exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

Files

ZeroShell 3.9.0 Remote Command Execution
Posted Nov 24, 2020
Authored by Juan Manuel Fernandez | Site metasploit.com

This Metasploit module exploits an unauthenticated command injection vulnerability found in ZeroShell version 3.9.0 in the "/cgi-bin/kerbynet" url. As sudo is configured to execute /bin/tar without a password (NOPASSWD) it is possible to run root commands using the "checkpoint" tar options.

tags | exploit, cgi, root
advisories | CVE-2019-12725
SHA-256 | e52e0c15527e1e5b23e1a5f32e17df46f22d8f0dc8643606d04c891cd43c603d

Related Files

ZeroShell 3.9.0 Remote Command Execution
Posted May 13, 2021
Authored by Fellipe Oliveira

ZeroShell version 3.9.0 remote command execution exploit.

tags | exploit, remote
advisories | CVE-2019-12725
SHA-256 | 96c5da86a5778d99416aad82b1040be38451d87a9ecabe804150409665073dbd
Zeroshell 3.6.0 / 3.7.0 Remote Code Execution
Posted Jan 13, 2017
Authored by Ozer Goker

Zeroshell versions 3.6.0 and 3.7.0 suffer from an unauthenticated remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 74886281cc18d29f2b9886ef752a85acc1ecc5a30e4d7d4bf6051f94dc29067d
ZeroShell 2.0 RC3 Command Injection / Cross Site Scripting
Posted Oct 3, 2013
Authored by xistence

ZeroShell version 2.0 RC3 suffers from command injection and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | c6b7a171ee0acfbc63038e7082d14a3c678fc1589e9e4db140b10e4c2c32b948
ZeroShell Remote Code Execution
Posted Sep 25, 2013
Authored by Yann CAM | Site metasploit.com

This Metasploit module exploits a vulnerability found in ZeroShell 2.0 RC2 and lower. It will leverage an unauthenticated local file inclusion vulnerability in the "/cgi-bin/kerbynet" url. The file retrieved is "/var/register/system/ldap/rootpw". This file contains the admin password in cleartext. The password is used to login as the admin user. After the authentication process is complete it will use the RunScript action to execute the payload with root privileges.

tags | exploit, local, cgi, root, file inclusion
SHA-256 | f2193eea137458685913c7447d099d29999247310ec1af67fb445ea5bf5576dc
ZeroShell 2.0RC2 File Disclosure / Command Execution
Posted Aug 13, 2013
Authored by Yann CAM

ZeroShell version 2.0RC2 suffers from remote command execution and file disclosure vulnerabilities.

tags | exploit, remote, vulnerability, info disclosure
SHA-256 | a3301b1b1b854ed7a03d68ac3c2b4962977e82f6b314949e717334f8076016a4
ZeroShell Code Execution
Posted Feb 9, 2009
Authored by Luca Carettoni | Site ikkisoft.com

ZeroShell versions 1.0beta11 and below suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 15b6637e4b0289913a8d4d63a52e96e1a32f244030761fbf336ec8cf371497fd
Page 1 of 1
Back1Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close