Wordpress plugin “WP Marketplace” 2.4.0 suffers from Remote command Execution
# Exploit Title : Wordpress Video Gallery 2.7 SQL Injection Vulnerabilitiey
# Exploit Author : Claudio Viviani
Wordpress Download Manager 2.7.4 and below suffers from Remote Code Execution Vulnerability.
This exploit add a new Wordpress Administrator account.
Wordpress WP Symposium 14.11 suffers from Unauthenticated Shell Upload Vulnerability
The Wordpress Premium plugin WpDataTables 1.5.3 and below suffers from Unauthenticated Shell Upload Vulnerability. Wordpress WpDataTables Python Exploit
Joomla HD FLV Player 18.104.22.168 and below suffers from Arbitrary File Download Vulnerability. The “f” variable is not sanitized. Python Exploit.
Joomla HD FLV Player 22.214.171.124 and below suffers from SQL Injection Vulnerability. “id” variable is not sanitized
Joomla RD Download Sql Injection suffers from Sql Injection vulnerability – Python Exploit
Creative Contact Form <= 0.9.7 (Wordpress) and <= 2.0.0 (Joomla) suffers from Unauthenticated Shell Upload Vulnerability.
In accordance with CVE-2014-3704 specifications, i write Drupal >= 7.0 <= 7.31 Sql Injection exploit. This exploit add a new Drupal administrator account (preserving original) via Sql Injection.