what you don't know can hurt you
Showing 1 - 25 of 2,847 RSS Feed

Shell Files

eClass LMS 2.6 Shell Upload
Posted Dec 1, 2020
Authored by Sohel Yousef

eClass LMS version 2.6 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 27ab302a8ee9d1973f951525ce39698f
Complaint Management System 1.0 Shell Upload
Posted Nov 18, 2020
Authored by Mohamed Elobeid

Complaint Management System version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | c7041ac8f36188440071c2ed76b5d17b
Artworks Gallery 1.0 Shell Upload
Posted Nov 16, 2020
Authored by Shahrukh Iqbal Mirza

Artworks Gallery version 1.0 suffers from multiple remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability
advisories | CVE-2020-28688
MD5 | ca2142a5ef21aa8aad9aa7013aa18a0a
Car Rental Management System 1.0 Shell Upload
Posted Nov 16, 2020
Authored by Mehmet Kelepce

Car Rental Management System version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | c42840abea293ce3967f753e3dd1cc6a
Car Rental Management System 1.0 Shell Upload / SQL Injection
Posted Nov 10, 2020
Authored by Fortunato Lodari

Car Rental Management System version 1.0 remote SQL injection and shell upload exploit.

tags | exploit, remote, shell, sql injection
MD5 | 7028cda543bffd9460cbc39e018092da
Red Hat Security Advisory 2020-4697-01
Posted Nov 4, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4697-01 - The targetcli package contains an administration shell for configuring Internet Small Computer System Interface, Fibre Channel over Ethernet, and other SCSI targets, using the Target Core Mod/Linux-IO kernel target subsystem. FCoE users also need to install and use the fcoe-utils package.

tags | advisory, shell, kernel
systems | linux, redhat
advisories | CVE-2020-13867
MD5 | 0d55ec9a68eaef13be5664f16d70a5b8
PDW File Browser 1.3 Shell Upload
Posted Nov 4, 2020
Authored by David Bimmel

PDW File Browser version 1.3 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | c5d984e11fcc1aa1af9a176e3ea360b0
WordPress Simple File List 5.4 Shell Upload
Posted Nov 2, 2020
Authored by H4rk3nz0

WordPress Simple File List plugin version 5.4 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 75488258360850a9899dfe59fe7a49df
Online Library Management System 1.0 Shell Upload
Posted Oct 28, 2020
Authored by Jyotsna Adhana

Online Library Management System version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 459c992933d1f7209cbdf12c6e9c33d4
Sentrifugo 3.2 Shell Upload / Restriction Bypass
Posted Oct 27, 2020
Authored by Gurkirat Singh

Sentrifugo version 3.2 suffers from a restriction bypass vulnerability that allows for a remote shell upload.

tags | exploit, remote, shell, bypass
advisories | CVE-2019-15813
MD5 | 981cdb0177e2271690c25d011e5b38c6
Adtec Digital Products Hardcoded Credentials / Remote Root
Posted Oct 27, 2020
Authored by LiquidWorm | Site zeroscience.mk

Adtec Digital is a leading manufacturer of Broadcast, Cable and IPTV products and solutions. Many of their devices utilize hard-coded and default credentials within its Linux distribution image for Web/Telnet/SSH access. A remote attacker could exploit this vulnerability by logging in using the default credentials for accessing the web interface or gain shell access as root.

tags | exploit, remote, web, shell, root
systems | linux
MD5 | 063154d6c7521ecfedc183b52625d739
GOautodial 4.0 Shell Upload
Posted Oct 21, 2020
Authored by Balzabu

GOautodial version 4.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 1dc47bb67a41c4ba34d498a30ea9daae
WordPress HS Brand Logo Slider 2.1 Shell Upload
Posted Oct 20, 2020
Authored by Net-Hunter

WordPress HS Brand Logo Slider plugin version 2.1 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 247365fd8094a2f47aef67d768cb364f
WordPress SuperStoreFinder 6.1 CSRF / Shell Upload
Posted Oct 20, 2020
Authored by Joe Iz

WordPress SuperStoreFinder plugin version 6.1 suffers from cross site request forgery and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, csrf
MD5 | d65d9b7ecb896e5b99b319e01822cb42
Online Student's Management System 1.0 Shell Upload
Posted Oct 19, 2020
Authored by Akiner Kisa

Online Student's Management System version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | d8d317865accc39f0ea9c31f5b1c18ab
Tourism Management System 1.0 Shell Upload
Posted Oct 19, 2020
Authored by Saurav Shukla, Ankita Pal

Tourism Management System version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 023224c77cadc9a82e003c481b8f416f
Ubuntu Security Notice USN-4582-1
Posted Oct 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4582-1 - It was discovered that Vim incorrectly handled permissions on the .swp file. A local attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS. It was discovered that Vim incorrectly handled restricted mode. A local attacker could possibly use this issue to bypass restricted mode and execute arbitrary commands. Note: This update only makes executing shell commands more difficult. Restricted mode should not be considered a complete security measure. Various other issues were also addressed.

tags | advisory, arbitrary, shell, local
systems | linux, ubuntu
advisories | CVE-2017-17087, CVE-2019-20807
MD5 | e6159e2f38d8be01d2ed2841a3b41473
MaraCMS 7.5 Remote Code Execution
Posted Sep 28, 2020
Authored by Erik Wynter, Michele Cisternino | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability in MaraCMS versions 7.5 and below in order to execute arbitrary commands. The module first attempts to authenticate to MaraCMS. It then tries to upload a malicious PHP file to the web root via an HTTP POST request to codebase/handler.php. If the php target is selected, the payload is embedded in the uploaded file and the module attempts to execute the payload via an HTTP GET request to this file. For the linux and windows targets, the module uploads a simple PHP web shell. Subsequently, it leverages the CmdStager mixin to deliver the final payload via a series of HTTP GET requests to the PHP web shell. Valid credentials for a MaraCMS admin or manager account are required. This module has been successfully tested against MaraCMS 7.5 running on Windows Server 2012 (XAMPP server).

tags | exploit, web, arbitrary, shell, root, php, file upload
systems | linux, windows
advisories | CVE-2020-25042
MD5 | f3fcdcf0924156e882b29740d16480f8
Ubuntu Security Notice USN-4533-1
Posted Sep 23, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4533-1 - Veeti Veteläinen discovered that the LTSP Display Manager incorrectly handled user logins from unsupported shells. A local attacker could possibly use this issue to gain root privileges.

tags | advisory, shell, local, root
systems | linux, ubuntu
advisories | CVE-2019-20373
MD5 | f737de063aa0c72d9f092dd14307d74a
Red Hat Security Advisory 2020-3803-01
Posted Sep 22, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3803-01 - The bash packages provide Bash, which is the default shell for Red Hat Enterprise Linux.

tags | advisory, shell, bash
systems | linux, redhat
advisories | CVE-2019-9924
MD5 | 09a3b8e514d3cfd4046dff77d503199d
VyOS restricted-shell Escape / Privilege Escalation
Posted Sep 21, 2020
Authored by Brendan Coles, Rich Mirch | Site metasploit.com

This Metasploit module exploits command injection vulnerabilities and an insecure default sudo configuration on VyOS versions 1.0.0 through 1.1.8 to execute arbitrary system commands as root. VyOS features a restricted-shell system shell intended for use by low privilege users with operator privileges. This module exploits a vulnerability in the telnet command to break out of the restricted shell, then uses sudo to exploit a command injection vulnerability in /opt/vyatta/bin/sudo-users/vyatta-show-lldp.pl to execute commands with root privileges. This module has been tested successfully on VyOS 1.1.8 amd64 and VyOS 1.0.0 i386.

tags | exploit, arbitrary, shell, root, vulnerability
advisories | CVE-2018-18556
MD5 | 3d5d65d5e0f254ce3c9343e508e95b9d
TP-Link Cloud Cameras NCXXX Bonjour Command Injection
Posted Sep 18, 2020
Authored by Pietro Oliva | Site metasploit.com

TP-Link cloud cameras NCXXX series (NC200, NC210, NC220, NC230, NC250, NC260, NC450) are vulnerable to an authenticated command injection vulnerability. In all devices except NC210, despite a check on the name length in swSystemSetProductAliasCheck, no other checks are in place in order to prevent shell metacharacters from being introduced. The system name would then be used in swBonjourStartHTTP as part of a shell command where arbitrary commands could be injected and executed as root. NC210 devices cannot be exploited directly via /setsysname.cgi due to proper input validation. NC210 devices are still vulnerable since swBonjourStartHTTP did not perform any validation when reading the alias name from the configuration file. The configuration file can be written, and code execution can be achieved by combining this issue with CVE-2020-12110.

tags | exploit, arbitrary, shell, cgi, root, code execution
advisories | CVE-2020-12109
MD5 | 65581bfcfd69f6bd2c8b8917eda921c4
Gentoo Linux Security Advisory 202009-08
Posted Sep 14, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202009-8 - An information disclosure vulnerability in GNOME Shell might allow local attackers to obtain sensitive information. Versions less than 3.34.5-r1 are affected.

tags | advisory, shell, local, info disclosure
systems | linux, gentoo
advisories | CVE-2020-17489
MD5 | 309e5318135523eb52d41ec01f1dface
Red Lion N-Tron 702-W / 702M12-W 2.0.26 XSS / CSRF / Shell
Posted Sep 3, 2020
Authored by T. Weber | Site sec-consult.com

Red Lion N-Tron 702-W and 702M12-W versions 2.0.26 and below suffer from cross site request forgery, hidden shell interface, cross site scripting and busybox vulnerabilities.

tags | exploit, shell, vulnerability, xss, csrf
advisories | CVE-2020-16204, CVE-2020-16206, CVE-2020-16208, CVE-2020-16210
MD5 | 0d2c4894db250550f69bf99d4b85cdbd
SiteMagic CMS 4.4.2 Shell Upload
Posted Sep 3, 2020
Authored by V1n1v131r4

SiteMagic CMS version 4.4.2 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 9b13334a85c32519bca21e7d26088a4b
Page 1 of 114
Back12345Next

File Archive:

December 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    22 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close