Exploitdb Exploits
1,269 exploits tracked across all sources.
WordPress Plugin Zingiri Web Shop 2.4.3 - 'uploadfilexd.php' Arbitrary File Upload
by Sammy FORGIT
WordPress Plugin Invit0r - 'ofc_upload_image.php' Arbitrary File Upload
by Sammy FORGIT
Zimplit CMS 3.0 - Local File Inclusion / Arbitrary File Upload
by KedAns-Dz
WordPress Plugin HD FLV Player - 'uploadVideo.php' Arbitrary File Upload
by Sammy FORGIT
Joomla! Component mod_jfancy - 'script.php' Arbitrary File Upload
by Sammy FORGIT
XOOPS Cube PROJECT FileManager - 'xupload.php' Arbitrary File Upload
by KedAns-Dz
WordPress Plugin Contus Video Gallery - 'upload1.php' Arbitrary File Upload
by Sammy FORGIT
Joomla! Component mod_artuploader - 'upload.php' Arbitrary File Upload
by Sammy FORGIT
Joomla! Component Easy Flash Uploader - 'helper.php' Arbitrary File Upload
by Sammy FORGIT
Joomla! Component DentroVideo 1.2 - 'upload.php' Arbitrary File Upload
by Sammy FORGIT
Joomla! Component com_simpleswfupload - 'uploadhandler.php' Arbitrary File Upload
by Sammy FORGIT
Joomla! Component Joomsport - SQL Injection / Arbitrary File Upload
by KedAns-Dz
WordPress Plugin Content Flow 3D 1.0.0 - Arbitrary File Upload
by g11tch
Jquindlen Wpstorecart < 2.5.29 - Access Control
Unrestricted file upload vulnerability in php/upload.php in the wpStoreCart plugin before 2.5.30 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/wpstorecart.
by Sammy FORGIT
Rbx Gallery - Access Control
Unrestricted file upload vulnerability in uploader.php in the RBX Gallery plugin 2.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/rbxslider.
by Sammy FORGIT
Omni Secure Files <0.1.14 - RCE
Omni Secure Files plugin versions prior to 0.1.14 contain an arbitrary file upload vulnerability in the bundled plupload example endpoint. The /wp-content/plugins/omni-secure-files/plupload/examples/upload.php handler allows unauthenticated uploads without enforcing safe file type restrictions, enabling an attacker to place attacker-controlled files under the plugin's uploads directory. This can lead to remote code execution if a server-executable file type is uploaded and subsequently accessed.
by Adrien Thierry
WordPress Plugin VideoWhisper Video Presentation 3.17 - 'vw_upload.php' Arbitrary File Upload
by Sammy FORGIT
WordPress Plugin Front End Upload 0.5.3 - Arbitrary File Upload
by Adrien Thierry
Wordpress Fcchat Widget < 2.2.13.1 - Access Control
Unrestricted file upload vulnerability in html/Upload.php in the FCChat Widget plugin 2.2.13.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in html/images.
by Sammy FORGIT
Tbelmans MM Forms Community - Unrestricted File Upload
Unrestricted file upload vulnerability in includes/doajaxfileupload.php in the MM Forms Community plugin 2.2.5 and 2.2.6 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/temp.
by Sammy FORGIT
WordPress Plugin Gallery 3.06 - Arbitrary File Upload
by Sammy FORGIT
Pippin Williamson Font Uploader - Access Control
Unrestricted file upload vulnerability in font-upload.php in the Font Uploader plugin 1.2.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a .php.ttf extension, then accessing it via a direct request to the file in font-uploader/fonts.
by Sammy FORGIT
By Source