what you don't know can hurt you
Showing 1 - 25 of 2,960 RSS Feed

Shell Files

Hotel Management System 1.0 Cross Site Scripting / Shell Upload
Posted Aug 3, 2021
Authored by Merbin Russel

Hotel Management System version 1.0 exploit that leverages a blind cross site scripting attack against the admin to have a reverse PHP shell uploaded.

tags | exploit, shell, php, xss
MD5 | aa7d7b6de743aefd9eda1c19bbe45794
ObjectPlanet Opinio 7.13 Shell Upload
Posted Jul 30, 2021
Authored by Daniel Tan, Khor Yong Heng, Timothy Tan, Yu Enhui

ObjectPlanet Opinio version 7.13 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2020-26806
MD5 | 428a660ba8fcf617d5de88b7920acbe4
Event Registration System With QR Code 1.0 Shell Upload
Posted Jul 28, 2021
Authored by Javier Olmedo

Event Registration System with QR Code version 1.0 suffers from authentication bypass and shell upload vulnerabilities.

tags | exploit, shell, vulnerability, bypass
MD5 | 0258508306684f3c1ccb2c248610b9a3
Red Hat Security Advisory 2021-2438-01
Posted Jul 28, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2438-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include bypass, code execution, denial of service, open redirection, resource exhaustion, and remote shell upload vulnerabilities.

tags | advisory, remote, denial of service, shell, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2016-2183, CVE-2020-15106, CVE-2020-15112, CVE-2020-15113, CVE-2020-15114, CVE-2020-15136, CVE-2020-26160, CVE-2020-26541, CVE-2020-28469, CVE-2020-28500, CVE-2020-28852, CVE-2020-7774, CVE-2021-20206, CVE-2021-20271, CVE-2021-20291, CVE-2021-21419, CVE-2021-21623, CVE-2021-21639, CVE-2021-21640, CVE-2021-21648, CVE-2021-22133, CVE-2021-23337, CVE-2021-23362, CVE-2021-23368, CVE-2021-23382, CVE-2021-25735
MD5 | dda5a75b5b7fd18f58795ba51eeb6a02
Denver Smart Wifi Camera SHC-150 Remote Code Execution
Posted Jul 28, 2021
Authored by Ivan Nikolsky

Denver Smart Wifi Camera SHC-150 has a hardcoded backdoor login vulnerability available via telnet that gives a shell.

tags | exploit, shell
MD5 | a9a3afa83abcffe28d96ceb14d65cdc7
WordPress SP Project And Document Remote Code Execution
Posted Jul 26, 2021
Authored by Ron Jost, Yann Castel | Site metasploit.com

This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in WordPress SP Project and Document plugin versions prior to 4.22. The security check only searches for lowercase file extensions such as .php, making it possible to upload .pHP files for instance. Finally, the uploaded payload can be triggered by a call to /wp-content/uploads/sp-client-document-manager/<user_id>/<random_payload_name>.php.

tags | exploit, arbitrary, shell, php, file upload
advisories | CVE-2021-24347
MD5 | d73daa7ac6681410691920aff7640598
WordPress Modern Events Calendar Remote Code Execution
Posted Jul 26, 2021
Authored by Ron Jost, Yann Castel, Nguyen Van Khanh | Site metasploit.com

This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in WordPress Modern Events Calendar plugin versions prior to 5.16.5. This is due to an incorrect check of the uploaded file extension. Indeed, by using text/csv content-type in a request, it is possible to upload a .php payload as is is not forbidden by the plugin. Finally, the uploaded payload can be triggered by a call to /wp-content/uploads/<random_payload_name>.php.

tags | exploit, arbitrary, shell, php, file upload
advisories | CVE-2021-24145
MD5 | 75b29e689541f825031d9308d2c36b24
WordPress Backup Guard Authenticated Remote Code Execution
Posted Jul 21, 2021
Authored by Ron Jost, Nguyen Van Khanh | Site metasploit.com

This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in Wordpress plugin Backup Guard versions prior to 1.6.0. This is due to an incorrect check of the uploaded file extension which should be of SGBP type. Then, the uploaded payload can be triggered by a call to /wp-content/uploads/backup-guard/<random_payload_name>.php.

tags | exploit, arbitrary, shell, php, file upload
advisories | CVE-2021-24155
MD5 | a13b79ee96d9f6b0f86db446a8c091a9
Webmin 1.973 Cross Site Request Forgery
Posted Jul 20, 2021
Authored by Mesh3l_911, Z0ldyck

Webmin version 1.973 cross site request forgery exploit that loads a reverse shell.

tags | exploit, shell, csrf
advisories | CVE-2021-31761
MD5 | 64d50ff2e6b23cb13a822ba9d9b79c96
Linux/x86 Egghunter Reverse TCP Shell Shellcode
Posted Jul 19, 2021
Authored by D7X

Linux/x86 egghunter reverse TCP shell shellcode generator with dynamic IP and port.

tags | shell, x86, tcp, shellcode
systems | linux
MD5 | 12a643a44f3245dd82780330839889e3
WordPress Popular Posts 5.3.2 Shell Upload
Posted Jul 15, 2021
Authored by Simone Cristofaro

WordPress Popular Posts plugin version 5.3.2 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | d260aa6f7a6cdf6bd50085eb8b82c659
Garbage Collection Management System 1.0 Shell Upload / SQL Injection
Posted Jul 13, 2021
Authored by Luca Bernardi

Garbage Collection Management System version 1.0 shell upload exploit that leverages a SQL injection vulnerability.

tags | exploit, shell, sql injection
MD5 | ea34ecce44fb54eefcd9fffe39d45a35
OpenEMR 5.0.1.3 Shell Upload
Posted Jul 13, 2021
Authored by Alexandre Zanni

OpenEMR version 5.0.1.3 authenticated remote shell upload exploit that leverages a vulnerability discovered in 2018.

tags | exploit, remote, shell
advisories | CVE-2018-15139
MD5 | 42dde552844a71d54aa98a08c105ae9f
Linux/x86 Reverse TCP Shell Shellcode
Posted Jul 12, 2021
Authored by D7X

86 bytes small Linux/x86 reverse TCP shell with dynamic IP and port binding shellcode.

tags | shell, x86, tcp, shellcode
systems | linux
MD5 | 15a0f14a218e63eb34bcd799a25afa3f
Church Management System 1.0 Shell Upload / SQL Injection
Posted Jul 9, 2021
Authored by Eleonora Guardini

Church Management System version 1.0 shell upload exploit that leverages SQL injection.

tags | exploit, shell, sql injection
MD5 | 754760cca1be4200f17b82d4eeeb4ddc
Wyomind Help Desk 1.3.6 XSS / Traversal / Shell Upload
Posted Jul 8, 2021
Authored by Patrik Lantz

Wyomind Help Desk version 1.3.6 suffers from remote shell upload, cross site scripting, and directory traversal vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss, file inclusion
MD5 | 59218439c3ab4fb34a4f3a6427121b87
Online Covid Vaccination Scheduler System 1.0 Shell Upload
Posted Jul 8, 2021
Authored by faisalfs10x

Online Covid Vaccination Scheduler System version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | f427b73c7117627cde91d42a7bb201e0
WordPress SP Project And Document Manager 4.21 Shell Upload
Posted Jul 8, 2021
Authored by Ron Jost

WordPress SP Project and Document Manager plugin version 4.21 suffers from a remote shell upload vulnerability.

tags | exploit, shell
advisories | CVE-2021-24347
MD5 | 2b2c3c8691137157e2a48f7efcdd8a79
NSClient++ 0.5.2.35 Privilege Escalation
Posted Jul 6, 2021
Authored by bzyo, kindredsec, Yann Castel | Site metasploit.com

This Metasploit module allows an attacker with an unprivileged windows account to gain admin access on windows system and start a shell. For this module to work, both the NSClient++ web interface and ExternalScripts features must be enabled. You must also know where the NSClient config file is, as it is used to read the admin password which is stored in clear text.

tags | exploit, web, shell
systems | windows
MD5 | e99505921a58963a745bb746bb2715a9
Exam Hall Management System 1.0 Shell Upload
Posted Jul 6, 2021
Authored by Thamer Almohammadi

Exam Hall Management System version 1.0 suffers from an unauthenticated remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | ee9e3fa29a87a987f88bfe2690b24db2
Billing System Project 1.0 Shell Upload
Posted Jul 6, 2021
Authored by Talha Demirsoy

Billing System Project version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 35dd65abd4cbd23a6e90dc15236cb784
Phone Shop Sales Managements System 1.0 Shell Upload
Posted Jul 6, 2021
Authored by faisalfs10x

Phone Shop Sales Managements System version 1.0 shell upload exploit. This is a variant of the original discovery made in this version of the software by Richard Jones in April of 2021.

tags | exploit, shell
MD5 | 43e2188ea8e5bf388fc76dbda5e3b6df
Ricon Industrial Cellular Router S9922XL Remote Command Execution
Posted Jul 5, 2021
Authored by LiquidWorm | Site zeroscience.mk

Ricon Industrial Cellular Router S9922XL suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the admin (root) user via the ping_server_ip POST parameter. It is also vulnerable to Heartbleed.

tags | exploit, arbitrary, shell, root
MD5 | 23fc8665a81e1f9a6166b3c13847b608
Simple Client Management System 1.0 SQL Injection / Shell Upload
Posted Jul 5, 2021
Authored by Ishan Saha

Simple Client Management System version 1.0 shell upload exploit that leverages SQL injection.

tags | exploit, shell, sql injection
MD5 | 5bd758665b3d42345b29f38a20d36289
WordPress Backup Guard 1.5.8 Shell Upload
Posted Jul 5, 2021
Authored by Ron Jost

WordPress Backup Guard plugin version 1.5.8 remote shell upload exploit.

tags | exploit, remote, shell
advisories | CVE-2021-24155
MD5 | 75b99c3a3102d89bce9985d105ebe3a3
Page 1 of 119
Back12345Next

File Archive:

August 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    1 Files
  • 2
    Aug 2nd
    7 Files
  • 3
    Aug 3rd
    5 Files
  • 4
    Aug 4th
    7 Files
  • 5
    Aug 5th
    7 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close