Zenphoto CMS versions 1.5.7 and below suffer from a remote shell upload vulnerability.
a2953bf434e2c790793df43f6311240fSimple Employee Records System version 1.0 suffers from an unauthenticated remote shell upload vulnerability.
d0eef29666b46dd7390d7081cb53a6e9TestLink version 1.9.20 suffers from a remote shell upload vulnerability.
ae7a82dc9cd277f7eda03cb9961266caOnline Car Rental version 1.0 suffers from a remote shell upload vulnerability.
16e7dbecfa2fc7c91e9c10a0ab80b747Car Rental Project version 2.0 suffers from a remote shell upload vulnerability.
931b1766d4fdd75c0bd8596b70a042b6Online Reviewer System version 1.0 remote shell upload exploit that also leverages a remote SQL injection vulnerability that allows for authentication bypass.
51109808c0a78c3656ec6d9759f49a77Ubuntu Security Notice 4714-1 - Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code execution. A remote attacker could run arbitrary shell commands by manipulating the processed input stream. It was discovered that XStream was vulnerable to server-side forgery attacks. A remote attacker could request data from internal resources that are not publicly available only by manipulating the processed input stream. Various other issues were also addressed.
3cdeed73f8b46410b7481e928cd50ec1This Metasploit module exploits an authenticated remote code execution vulnerability in PRTG Network Monitor. Notifications can be created by an authenticated user and can execute scripts when triggered. Due to a poorly validated input on the script name, it is possible to chain it with a user-supplied command allowing command execution under the context of privileged user. The module uses provided credentials to log in to the web interface, then creates and triggers a malicious notification to perform remote code execution using a Powershell payload. It may require a few tries to get a shell because notifications are queued up on the server. This vulnerability affects versions prior to 18.2.39.
60bd8795d3c06d9bcbf5158034587215WordPress SuperForms plugin version 4.9 suffers from a remote shell upload vulnerability.
133fb86b31b7bb9c43996f7bc1be1913SonicWall SSL-VPN Exploit shellshock unauthenticated remote code execution exploit that provides a shell as uid nobody.
d0bc2623346993f9d6ff22f57c85558e142 bytes small Linux/x64 shellcode that binds a password protected shell to TCP 0.0.0.0:4444.
f8b947c4c7650a50507dafa334b79742Voting System version 1.0 suffers from a remote shell upload vulnerability.
914e629a4a5d9a24d137afe82a7997e2Church Rota version 2.6.4 suffers from an authenticated remote shell upload vulnerability.
e841fbff38c5cede21d193f544b6a04e123 bytes small Linux/x64 reverse shell shellcode that connects to TCP/127.1.1.1:4444.
6fdcaaec184d84b16a741d95de7b3961Cisco UCS Manager version 2.2(1d) remote command execution exploit. An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888.
483ae8252192dee26cf8c9814dc78eb9Life Insurance Management System version 1.0 suffers from a remote shell upload vulnerability.
c698cf2be2d505e9ebdaf79dc6745a4fWordPress AIT CSV Import/Export plugin versions 3.0.3 and below allow unauthenticated remote attackers to upload and execute arbitrary PHP code. The upload-handler does not require authentication, nor validates the uploaded content. It may return an error when attempting to parse a CSV, however the uploaded shell is left. The shell is uploaded to wp-content/uploads/. The plugin is not required to be activated to be exploitable.
c39ac90e0b404ac71d25decc4f495aecWordPress Autoptimize plugin suffers from a remote shell upload vulnerability. The ao_ccss_import AJAX call does not ensure that the file provided is a legitimate zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote code execution.
b411262c32d42ec1cbf7382e1a8f4a37Employee Record System version 1.0 suffers from a remote shell upload vulnerability.
743848822029ae69cea3de6909d752daResponsive E-Learning System version 1.0 suffers from a remote shell upload vulnerability.
34fb807bfbcc5b76646c356f0de6c804Online Learning Management System 1.0 remote command execution exploit. Remote shell upload was already discovered in this version in October of 2020 by Jyotsna Adhana.
f9924d1cbe0095eacec9c93fa6ce973fResumes Management and Job Application Website version 1.0 suffers from a remote shell upload vulnerability.
965020b6096dd5fc5279c3f205e12936Adning Advertising plugin version 1.5.5 suffers from a remote shell upload vulnerability.
4533cad4ba378e377d042ba106f71debVictor CMS version 1.0 suffers from an authenticated remote shell upload vulnerability. A shell upload vulnerability in this version was originally discovered in May of 2020 by Kishan Lal Choudhary.
ea9ec402dba2c583b897d250c5776c88WordPress Contact Form 7 plugin version 5.3.1 suffers from a remote shell upload vulnerability.
fb51b96b8a6834e0059bf0f53bbb280b
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed