exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 3,241 RSS Feed

Shell Files

Gasmark Pro 1.0 Shell Upload
Posted Mar 18, 2024
Authored by nu11secur1ty

Gasmark Pro version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 74aac3d302e6dccc4a04f4bb3b7f33f7c74952c5fafd68a7b296c174889dd69b
Membership Management System 1.0 SQL Injection / Shell Upload
Posted Mar 15, 2024
Authored by SoSPiro

Membership Management System version 1.0 suffers from remote shell upload and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, sql injection
SHA-256 | bafbc2c7895ab97a3d57de482862b676a744678a894f6abb9103ae63f21b01a1
MetaFox 5.1.8 Shell Upload
Posted Mar 13, 2024
Authored by The Joker

MetaFox versions 5.1.8 and below suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | e2b323542d1ae762fd44f17402386b535064f3b92a9eb3e937211dc86f883e48
MSMS-PHP 1.0 Shell Upload
Posted Mar 13, 2024
Authored by nu11secur1ty

MSMS-PHP version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, php
SHA-256 | 06dd3743528c052502c13e65a54289e54ef53298ff6beb4c6ee8a4810bae36df
DataCube3 1.0 Shell Upload
Posted Mar 11, 2024
Authored by Samy Younsi

DataCube3 version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2024-25830, CVE-2024-25832
SHA-256 | a5ca9dcfc24b6607634b3ccc91b9b2cf12ca8ba0a229101f9e74e14975448d9a
Wallos Shell Upload
Posted Mar 4, 2024
Authored by sML

Wallos versions prior to 1.11.2 suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 77ba729fac9fbd6e562f329a83458d57ae71f13aaf4f55db7da1328097365d1a
Petrol Pump Management System 1.0 Shell Upload
Posted Mar 4, 2024
Authored by Shubham Pandey

Petrol Pump Management System version 1.0 suffers from a remote shell upload vulnerability. This is a variant vector of attack in comparison to the original discovery attributed to SoSPiro in February of 2024.

tags | exploit, remote, shell
advisories | CVE-2024-27747
SHA-256 | 0f0040501420a8f8ddd6c7f12a7f7140cff7687749ef9d7f7d32928b820114f8
Real Estate Management System 1.0 Shell Upload
Posted Mar 4, 2024
Authored by Diyar Saadi

Real Estate Management System version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 839e1e676d2dbd464ca5097616ef9a9bec7bfb837d94aa2a8ab1088675a02115
Linux/x64 XOR (/bin//sh) Shell Creation Shellcode
Posted Feb 28, 2024
Authored by Alexys

55 bytes small Linux/x64 shellcode that create a shell with execve() sending an argument using XOR (/bin//sh).

tags | shell, shellcode
systems | linux
SHA-256 | dd9cd816ff8fe9dd6be1a0a2fe0b49cf0524f491dbdd68c06004dfcc6d90b9b0
WordPress Canto Remote Shell Upload
Posted Feb 27, 2024
Authored by Leopoldo Angulo

WordPress Canto versions prior to 3.0.5 suffer from remote file inclusion and shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, file inclusion
advisories | CVE-2023-3452
SHA-256 | a59ad7feb866d8c5d65a87422165e0d5c276bf4da7b8e83a100a1933f7afdf64
Kafka UI 0.7.1 Command Injection
Posted Feb 20, 2024
Authored by h00die-gr3y, BobTheShopLifter, Thingstad | Site metasploit.com

A command injection vulnerability exists in Kafka UI versions 0.4.0 through 0.7.1 that allows an attacker to inject and execute arbitrary shell commands via the groovy filter parameter at the topic section.

tags | exploit, arbitrary, shell
advisories | CVE-2023-52251
SHA-256 | 1177f100a5a424ec41ea1f0b6efea99c8d820400e1819dbb7bf5253526f7dc02
Petrol Pump Management Software 1.0 Shell Upload
Posted Feb 20, 2024
Authored by SoSPiro

Petrol Pump Management Software version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 17ba90fc439b26fdb9e7248c02187a9cca9a6bc58f83413a24bc776a007f4e2f
Tourism Management System 2.0 Shell Upload
Posted Feb 20, 2024
Authored by SoSPiro

Tourism Management System version 2.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 1ae5b995d0df6c7d5380487c5e7a5f6326a545ef4255195c833afe8afb4e1c6c
Debian Security Advisory 5624-1
Posted Feb 15, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5624-1 - Mate Kukri discovered the Debian build of EDK2, a UEFI firmware implementation, used an insecure default configuration which could result in Secure Boot bypass via the UEFI shell.

tags | advisory, shell
systems | linux, debian
advisories | CVE-2023-48733
SHA-256 | edeab3ca9fb62395b5cb0f4a0f796af3d4f2e0bf05a3127e4d9d601b63ad671c
Adapt CMS 3.0.3 Cross Site Scripting / Shell Upload
Posted Feb 14, 2024
Authored by Andrey Stoykov

Adapt CMS version 3.0.3 suffers from persistent cross site scripting and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss
SHA-256 | ec4109d350da52c327fa8e68529d724cdbaf75ad4605a394f2c19b7289932d0a
WordPress Seotheme Shell Upload
Posted Feb 9, 2024
Authored by Milad Karimi

WordPress Seotheme plugin suffers from a remote shell upload vulnerability. It is unclear which versions are affected.

tags | exploit, remote, shell
SHA-256 | 1ade388b04da4022b843bad94d8d596ef14c15bcdc9e5ca5ea07315175b097cd
WebCatalog 48.4 Arbitrary Protocol Execution / Code Execution
Posted Feb 2, 2024
Authored by ItsSixtyN3in

WebCatalog versions prior to 48.8 call the Electron shell.openExternal function without verifying that the URL is for an http or https resource. This vulnerability allows an attacker to potentially execute code through arbitrary protocols on the victims machine by having users sync pages with malicious URLs. The victim has to interact with the link, which can then enable an attacker to bypass security measures for malicious file delivery.

tags | exploit, web, arbitrary, shell, protocol
advisories | CVE-2023-42222
SHA-256 | 697050685574d8cbeaf2f42aaa7b87535a8f6cf1ec1ce436dac7c65634057623
GL.iNet Unauthenticated Remote Command Execution
Posted Jan 24, 2024
Authored by h00die-gr3y, DZONERZY | Site metasploit.com

A command injection vulnerability exists in multiple GL.iNet network products, allowing an attacker to inject and execute arbitrary shell commands via JSON parameters at the gl_system_log and gl_crash_log interface in the logread module. This Metasploit exploit requires post-authentication using the Admin-Token cookie/sessionID (SID), typically stolen by the attacker. However, by chaining this exploit with vulnerability CVE-2023-50919, one can bypass the Nginx authentication through a Lua string pattern matching and SQL injection vulnerability. The Admin-Token cookie/SID can be retrieved without knowing a valid username and password. Many products are vulnerable.

tags | exploit, arbitrary, shell, sql injection
advisories | CVE-2023-50445, CVE-2023-50919
SHA-256 | b2bca998991626f23b36c98d002d2080249ea5f70d1ddbf836bc60a85c0470df
xbtitFM 4.1.18 SQL Injection / Shell Upload / Traversal
Posted Jan 22, 2024
Authored by Who cares anyway

xbtitFM versions 4.1.18 and below suffer from remote shell upload, remote SQL injection, and path traversal vulnerabilities.

tags | exploit, remote, shell, vulnerability, sql injection, file inclusion
SHA-256 | ef1507c81f76ecec6734de5bc13c14f9dd0d27fd26b16cae52e43d8b56f7e84b
Traceroute 2.1.2 Privilege Escalation
Posted Jan 22, 2024
Authored by g30ff1rl

In Traceroute versions 2.0.12 through to 2.1.2, the wrapper scripts mishandle shell metacharacters, which can lead to privilege escalation if the wrapper scripts are executed via sudo. The affected wrapper scripts include tcptraceroute, tracepath, traceproto, and traceroute-nanog. Version 2.1.3 addresses this issue.

tags | exploit, shell
advisories | CVE-2023-46316
SHA-256 | eee3332e9c084609d76f6804cef55683b3ac0269232445ffe0616c2e821e1a45
Red Hat Security Advisory 2024-0214-03
Posted Jan 17, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0214-03 - An update for python-werkzeug is now available for Red Hat OpenStack Platform 17.1. Issues addressed include denial of service and remote shell upload vulnerabilities.

tags | advisory, remote, denial of service, shell, vulnerability, python
systems | linux, redhat
advisories | CVE-2023-46136
SHA-256 | e72c9c61fc04da0c2c56bb14ee3572f7d800cb7d313211fccb50192eb1de162c
Red Hat Security Advisory 2024-0189-03
Posted Jan 17, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0189-03 - An update for python-werkzeug is now available for Red Hat OpenStack Platform 17.1. Issues addressed include denial of service and remote shell upload vulnerabilities.

tags | advisory, remote, denial of service, shell, vulnerability, python
systems | linux, redhat
advisories | CVE-2023-46136
SHA-256 | 50c2f21eebdf9757eb666fbf646f7701855b330687977003cfb6ff2ba950f45c
Lot Reservation Management System 1.0 Shell Upload
Posted Dec 28, 2023
Authored by Elijah Mandila Syoyi

Lot Reservation Management System version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | e412e93388798209ade400aff41a77ff351847f86f63f4e81db78a35ca5ddef3
Hospital Management System 4.0 XSS / Shell Upload / SQL Injection
Posted Dec 22, 2023
Authored by Louise Ng, Chris Chan

Hospital Management System versions 4.0 and below suffer from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss, sql injection, file upload
advisories | CVE-2020-26627, CVE-2020-26628, CVE-2020-26629, CVE-2020-26630
SHA-256 | 4c4cb4162e1a493a04ab18896d55ef8649d628f41d3426944382f8e72a0ea4f9
Terrapin SSH Connection Weakening
Posted Dec 20, 2023
Authored by Jorg Schwenk, Marcus Brinkmann, Fabian Baumer | Site terrapin-attack.com

In this paper, the authors show that as new encryption algorithms and mitigations were added to SSH, the SSH Binary Packet Protocol is no longer a secure channel: SSH channel integrity (INT-PST) is broken for three widely used encryption modes. This allows prefix truncation attacks where some encrypted packets at the beginning of the SSH channel can be deleted without the client or server noticing it. They demonstrate several real-world applications of this attack. They show that they can fully break SSH extension negotiation (RFC 8308), such that an attacker can downgrade the public key algorithms for user authentication or turn off a new countermeasure against keystroke timing attacks introduced in OpenSSH 9.5. They also identified an implementation flaw in AsyncSSH that, together with prefix truncation, allows an attacker to redirect the victim's login into a shell controlled by the attacker. Related proof of concept code from their github has been added to this archive.

tags | exploit, paper, shell, protocol, proof of concept
advisories | CVE-2023-46445, CVE-2023-46446, CVE-2023-48795
SHA-256 | 3d6be8cc2a9c624a06990226485956c5d92675a632da2182c2546e4af814ff93
Page 1 of 130
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close