104 bytes small Linux x86_64 reverse shell shellcode that binds to 192.168.1.8:4444.
dea72eb758bb16a4a24244f3de24f780DotCMS version 4.1.1 suffers from a remote shell upload vulnerability.
6662f3bad9f3f62ed6c7151df589bba6Easy File Sharing Web Server version 7.2 SEH buffer overflow PassWD exploit that spawns a reverse shell.
0a226fb9ae5920b89126ab6486e607fbPelco IP cameras suffer from a code execution vulnerability. The affected cameras suffer from authenticated remote code execution vulnerability. The POST parameter 'enable_leds' located in the update() function called via the GeneralSetupController.php script is not properly sanitised before being used in writeLedConfig() function to enable led state to on or off. A remote attacker can exploit this issue and execute arbitrary system commands granting her system access with root privileges using a specially crafted request and escape sequence to system shell.
f60def224c0da5db858f33bf6eef0e47Firmware reversing of the Barracuda Web Application Firewall uncovered debug features that should have been removed on the production images. Appending a debugging statement onto a grub configuration line leads to an early boot root shell. Firmware version 8.0.1.014 is affected.
f6f41f262997fb113e39f15d6d42c39cRootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix variety except Solaris and NetBSD.
c625bcb5e226d1f2a7a3a530b7e4fbd975 bytes small Linux/x86 shellcode that binds a shell to port 4444. Contains no NULLs.
501256220065b8b18c393c129a24f35fInvision Power Board version 4.1.19.2 suffers from reflective and stored cross site scripting, cross site request forgery, information disclosure, file upload, and shell access vulnerabilities.
a22518e9d6c3e73504202b0d32770349MyBB versions 1.8.12 and prior is vulnerable to a cross site scripting bug which can allow a moderator to take over an administrator's account and upload a webshell, or perform file enumeration in the instances where it is not possible to spawn a shell.
002a68cf2fe01ab017ee3d244b021e6bWPForce is a suite of Wordpress Attack tools. Currently this contains 2 scripts - WPForce, which brute forces logins via the API, and Yertle, which uploads shells once admin credentials have been found. Yertle also contains a number of post exploitation modules.
1cbb5b143c74242defcaf578c5b9a98eThis Metasploit module will bypass Windows 10 UAC by hijacking a special key in the Registry under the current user hive, and inserting a custom command that will get invoked when the Windows fodhelper.exe application is launched. It will spawn a second shell that has the UAC flag turned off. This Metasploit module modifies a registry key, but cleans up the key once the payload has been invoked. The module does not require the architecture of the payload to match the OS. If specifying EXE::Custom your DLL should call ExitProcess() after starting your payload in a separate process.
b20812c1abf3d3375be101013cd12af0This proof of concept code shows how manager functionality can be abused in ModX CMS to upload a shell.
4a9e82ae99c6a9dbf9554d110145a1a4This proof of concept code shows how administrator functionality can be abused in Joomla to upload a shell.
5342f1f41088abee2af959b87cbce235This proof of concept code shows how administrative functionality can be abused in DokuWiki to upload a shell.
729d40f68a98bc4c5c3dc2afec215396This proof of concept code shows how functionality can be abused in Concrete5 to upload a shell.
9745e0705ed0168941e97981a8f2ab5bThis Metasploit module is a port of the Equation Group ETERNALBLUE exploit, part of the FuzzBunch toolkit released by Shadow Brokers. There is a buffer overflow memmove operation in Srv!SrvOs2FeaToNt. The size is calculated in Srv!SrvOs2FeaListSizeToNt, with mathematical error where a DWORD is subtracted into a WORD. The kernel pool is groomed so that overflow is well laid-out to overwrite an SMBv1 buffer. Actual RIP hijack is later completed in srvnet!SrvNetWskReceiveComplete. This exploit, like the original may not trigger 100% of the time, and should be run continuously until triggered. It seems like the pool will get hot streaks and need a cool down period before the shells rain in again.
aa3f38db6f272747aa8f84141f87e6e4Ubuntu Security Notice 3287-1 - Timo Schmid discovered that the Git restricted shell incorrectly filtered allowed commands. A remote attacker could possibly use this issue to run an interactive pager and access sensitive information.
0110cf09f15d41eb58c3c144079994c7Debian Linux Security Advisory 3848-1 - Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted login shell for Git-only SSH access, allows a user to run an interactive pager by causing it to spawn "git upload-pack --help".
e60c0d507349db5ea9c6655ff7195174113 bytes small Linux/x86-64 reverse shell shellcode for IPv6.
ac5201873bbc6a9ce91386d7e9e153d6Easy File Uploader suffers from a remote shell upload vulnerability.
8ac3610167d2a6610763fae78f9e7f29The management shell on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1 allows the end user to edit the MOTD banner displayed during SSH logon. The editor provided for this is nano. This editor has a keyboard mapped function which lets the user import a file from the local file system into the editor. An attacker can abuse this to read arbitrary files within the allowed permissions.
f78a6aa709d515f34ff4063017a41667Insufficient input validation in the management interface can be leveraged in order to execute arbitrary commands. This can lead to (root) shell access to the underlying operating system on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1.
c05724ef34080811a5c98ed6a6d254cfOctober CMS version 1.0.412 suffers from access bypass, cross site scripting, code execution, and remote shell upload vulnerabilities.
e702737b1f0f3d12d56ab625156a9afcThis Metasploit module exploits a command injection vulnerability in the Huawei HG532n routers provided by TE-Data Egypt, leading to a root shell. The router's web interface has two kinds of logins, a "limited" user:user login given to all customers and an admin mode. The limited mode is used here to expose the router's telnet port to the outside world through NAT port-forwarding. With telnet now remotely accessible, the router's limited "ATP command line tool" (served over telnet) can be upgraded to a root shell through an injection into the ATP's hidden "ping" command.
5846ef508d85837a4608f1c94c201d64Magento versions 2.1.6 and below suffers from cross site request forgery and shell upload vulnerabilities.
7eac7c985713b9e6f32be4da1b6565bb
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed