TP-Link cloud cameras NCXXX series (NC200, NC210, NC220, NC230, NC250, NC260, NC450) are vulnerable to an authenticated command injection vulnerability. In all devices except NC210, despite a check on the name length in swSystemSetProductAliasCheck, no other checks are in place in order to prevent shell metacharacters from being introduced. The system name would then be used in swBonjourStartHTTP as part of a shell command where arbitrary commands could be injected and executed as root. NC210 devices cannot be exploited directly via /setsysname.cgi due to proper input validation. NC210 devices are still vulnerable since swBonjourStartHTTP did not perform any validation when reading the alias name from the configuration file. The configuration file can be written, and code execution can be achieved by combining this issue with CVE-2020-12110.
65581bfcfd69f6bd2c8b8917eda921c4Gentoo Linux Security Advisory 202009-8 - An information disclosure vulnerability in GNOME Shell might allow local attackers to obtain sensitive information. Versions less than 3.34.5-r1 are affected.
309e5318135523eb52d41ec01f1dfaceRed Lion N-Tron 702-W and 702M12-W versions 2.0.26 and below suffer from cross site request forgery, hidden shell interface, cross site scripting and busybox vulnerabilities.
0d2c4894db250550f69bf99d4b85cdbdSiteMagic CMS version 4.4.2 suffers from a remote shell upload vulnerability.
9b13334a85c32519bca21e7d26088a4bRed Hat Security Advisory 2020-3592-01 - The bash packages provide Bash, which is the default shell for Red Hat Enterprise Linux.
6866e5562af91fd7c2e0245ba478bbd0CMS Made Simple version 2.2.14 suffers from an authenticated remote shell upload vulnerability.
e2fb278aa541f2c08d1c82df912d2cc9WordPress Autoptimize plugin version 2.7.6 suffers from an authenticated remote shell upload vulnerability.
07265bbb9062f5d7ecf6fa2ea1b61683Ubuntu Security Notice 4464-1 - It was discovered that GNOME Shell incorrectly handled the login screen password dialog. Sensitive information could possibly be exposed during user logout.
8745f9f5ffe60d4092fe96c7797d1064Red Hat Security Advisory 2020-3474-01 - The bash packages provide Bash, which is the default shell for Red Hat Enterprise Linux.
b84476e366afe54f22aacc4f6034cd1dCMS Made Simple version 2.2.14 suffers from an authenticated shell upload vulnerability.
c88d34ecd4d1716eecd2778aa52e4bd3Online Bike Rental version 1.0 suffers from an authenticated remote shell upload vulnerability.
c24d92ba32b907f53df823c312feb8d2Gentoo Linux Security Advisory 202007-63 - Multiple vulnerabilities have been found in SNMP Trap Translator, the worst of which could allow attackers to execute arbitrary shell code. Versions less than 1.4.1 are affected.
050446e49cdf58e9ef909a5278dbe5beOnline Bike Rental version 1.0 suffers from a remote shell upload vulnerability.
5137e92942eb565db42676669250675aKoken CMS version 0.22.24 suffers from a remote shell upload vulnerability.
5b0592db7ea566f8f67175e561151e2fOracle Solaris 11 Device Driver Utility version 1.3.1 suffers from an insecure use of /tmp that can allow for a race condition which leads to privilege escalation. Included exploit provides a root shell.
0d782daa9cfb79ed229915dc519292a7This Metasploit module exploits a vulnerability (CVE-2020-13851) in Pandora FMS versions 7.0 NG 742, 7.0 NG 743, and 7.0 NG 744 (and perhaps older versions) in order to execute arbitrary commands. This module takes advantage of a command injection vulnerability in th e Events feature of Pandora FMS. This flaw allows users to execute arbitrary commands via the target parameter in HTTP POST requests to the Events function. After authenticating to the target, the module attempts to exploit this flaw by issuing such an HTTP POST request, with the target parameter set to contain the payload. If a shell is obtained, the module will try to obtain the local MySQL database password via a simple grep command on the plaintext /var/www/html/pandora_console/include/config.php file. Valid credentials for a Pandora FMS account are required. The account does not need to have admin privileges. This module has been successfully tested on Pandora 7.0 NG 744 running on CentOS 7 (the official virtual appliance ISO for this version).
f5291266eaebb8b290e3a0b7e6659455This Metasploit module exploits a directory traversal in F5's BIG-IP Traffic Management User Interface (TMUI) to upload a shell script and execute it as the root user.
bc9ef269b0fbd9bf35cb0c0f8d89b446Various CDATA OLTs suffer from backdoor access with telnet, credential leaks, shell escape with root privileges, denial of service, and weak encryption algorithm vulnerabilities.
ef3e0aa364c3178ff74985235b1f0282Bolt CMS versions 3.7.0 and below suffer from cross site request forgery, cross site scripting, and remote shell upload vulnerabilities that when combined can achieve remote code execution in one click.
e1905dcd1353235ff99a9faf7ed545efOnline Shopping Portal version 3.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass as well as a shell upload.
a413dd610290694b938f4df3d35a392dThis Metasploit module exploits a cross site request forgery vulnerability in Online Student Enrollment System version 1.0 to perform a shell upload.
5b27f66c5ed24e68abd5443719b457a4This Metasploit module takes advantage of a poorly configured TACACS+ config, Arista's bash shell, and a TACACS+ read-only account to achieve privilege escalation.
c89e5030f0dbb92c9b9a0aaee9be5226This Metasploit module exploits a shell upload vulnerability in Neon LMS versions prior to 4.9.1.
26aa3aff8f77bd3458a0a09ac6e239c5NeonLMS version 3.6 suffers from an authenticated remote shell upload vulnerability.
2c01c097ed4377f370cef2cfdd6872fbThis Metasploit module exploits a file upload feature of Drag and Drop Multi File Upload - Contact Form 7 for versions prior to 1.3.4. The allowed file extension list can be bypassed by appending a %, allowing for php shells to be uploaded. No authentication is required for exploitation.
8741d1320b67d5240a0da5c63f0f5065
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed