Zenphoto CMS versions 1.5.7 and below suffer from a remote shell upload vulnerability.
a2953bf434e2c790793df43f6311240f
Simple Employee Records System version 1.0 suffers from an unauthenticated remote shell upload vulnerability.
d0eef29666b46dd7390d7081cb53a6e9
TestLink version 1.9.20 suffers from a remote shell upload vulnerability.
ae7a82dc9cd277f7eda03cb9961266ca
Online Car Rental version 1.0 suffers from a remote shell upload vulnerability.
16e7dbecfa2fc7c91e9c10a0ab80b747
Car Rental Project version 2.0 suffers from a remote shell upload vulnerability.
931b1766d4fdd75c0bd8596b70a042b6
Online Reviewer System version 1.0 remote shell upload exploit that also leverages a remote SQL injection vulnerability that allows for authentication bypass.
51109808c0a78c3656ec6d9759f49a77
Ubuntu Security Notice 4714-1 - Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code execution. A remote attacker could run arbitrary shell commands by manipulating the processed input stream. It was discovered that XStream was vulnerable to server-side forgery attacks. A remote attacker could request data from internal resources that are not publicly available only by manipulating the processed input stream. Various other issues were also addressed.
3cdeed73f8b46410b7481e928cd50ec1
This Metasploit module exploits an authenticated remote code execution vulnerability in PRTG Network Monitor. Notifications can be created by an authenticated user and can execute scripts when triggered. Due to a poorly validated input on the script name, it is possible to chain it with a user-supplied command allowing command execution under the context of privileged user. The module uses provided credentials to log in to the web interface, then creates and triggers a malicious notification to perform remote code execution using a Powershell payload. It may require a few tries to get a shell because notifications are queued up on the server. This vulnerability affects versions prior to 18.2.39.
60bd8795d3c06d9bcbf5158034587215
WordPress SuperForms plugin version 4.9 suffers from a remote shell upload vulnerability.
133fb86b31b7bb9c43996f7bc1be1913
SonicWall SSL-VPN Exploit shellshock unauthenticated remote code execution exploit that provides a shell as uid nobody.
d0bc2623346993f9d6ff22f57c85558e
142 bytes small Linux/x64 shellcode that binds a password protected shell to TCP 0.0.0.0:4444.
f8b947c4c7650a50507dafa334b79742
Voting System version 1.0 suffers from a remote shell upload vulnerability.
914e629a4a5d9a24d137afe82a7997e2
Church Rota version 2.6.4 suffers from an authenticated remote shell upload vulnerability.
e841fbff38c5cede21d193f544b6a04e
123 bytes small Linux/x64 reverse shell shellcode that connects to TCP/127.1.1.1:4444.
6fdcaaec184d84b16a741d95de7b3961
Cisco UCS Manager version 2.2(1d) remote command execution exploit. An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888.
483ae8252192dee26cf8c9814dc78eb9
Life Insurance Management System version 1.0 suffers from a remote shell upload vulnerability.
c698cf2be2d505e9ebdaf79dc6745a4f
WordPress AIT CSV Import/Export plugin versions 3.0.3 and below allow unauthenticated remote attackers to upload and execute arbitrary PHP code. The upload-handler does not require authentication, nor validates the uploaded content. It may return an error when attempting to parse a CSV, however the uploaded shell is left. The shell is uploaded to wp-content/uploads/. The plugin is not required to be activated to be exploitable.
c39ac90e0b404ac71d25decc4f495aec
WordPress Autoptimize plugin suffers from a remote shell upload vulnerability. The ao_ccss_import AJAX call does not ensure that the file provided is a legitimate zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote code execution.
b411262c32d42ec1cbf7382e1a8f4a37
Employee Record System version 1.0 suffers from a remote shell upload vulnerability.
743848822029ae69cea3de6909d752da
Responsive E-Learning System version 1.0 suffers from a remote shell upload vulnerability.
34fb807bfbcc5b76646c356f0de6c804
Online Learning Management System 1.0 remote command execution exploit. Remote shell upload was already discovered in this version in October of 2020 by Jyotsna Adhana.
f9924d1cbe0095eacec9c93fa6ce973f
Resumes Management and Job Application Website version 1.0 suffers from a remote shell upload vulnerability.
965020b6096dd5fc5279c3f205e12936
Adning Advertising plugin version 1.5.5 suffers from a remote shell upload vulnerability.
4533cad4ba378e377d042ba106f71deb
Victor CMS version 1.0 suffers from an authenticated remote shell upload vulnerability. A shell upload vulnerability in this version was originally discovered in May of 2020 by Kishan Lal Choudhary.
ea9ec402dba2c583b897d250c5776c88
WordPress Contact Form 7 plugin version 5.3.1 suffers from a remote shell upload vulnerability.
fb51b96b8a6834e0059bf0f53bbb280b