This Metasploit module exploits a bug in io_uring leading to an additional put_cred() that can be exploited to hijack credentials of other processes. This exploit will spawn SUID programs to get the freed cred object reallocated by a privileged process and abuse them to create a SUID root binary that will pop a shell. The dangling cred pointer will, however, lead to a kernel panic as soon as the task terminates and its credentials are destroyed. We therefore detach from the controlling terminal, block all signals and rest in silence until the system shuts down and we get killed hard, just to cry in vain, seeing the kernel collapse. The bug affected kernels from v5.12-rc3 to v5.14-rc7. More than 1 CPU is required for exploitation. Successfully tested against Ubuntu 22.04.01 with kernel 5.13.12-051312-generic.
ddab5b3975fc82e2a23c5e4e05a57af4893abfbc613df02d507c1013c62dc088Debian Linux Security Advisory 5332-1 - Multiple issues were found in Git, a distributed revision control system. An attacker may trigger remote code execution, cause local users into executing arbitrary commands, leak information from the local filesystem, and bypass restricted shell.
da3283ba137fd88f874430e108ec655e6a4a13b1797054b92dadf3a00e03641dRed Hat Security Advisory 2023-0340-01 - The bash packages provide Bash, which is the default shell for Red Hat Enterprise Linux. Issues addressed include a buffer overflow vulnerability.
c4175fcaf8e760446048b0702a788a15a9b75b05bd2cee9ae422f72e0f822ceeFood Ordering System version 2 suffers from a remote shell upload vulnerability.
761ebf82d1e3d77cbb9e3df3aaa127409e8b8765f9bcd58a38d94c86c83af0cfWordPress Slider Revolution plugin versions 4.x.x suffer from a remote shell upload vulnerability.
91ad27d5b8aae997e047295a60a4b87610223abd915335d38e21feaee0c21334Online Food Ordering System version 2.0 suffers from a remote shell upload vulnerability.
ed85146f24b10099cae57f78d6acaf8386a62cc901158ad0489e271b7f3389abDebian Linux Security Advisory 5314-1 - It was discovered that missing input sanitising in the ctags functionality of Emacs may result in the execution of arbitrary shell commands.
8d71031be094dc1bac13e1c7994d1cfcdb0da1ae5dd428700ba4439417aa0081Online Food Ordering System version 2.0 suffers from a remote shell upload vulnerability.
79d4531d706ef446604fb8038c79402773af79beb3b81e0c9574ec534b5d9ec8WordPress Slider Revolution plugin version 4.6.5 suffers from a remote shell upload vulnerability.
4e8cadbe4d270676c58df50959e60ad62c48e787dbed667844e8a8eda46f121aDebian Linux Security Advisory 5310-1 - It was discovered that ruby-image-processing, a ruby package that provides higher-level image processing helpers, is prone to a remote shell execution vulnerability when using the #apply method to apply a series of operations coming from unsanitized user input.
9114837e45c7440099d3923f2a43991909f94c975f31c25f4230d59e7dc5f0faSugarCRM versions up to 12.2.0 suffer from a remote shell upload vulnerability.
74cace1b6e9afc52d16c5afdcecc42e3abd20dc7f1ccb5629f3f64b72179e905WordPress Yith WooCommerce Gift Cards Premium plugin versions 3.19.0 and below suffer from a remote shell upload vulnerability.
dcd88dd9c8059a2065d4797ada28efaa82a7e64b25ece681f77bf1889891ddf7Judging Management System version 1.0 a remote shell upload vulnerability.
83f876fc3d80ece47561fec342194ec07aa98b26bfff525e03e3d4f6b07ff644Planet eStream versions prior to 6.72.10.07 suffer from shell upload, account takeover, broken access control, SQL injection, both persistent and reflective cross site scripting, path traversal, and information disclosure vulnerabilities.
0dca96db49c3aae632e40d6b29c30d32088f3d7c6667b64b954a6a6345dcc625Red Hat Security Advisory 2022-8872-01 - An update for python-django20 is now available for Red Hat OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2. Issues addressed include cross site scripting, denial of service, remote shell upload, and remote SQL injection vulnerabilities.
e5e7d087bfcb84b64424f6f5ba3f374d1774f83da6dd2bb3d702e487b2cbd58bRed Hat Security Advisory 2022-8863-01 - Paramiko is a module for python 2.3 or greater that implements the SSH2 protocol for secure connections to remote machines. Unlike SSL, the SSH2 protocol does not require heirarchical certificates signed by a powerful central authority. You may know SSH2 as the protocol that replaced telnet and rsh for secure access to remote shells, but the protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel.
59534817e9e5c4ed208e21817cc8d384718759ee9feaec332ee49ea7ba65f1b5Red Hat Security Advisory 2022-8845-01 - Paramiko is a module for python 2.3 or greater that implements the SSH2 protocol for secure connections to remote machines. Unlike SSL, the SSH2 protocol does not require heirarchical certificates signed by a powerful central authority. You may know SSH2 as the protocol that replaced telnet and rsh for secure access to remote shells, but the protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel.
a6a2060126d1be99be2aca8297f1257ee4619fcacb1e48e24b430da0c6b1eb8cRoxy Fileman versions 1.4.6 and below remote shell upload proof of concept exploit.
16a9c59173c82b869a340397a5e68377531e0e0f9be9781793142e4f47786e1bAll FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to remote command injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. This module uses the vulnerability to upload and execute payloads gaining root privileges.
a321cd3e8960e684cbab1cd82bb0f9be0cda474af87c57e7f89fa9aaa83b6bcaThis Metasploit module exploits a vulnerable sudo configuration that permits the Zimbra user to execute postfix as root. In turn, postfix can execute arbitrary shellscripts, which means it can execute a root shell.
60ec0dcab5b58dbebac7ed6c99c5cf1fb52f76e5b1a5f3723089e823fc252948This Metasploit module leverages a remote shell upload vulnerability in pfSense pfBlockerNG plugin versions 2.1.4_26 and below. Note that version 3.x is unaffected.
4189e967b6b81ffffd850d9ece99fb550a29985985f2bcf2dcb9de105fffe02cWeb Based Student Clearance version 1.0 suffers from a remote shell upload vulnerability.
ac7df912113c209e4aa92b944d9b94db3f34c974d4195900b8a821b928f931f6WordPress Elementor plugin versions 3.6.0 through 3.6.2 suffer from a remote shell upload vulnerability. This is achieved by sending a request to install Elementor Pro from a user supplied zip file. Any user with Subscriber or more permissions is able to execute this.
0537a61d8c7e168ee93f25ae88cc62b13741cb186c02291ebc2f946f834cd81fGuppY CMS version 6.00.10 suffers from an authenticated remote shell upload vulnerability.
7379f5703f8c8447e89b8393459ce54d04deb30eed715a6df6b281a1b380609bDebian Linux Security Advisory 5229-1 - Two vulnerabilities were discovered in FreeCAD, a CAD/CAM program, which could result in the execution of arbitrary shell commands when opening a malformed file.
e221b714aa252c043fe261bba268b9bb76b8a4565c7895307eb7ff13412d67b8
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed