exploit the possibilities
Showing 1 - 25 of 2,811 RSS Feed

Shell Files

Pandora FMS 7.0 NG 7XX Remote Command Execution
Posted Jul 11, 2020
Authored by Fernando Catoira, Erik Wynter, Julio Sanchez | Site metasploit.com

This Metasploit module exploits a vulnerability (CVE-2020-13851) in Pandora FMS versions 7.0 NG 742, 7.0 NG 743, and 7.0 NG 744 (and perhaps older versions) in order to execute arbitrary commands. This module takes advantage of a command injection vulnerability in th e Events feature of Pandora FMS. This flaw allows users to execute arbitrary commands via the target parameter in HTTP POST requests to the Events function. After authenticating to the target, the module attempts to exploit this flaw by issuing such an HTTP POST request, with the target parameter set to contain the payload. If a shell is obtained, the module will try to obtain the local MySQL database password via a simple grep command on the plaintext /var/www/html/pandora_console/include/config.php file. Valid credentials for a Pandora FMS account are required. The account does not need to have admin privileges. This module has been successfully tested on Pandora 7.0 NG 744 running on CentOS 7 (the official virtual appliance ISO for this version).

tags | exploit, web, arbitrary, shell, local, php
systems | linux, centos
advisories | CVE-2020-13851
MD5 | f5291266eaebb8b290e3a0b7e6659455
F5 BIG-IP TMUI Directory Traversal / File Upload / Code Execution
Posted Jul 7, 2020
Authored by wvu, Mikhail Klyuchnikov | Site metasploit.com

This Metasploit module exploits a directory traversal in F5's BIG-IP Traffic Management User Interface (TMUI) to upload a shell script and execute it as the root user.

tags | exploit, shell, root
advisories | CVE-2020-5902
MD5 | bc9ef269b0fbd9bf35cb0c0f8d89b446
CDATA OLTs Backdoor / Privilege Escalation / Information Disclosure
Posted Jul 7, 2020
Authored by Pierre Kim

Various CDATA OLTs suffer from backdoor access with telnet, credential leaks, shell escape with root privileges, denial of service, and weak encryption algorithm vulnerabilities.

tags | exploit, denial of service, shell, root, vulnerability
MD5 | 2e33e528404f107efc0dd79c6d3284e7
Bolt CMS 3.7.0 XSS / CSRF / Shell Upload
Posted Jul 3, 2020
Authored by Sivanesh Ashok

Bolt CMS versions 3.7.0 and below suffer from cross site request forgery, cross site scripting, and remote shell upload vulnerabilities that when combined can achieve remote code execution in one click.

tags | exploit, remote, shell, vulnerability, code execution, xss, csrf
advisories | CVE-2020-4040, CVE-2020-4041
MD5 | e1905dcd1353235ff99a9faf7ed545ef
Online Shopping Portal 3.1 SQL Injection / Shell Upload
Posted Jul 1, 2020
Authored by Umit Yalcin

Online Shopping Portal version 3.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass as well as a shell upload.

tags | exploit, remote, shell, sql injection
MD5 | a413dd610290694b938f4df3d35a392d
Online Student Enrollment System 1.0 Shell Upload
Posted Jun 25, 2020
Authored by BKpatron, th3d1gger | Site metasploit.com

This Metasploit module exploits a cross site request forgery vulnerability in Online Student Enrollment System version 1.0 to perform a shell upload.

tags | exploit, shell, csrf
MD5 | 5b27f66c5ed24e68abd5443719b457a4
Arista Restricted Shell Escape / Privilege Escalation
Posted Jun 16, 2020
Authored by Chris Anders | Site metasploit.com

This Metasploit module takes advantage of a poorly configured TACACS+ config, Arista's bash shell, and a TACACS+ read-only account to achieve privilege escalation.

tags | exploit, shell, bash
advisories | CVE-2020-9015
MD5 | c89e5030f0dbb92c9b9a0aaee9be5226
Neon LMS Shell Upload
Posted Jun 16, 2020
Authored by th3d1gger | Site metasploit.com

This Metasploit module exploits a shell upload vulnerability in Neon LMS versions prior to 4.9.1.

tags | exploit, shell
MD5 | 26aa3aff8f77bd3458a0a09ac6e239c5
NeonLMS 4.6 Shell Upload
Posted Jun 6, 2020
Authored by th3d1gger

NeonLMS version 3.6 suffers from an authenticated remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 2c01c097ed4377f370cef2cfdd6872fb
WordPress Drag And Drop Multi File Uploader Remote Code Execution
Posted Jun 4, 2020
Authored by h00die, Austin Martin | Site metasploit.com

This Metasploit module exploits a file upload feature of Drag and Drop Multi File Upload - Contact Form 7 for versions prior to 1.3.4. The allowed file extension list can be bypassed by appending a %, allowing for php shells to be uploaded. No authentication is required for exploitation.

tags | exploit, shell, php, file upload
advisories | CVE-2020-12800
MD5 | 8741d1320b67d5240a0da5c63f0f5065
Cayin Content Management Server 11.0 Root Remote Command Injection
Posted Jun 4, 2020
Authored by LiquidWorm | Site zeroscience.mk

CAYIN CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the NTP_Server_IP HTTP POST parameter in system.cgi page.

tags | exploit, web, arbitrary, shell, cgi, root
MD5 | 2b40a82dbae2a46bd38664601734d373
Cayin Signage Media Player 3.0 Root Remote Command Injection
Posted Jun 4, 2020
Authored by LiquidWorm | Site zeroscience.mk

CAYIN SMP-xxxx suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the NTP_Server_IP HTTP GET parameter in system.cgi and wizard_system.cgi pages.

tags | exploit, web, arbitrary, shell, cgi, root
MD5 | 9a04cbad2c7bcc1e00789b91f73a0061
Clinic Management System 1.0 Shell Upload
Posted Jun 4, 2020
Authored by BKpatron

Clinic Management System version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | aef32468a77bdfeb84c28f99eb758777
PanaceaSoft Shell Upload
Posted May 29, 2020
Authored by SyFi

Various PanaceaSoft products appear to suffer from a shell upload vulnerability.

tags | exploit, shell
MD5 | dbac78cf550b5cda3c73303bea5d98e1
WordPress Drag And Drop File Upload Contact Form 1.3.3.2 Shell Upload
Posted May 27, 2020
Authored by Austin Martin

WordPress Drag and Drop File Upload Contact Form plugin version 1.3.3.2 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, file upload
MD5 | 415c8b9b89531c519f109fc5a2a6d49f
Red Hat Security Advisory 2020-2210-01
Posted May 19, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2210-01 - KornShell is a Unix shell which is backward-compatible with the Bourne shell and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard. A code injection vulnerability has been addressed.

tags | advisory, shell
systems | linux, redhat, unix, osx
advisories | CVE-2019-14868
MD5 | fd8c80347cd4ed97e92d1050f4903caf
Victor CMS 1.0 Shell Upload
Posted May 19, 2020
Authored by Kishan Lal Choudhary

Victor CMS version 1.0 suffers from an authenticated remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 7f5c0f7f129fcb1e7e08e68329e0210b
CuteNews 2.1.2 Authenticated Shell Upload
Posted May 12, 2020
Authored by Vigov5

CuteNews version 2.1.2 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, file upload
MD5 | 854221f3da517dea5c1d414090b7e5df
IBM Data Risk Manager 2.0.3 Remote Code Execution
Posted May 5, 2020
Authored by Pedro Ribeiro | Site metasploit.com

IBM Data Risk Manager (IDRM) contains three vulnerabilities that can be chained by an unauthenticated attacker to achieve remote code execution as root. The first is an unauthenticated bypass, followed by a command injection as the server user, and finally abuse of an insecure default password. This module exploits all three vulnerabilities, giving the attacker a root shell. At the time of disclosure, this is a 0day. Versions 2.0.3 and below are confirmed to be affected, and the latest 2.0.6 is most likely affected too.

tags | exploit, remote, shell, root, vulnerability, code execution
advisories | CVE-2020-4427, CVE-2020-4428, CVE-2020-4429
MD5 | 3146f36e720ad41b90d484a8f93fd1de
TP-LINK Cloud Cameras NCXXX Bonjour Command Injection
Posted May 1, 2020
Authored by Pietro Oliva

TP-LINK Cloud Cameras including products NC200, NC210, NC220, NC230, NC250, NC260, and NC450 suffer from a command injection vulnerability. The issue is located in the swSystemSetProductAliasCheck method of the ipcamera binary (Called when setting a new alias for the device via /setsysname.fcgi), where despite a check on the name length, no other checks are in place in order to prevent shell metacharacters from being introduced. The system name would then be used in swBonjourStartHTTP as part of a shell command where arbitrary commands could be injected and executed as root.

tags | exploit, arbitrary, shell, root
advisories | CVE-2020-12109
MD5 | 55083492881e98ef2dd06b513cdf658d
Red Hat Security Advisory 2020-1933-01
Posted Apr 29, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1933-01 - The targetcli package contains an administration shell for configuring Internet Small Computer System Interface, Fibre Channel over Ethernet, and other SCSI targets, using the Target Core Mod/Linux-IO kernel target subsystem. FCoE users also need to install and use the fcoe-utils package. A command execution vulnerability was addressed.

tags | advisory, shell, kernel
systems | linux, redhat
advisories | CVE-2020-10699
MD5 | 88341a0345f7668c4411745c48d226ed
Linux/x86 Reverse Shell Generator Shellcode
Posted Apr 24, 2020
Authored by Bobby Cooke

80 bytes small Linux/x86 reverse shell generator shellcode with customizable TCP port and IP address.

tags | shell, x86, tcp, shellcode
systems | linux
MD5 | 937201f1ff92ab4fabd623cad7224a07
Metasploit Libnotify Arbitrary Command Execution
Posted Apr 17, 2020
Authored by pasta | Site metasploit.com

This Metasploit module exploits a shell command injection vulnerability in the libnotify plugin. This vulnerability affects Metasploit versions 5.0.79 and earlier.

tags | exploit, shell
advisories | CVE-2020-7350
MD5 | 885145668200c03fca22ddeebb838fd3
Red Hat Security Advisory 2020-1333-01
Posted Apr 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1333-01 - KornShell is a Unix shell developed by AT+T Bell Laboratories, which is backward-compatible with the Bourne shell and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard. A code injection vulnerability has been addressed.

tags | advisory, shell
systems | linux, redhat, unix, osx
advisories | CVE-2019-14868
MD5 | 129fab33e89337166620907e653bddf2
Red Hat Security Advisory 2020-1332-01
Posted Apr 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1332-01 - KornShell is a Unix shell developed by AT+T Bell Laboratories, which is backward-compatible with the Bourne shell and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard. A code injection vulnerability has been addressed.

tags | advisory, shell
systems | linux, redhat, unix, osx
advisories | CVE-2019-14868
MD5 | 4326e13a6cfed935ccfe0b0a3331ba4c
Page 1 of 113
Back12345Next

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    12 Files
  • 4
    Jul 4th
    1 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    25 Files
  • 7
    Jul 7th
    35 Files
  • 8
    Jul 8th
    4 Files
  • 9
    Jul 9th
    9 Files
  • 10
    Jul 10th
    7 Files
  • 11
    Jul 11th
    4 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close