Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 07:57:32 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1677916679&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=File%20Upload%20Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Ffiles%2Ftags%2Ffile_upload%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1677916679.1338191852.1338191852.1338191852.1%3B%2B__utmz%3D32867617.1338191852.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/112993/phpcollab-upload.txt http://packetstormsecurity.org/files/112993/phpcollab-upload.txt http://packetstormsecurity.org/files/112993/PHPCollab-2.5-Unauthenticated-File-Upload.html Wed, 23 May 2012 12:12:12 GMT PHPCollab version 2.5 suffers from an unauthenticated file upload vulnerability. http://packetstormsecurity.org/files/111721/sa48766.txt http://packetstormsecurity.org/files/111721/sa48766.txt http://packetstormsecurity.org/files/111721/Secunia-Security-Advisory-48766.html Wed, 11 Apr 2012 06:17:55 GMT Secunia Security Advisory - Some vulnerabilities have been reported in the Nmedia Users File Uploader plugin for WordPress, where one has an unknown impact and the other can be exploited by malicious people to compromise a vulnerable system. http://packetstormsecurity.org/files/111682/waraxe-2012-SA084.txt http://packetstormsecurity.org/files/111682/waraxe-2012-SA084.txt http://packetstormsecurity.org/files/111682/OpenCart-1.5.2.1-LFI-Shell-Upload-Response-Splitting.html Mon, 09 Apr 2012 10:10:10 GMT OpenCart version 1.5.2.1 suffers from arbitrary file upload, HTTP response splitting, local file inclusion, path disclosure, and failed randomness vulnerabilities. http://packetstormsecurity.org/files/111628/waraxe-2012-SA083.txt http://packetstormsecurity.org/files/111628/waraxe-2012-SA083.txt http://packetstormsecurity.org/files/111628/Uploadify-2.1.4-Cross-Site-Scripting-Shell-Upload.html Fri, 06 Apr 2012 02:34:01 GMT Uploadify version 2.1.4 suffers from cross site scripting, arbitrary file upload, and file existence disclosure vulnerabilities. http://packetstormsecurity.org/files/111319/wpdeans-shell.txt http://packetstormsecurity.org/files/111319/wpdeans-shell.txt http://packetstormsecurity.org/files/111319/WordPress-Deans-With-Pwwangs-Code-Shell-Upload.html Thu, 29 Mar 2012 04:47:07 GMT WordPress Deans with Pwwangs Code plugin suffers from a FCKeditor remote file upload vulnerability. http://packetstormsecurity.org/files/109477/fileuploadform-shell.txt http://packetstormsecurity.org/files/109477/fileuploadform-shell.txt http://packetstormsecurity.org/files/109477/Zubrag.com-File-Upload-Form-Shell-Upload.html Mon, 06 Feb 2012 11:11:11 GMT The File Upload Form software from Zubrag.com suffers from a remote shell upload vulnerability. http://packetstormsecurity.org/files/109015/wpkishguestposting-shell.txt http://packetstormsecurity.org/files/109015/wpkishguestposting-shell.txt http://packetstormsecurity.org/files/109015/WordPress-Kish-Guest-Posting-1.0-Shell-Upload.html Tue, 24 Jan 2012 04:57:44 GMT WordPress Kish Guest Posting plugin version 1.0 suffers from an unrestricted file upload vulnerability. http://packetstormsecurity.org/files/108894/smf1116-shell.txt http://packetstormsecurity.org/files/108894/smf1116-shell.txt http://packetstormsecurity.org/files/108894/SMF-Portal-1.1.16-Shell-Upload.html Sat, 21 Jan 2012 05:36:05 GMT SMF Portal version 1.1.16 fckeditor suffers from an arbitrary file upload vulnerability. http://packetstormsecurity.org/files/108360/sa47370.txt http://packetstormsecurity.org/files/108360/sa47370.txt http://packetstormsecurity.org/files/108360/Secunia-Security-Advisory-47370.html Thu, 05 Jan 2012 09:48:51 GMT Secunia Security Advisory - A vulnerability has been discovered in the Simple File Upload module for Joomla!, which can be exploited by malicious people to compromise a vulnerable system. http://packetstormsecurity.org/files/108212/joomlasfu-exec.txt http://packetstormsecurity.org/files/108212/joomlasfu-exec.txt http://packetstormsecurity.org/files/108212/Joomla-Simple-File-Upload-1.3-Remote-Code-Execution.html Thu, 29 Dec 2011 14:55:22 GMT The Joomla Simple File Upload component version 1.3 suffers from a remote code execution vulnerability. http://packetstormsecurity.org/files/108007/SA-20111219-0.txt http://packetstormsecurity.org/files/108007/SA-20111219-0.txt http://packetstormsecurity.org/files/108007/SecCommerce-SecSigner-Java-Applet-3.5.0-File-Upload.html Mon, 19 Dec 2011 22:58:20 GMT The SecCommerce SecSigner Java applet version 3.5.0 suffers from a client-side remote arbitrary file upload vulnerability. http://packetstormsecurity.org/files/107627/ZDI-11-342.txt http://packetstormsecurity.org/files/107627/ZDI-11-342.txt http://packetstormsecurity.org/files/107627/Zero-Day-Initiative-Advisory-11-342.html Thu, 08 Dec 2011 04:00:03 GMT Zero Day Initiative Advisory 11-342 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks Asset Management. Authentication is not required to exploit this vulnerability. The flaw exists within the rtrlet component. This process listens on TCP port 8080. When handling an unauthenticated file upload the process does not properly sanitize the path. Directory traversal can be used to drop a file in an arbitrary location and a null byte inserted into the filename to provide arbitrary extension. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM. http://packetstormsecurity.org/files/107405/wikkawiki-sqlshellexec.txt http://packetstormsecurity.org/files/107405/wikkawiki-sqlshellexec.txt http://packetstormsecurity.org/files/107405/WikkaWiki-1.3.2-Code-Execution-Shell-Upload-SQL-Injection.html Wed, 30 Nov 2011 15:39:37 GMT WikkaWiki versions 1.3.2 and below suffers from remote SQL injection, unrestricted file upload, arbitrary file download, arbitrary file deletion, remote code execution and cross site request forgery vulnerabilities. http://packetstormsecurity.org/files/106933/sit_file_upload.rb.txt http://packetstormsecurity.org/files/106933/sit_file_upload.rb.txt http://packetstormsecurity.org/files/106933/Support-Incident-Tracker-3.65-Remote-Command-Execution.html Sun, 13 Nov 2011 19:11:51 GMT This Metasploit module combines two separate issues within Support Incident Tracker versions 3.65 and below to upload arbitrary data and thus execute a shell. The two issues exist in ftp_upload_file.php. The first vulnerability exposes the upload dir used to store attachments. The second vulnerability allows arbitrary file upload since there is no validation function to prevent from uploading any file type. Authentication is required to exploit both vulnerabilities. http://packetstormsecurity.org/files/105907/Sst-Sheller.zip http://packetstormsecurity.org/files/105907/Sst-Sheller.zip http://packetstormsecurity.org/files/105907/PHP-SST-Sheller-1.0.html Sun, 16 Oct 2011 17:22:22 GMT This is simply a PHP shell with a bunch of features like spoofing mail, file uploads, and more. http://packetstormsecurity.org/files/105786/SA-20111012-0.txt http://packetstormsecurity.org/files/105786/SA-20111012-0.txt http://packetstormsecurity.org/files/105786/Microsoft-Forefront-Unified-Access-Gateway-Remote-Access-Agent-Code-Execution.html Fri, 14 Oct 2011 05:43:49 GMT Microsoft Forefront Unified Access Gateway Remote Access Agent version 4.0.0.1 suffers from a remote file upload and command execution vulnerability. http://packetstormsecurity.org/files/105688/abus-accessexec.txt http://packetstormsecurity.org/files/105688/abus-accessexec.txt http://packetstormsecurity.org/files/105688/ABUS-TVIP-11550-21550-File-Read-File-Upload-Command-Execution.html Wed, 12 Oct 2011 01:28:06 GMT ABUS TVIP 11550/21550 suffers from arbitrary file read, file upload, and command execution vulnerabilities. http://packetstormsecurity.org/files/105292/jakcmspro-shell.txt http://packetstormsecurity.org/files/105292/jakcmspro-shell.txt http://packetstormsecurity.org/files/105292/JAKCMS-PRO-2.2.5-Arbitrary-File-Upload.html Thu, 22 Sep 2011 14:44:38 GMT JAKCMS PRO versions 2.2.5 and below arbitrary file upload exploits that allows for remote command execution. http://packetstormsecurity.org/files/104825/LFI_With_PHPInfo_Assitance.pdf http://packetstormsecurity.org/files/104825/LFI_With_PHPInfo_Assitance.pdf http://packetstormsecurity.org/files/104825/LFI-With-PHPInfo-Assistance.html Tue, 06 Sep 2011 13:29:29 GMT Whitepaper explaining how PHPInfo can be used to assist with the exploitation of LFI vulnerabilities on PHP when combined with the file upload handling feature that is enabled by default. http://packetstormsecurity.org/files/104728/sa45841.txt http://packetstormsecurity.org/files/104728/sa45841.txt http://packetstormsecurity.org/files/104728/Secunia-Security-Advisory-45841.html Fri, 02 Sep 2011 12:39:20 GMT Secunia Security Advisory - A vulnerability has been discovered in the Simple File Upload module for Joomla!, which can be exploited by malicious people to compromise a vulnerable system. http://packetstormsecurity.org/files/104727/sa45878.txt http://packetstormsecurity.org/files/104727/sa45878.txt http://packetstormsecurity.org/files/104727/Secunia-Security-Advisory-45878.html Fri, 02 Sep 2011 12:39:18 GMT Secunia Security Advisory - A vulnerability has been discovered in the Simple File Upload module for Joomla!, which can be exploited by malicious people to compromise a vulnerable system. http://packetstormsecurity.org/files/104020/websitebaker-shell.txt http://packetstormsecurity.org/files/104020/websitebaker-shell.txt http://packetstormsecurity.org/files/104020/WebsiteBaker-2.8.1-File-Upload.html Sat, 13 Aug 2011 16:22:22 GMT WebsiteBaker versions 2.8.1 and below suffer from an arbitrary file upload vulnerability. http://packetstormsecurity.org/files/103907/SA-20110810-0.txt http://packetstormsecurity.org/files/103907/SA-20110810-0.txt http://packetstormsecurity.org/files/103907/Check-Point-SSL-VPN-Command-Execution.html Thu, 11 Aug 2011 04:22:33 GMT Check Point SSL VPN On-Demand applications suffer from remote file upload and command execution vulnerabilities. http://packetstormsecurity.org/files/100718/360webmanager-fileaccess.txt http://packetstormsecurity.org/files/100718/360webmanager-fileaccess.txt http://packetstormsecurity.org/files/100718/360-Web-Manager-3.0-File-Access.html Fri, 22 Apr 2011 17:26:20 GMT 360 Web Manager version 3.0 suffers from arbitrary file upload, list, and deletion vulnerabilities. http://packetstormsecurity.org/files/100670/pulsecmsbasic-xssdisclose.txt http://packetstormsecurity.org/files/100670/pulsecmsbasic-xssdisclose.txt http://packetstormsecurity.org/files/100670/PulseCMS-Basic-1.3_Get.Pro-Backup-Download-Cross-Site-Scripting.html Thu, 21 Apr 2011 13:39:03 GMT PulseCMS Basic versions 1.3_Get.Pro and below suffers from backup disclosure, file upload, and cross site scripting vulnerabilities.