Wallos versions prior to 1.11.2 suffer from a remote shell upload vulnerability.
77ba729fac9fbd6e562f329a83458d57ae71f13aaf4f55db7da1328097365d1aPetrol Pump Management System version 1.0 suffers from a remote shell upload vulnerability. This is a variant vector of attack in comparison to the original discovery attributed to SoSPiro in February of 2024.
0f0040501420a8f8ddd6c7f12a7f7140cff7687749ef9d7f7d32928b820114f8Real Estate Management System version 1.0 suffers from a remote shell upload vulnerability.
839e1e676d2dbd464ca5097616ef9a9bec7bfb837d94aa2a8ab1088675a0211555 bytes small Linux/x64 shellcode that create a shell with execve() sending an argument using XOR (/bin//sh).
dd9cd816ff8fe9dd6be1a0a2fe0b49cf0524f491dbdd68c06004dfcc6d90b9b0WordPress Canto versions prior to 3.0.5 suffer from remote file inclusion and shell upload vulnerabilities.
a59ad7feb866d8c5d65a87422165e0d5c276bf4da7b8e83a100a1933f7afdf64A command injection vulnerability exists in Kafka UI versions 0.4.0 through 0.7.1 that allows an attacker to inject and execute arbitrary shell commands via the groovy filter parameter at the topic section.
1177f100a5a424ec41ea1f0b6efea99c8d820400e1819dbb7bf5253526f7dc02Petrol Pump Management Software version 1.0 suffers from a remote shell upload vulnerability.
17ba90fc439b26fdb9e7248c02187a9cca9a6bc58f83413a24bc776a007f4e2fTourism Management System version 2.0 suffers from a remote shell upload vulnerability.
1ae5b995d0df6c7d5380487c5e7a5f6326a545ef4255195c833afe8afb4e1c6cDebian Linux Security Advisory 5624-1 - Mate Kukri discovered the Debian build of EDK2, a UEFI firmware implementation, used an insecure default configuration which could result in Secure Boot bypass via the UEFI shell.
edeab3ca9fb62395b5cb0f4a0f796af3d4f2e0bf05a3127e4d9d601b63ad671cAdapt CMS version 3.0.3 suffers from persistent cross site scripting and remote shell upload vulnerabilities.
ec4109d350da52c327fa8e68529d724cdbaf75ad4605a394f2c19b7289932d0aWordPress Seotheme plugin suffers from a remote shell upload vulnerability. It is unclear which versions are affected.
1ade388b04da4022b843bad94d8d596ef14c15bcdc9e5ca5ea07315175b097cdWebCatalog versions prior to 48.8 call the Electron shell.openExternal function without verifying that the URL is for an http or https resource. This vulnerability allows an attacker to potentially execute code through arbitrary protocols on the victims machine by having users sync pages with malicious URLs. The victim has to interact with the link, which can then enable an attacker to bypass security measures for malicious file delivery.
697050685574d8cbeaf2f42aaa7b87535a8f6cf1ec1ce436dac7c65634057623A command injection vulnerability exists in multiple GL.iNet network products, allowing an attacker to inject and execute arbitrary shell commands via JSON parameters at the gl_system_log and gl_crash_log interface in the logread module. This Metasploit exploit requires post-authentication using the Admin-Token cookie/sessionID (SID), typically stolen by the attacker. However, by chaining this exploit with vulnerability CVE-2023-50919, one can bypass the Nginx authentication through a Lua string pattern matching and SQL injection vulnerability. The Admin-Token cookie/SID can be retrieved without knowing a valid username and password. Many products are vulnerable.
b2bca998991626f23b36c98d002d2080249ea5f70d1ddbf836bc60a85c0470dfxbtitFM versions 4.1.18 and below suffer from remote shell upload, remote SQL injection, and path traversal vulnerabilities.
ef1507c81f76ecec6734de5bc13c14f9dd0d27fd26b16cae52e43d8b56f7e84bIn Traceroute versions 2.0.12 through to 2.1.2, the wrapper scripts mishandle shell metacharacters, which can lead to privilege escalation if the wrapper scripts are executed via sudo. The affected wrapper scripts include tcptraceroute, tracepath, traceproto, and traceroute-nanog. Version 2.1.3 addresses this issue.
eee3332e9c084609d76f6804cef55683b3ac0269232445ffe0616c2e821e1a45Red Hat Security Advisory 2024-0214-03 - An update for python-werkzeug is now available for Red Hat OpenStack Platform 17.1. Issues addressed include denial of service and remote shell upload vulnerabilities.
e72c9c61fc04da0c2c56bb14ee3572f7d800cb7d313211fccb50192eb1de162cRed Hat Security Advisory 2024-0189-03 - An update for python-werkzeug is now available for Red Hat OpenStack Platform 17.1. Issues addressed include denial of service and remote shell upload vulnerabilities.
50c2f21eebdf9757eb666fbf646f7701855b330687977003cfb6ff2ba950f45cLot Reservation Management System version 1.0 suffers from a remote shell upload vulnerability.
e412e93388798209ade400aff41a77ff351847f86f63f4e81db78a35ca5ddef3Hospital Management System versions 4.0 and below suffer from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities.
4c4cb4162e1a493a04ab18896d55ef8649d628f41d3426944382f8e72a0ea4f9In this paper, the authors show that as new encryption algorithms and mitigations were added to SSH, the SSH Binary Packet Protocol is no longer a secure channel: SSH channel integrity (INT-PST) is broken for three widely used encryption modes. This allows prefix truncation attacks where some encrypted packets at the beginning of the SSH channel can be deleted without the client or server noticing it. They demonstrate several real-world applications of this attack. They show that they can fully break SSH extension negotiation (RFC 8308), such that an attacker can downgrade the public key algorithms for user authentication or turn off a new countermeasure against keystroke timing attacks introduced in OpenSSH 9.5. They also identified an implementation flaw in AsyncSSH that, together with prefix truncation, allows an attacker to redirect the victim's login into a shell controlled by the attacker. Related proof of concept code from their github has been added to this archive.
3d6be8cc2a9c624a06990226485956c5d92675a632da2182c2546e4af814ff93osCommerce version 4.13-60075 suffers from a remote shell upload vulnerability.
ec2851de45716323cc9586ace2e5ab5f4c1232d38a2afff9df61187983d1047dThis Metasploit module exploits a remote code execution vulnerability in Splunk Enterprise. The affected versions include 9.0.x before 9.0.7 and 9.1.x before 9.1.2. The exploitation process leverages a weakness in the XSLT transformation functionality of Splunk. Successful exploitation requires valid credentials, typically admin:changeme by default. The exploit involves uploading a malicious XSLT file to the target system. This file, when processed by the vulnerable Splunk server, leads to the execution of arbitrary code. The module then utilizes the runshellscript capability in Splunk to execute the payload, which can be tailored to establish a reverse shell. This provides the attacker with remote control over the compromised Splunk instance. The module is designed to work seamlessly, ensuring successful exploitation under the right conditions.
ea31fbcf387f710ebb5a4b9243ec8009edb093af5bce5d17f8b759e679c83bdfKopage Website Builder version 4.4.15 appears to suffer from a remote shell upload vulnerability.
c7c044286a2574e2349a91e45670f2ab02c5df6ed10e4f242160211e6c892661CE Phoenixcart version 1.0.8.20 suffers from a remote shell upload vulnerability.
07b363b061bd5168064a8bc9eb0e871c0ae4e8d96a0a87798b419cec452c6070WBCE CMS version 1.6.1 suffers from a remote shell upload vulnerability.
7695de4e35509e1c4db3c4076032af2a7d6631056618550d68d670c15cf66962
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed