EXPLOITDB ruby WORKING POC
WordPress Plugin Ajax Load More 2.8.1.1 - PHP Upload (Metasploit)