exploit the possibilities
Showing 1 - 25 of 3,000 RSS Feed

Shell Files

WordPress Smart Product Review 1.0.4 Shell Upload
Posted Nov 17, 2021
Authored by Keyvan Hardani

WordPress Smart Product Review plugin versions 1.0.4 and below suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 161936cf087f98580dab17309058c9b7
GitLab 13.10.2 Remote Code Execution
Posted Nov 17, 2021
Authored by Jacob Baines

GitLab version 13.10.2 remote code execution exploit that provides a reverse shell.

tags | exploit, remote, shell, code execution
advisories | CVE-2021-22204, CVE-2021-22205
MD5 | a203e85e39e4798bc3ada54cb3cc7271
Red Hat Security Advisory 2021-4702-01
Posted Nov 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4702-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include XML injection, code execution, denial of service, information leakage, local file inclusion, man-in-the-middle, memory leak, open redirection, password leak, remote file inclusion, remote shell upload, and traversal vulnerabilities.

tags | advisory, remote, denial of service, shell, local, vulnerability, code execution, memory leak, file inclusion
systems | linux, redhat
advisories | CVE-2019-14853, CVE-2019-14859, CVE-2019-25025, CVE-2020-14343, CVE-2020-26247, CVE-2020-8130, CVE-2020-8908, CVE-2021-20256, CVE-2021-21330, CVE-2021-22885, CVE-2021-22902, CVE-2021-22904, CVE-2021-28658, CVE-2021-29509, CVE-2021-31542, CVE-2021-32740, CVE-2021-33203, CVE-2021-33503, CVE-2021-33571, CVE-2021-3413, CVE-2021-3494
MD5 | 15d37f280e159b35ed6469b1f97ed672
Sitecore Experience Platform (XP) Remote Code Execution
Posted Nov 16, 2021
Authored by gwillcox-r7, AssetNote | Site metasploit.com

This Metasploit module exploits a deserialization vulnerability in the Report.ashx page of Sitecore XP 7.5 to 7.5.2, 8.0 to 8.0.7, 8.1 to 8.1.3, and 8.2 to 8.2.7. Versions 7.2.6 and earlier and 9.0 and later are not affected. The vulnerability occurs due to Report.ashx's handler, located in Sitecore.Xdb.Client.dll under the Sitecore.sitecore.shell.ClientBin.Reporting.Report definition, having a ProcessRequest() handler that calls ProcessReport() with the context of the attacker's request without properly checking if the attacker is authenticated or not. This request then causes ReportDataSerializer.DeserializeQuery() to be called, which will end up calling the DeserializeParameters() function of Sitecore.Analytics.Reporting.ReportDataSerializer, if a "parameters" XML tag is found in the attacker's request. Then for each subelement named "parameter", the code will check that it has a name and if it does, it will call NetDataContractSerializer().ReadObject on it. NetDataContractSerializer is vulnerable to deserialization attacks and can be trivially exploited by using the TypeConfuseDelegate gadget chain. By exploiting this vulnerability, an attacker can gain arbitrary code execution as the user that IIS is running as, aka NT AUTHORITY\NETWORK SERVICE. Users can then use technique 4 of the "getsystem" command to use RPCSS impersonation and get SYSTEM level code execution.

tags | exploit, arbitrary, shell, code execution
advisories | CVE-2021-42237
MD5 | cdadfd61899fe57ebdfb290f0c923b2b
Ubuntu Security Notice USN-5147-1
Posted Nov 15, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5147-1 - It was discovered that Vim incorrectly handled permissions on the .swp file. A local attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 14.04 ESM. It was discovered that Vim incorrectly handled restricted mode. A local attacker could possibly use this issue to bypass restricted mode and execute arbitrary commands. Note: This update only makes executing shell commands more difficult. Restricted mode should not be considered a complete security measure. This issue only affected Ubuntu 14.04 ESM. Various other issues were also addressed.

tags | advisory, arbitrary, shell, local
systems | linux, ubuntu
advisories | CVE-2017-17087, CVE-2019-20807, CVE-2021-3872, CVE-2021-3903, CVE-2021-3927, CVE-2021-3928
MD5 | d7794bd2d9ad6ef2605e1615e1edac8d
Aerohive NetConfig 10.0r8a Local File Inclusion / Remote Code Execution
Posted Nov 12, 2021
Authored by Erik Wynter, Erik de Jong | Site metasploit.com

This Metasploit module exploits local file inclusion and log poisoning vulnerabilities (CVE-2020-16152) in Aerohive NetConfig, version 10.0r8a build-242466 and older in order to achieve unauthenticated remote code execution as the root user. NetConfig is the Aerohive/Extreme Networks HiveOS administrative webinterface. Vulnerable versions allow for LFI because they rely on a version of PHP 5 that is vulnerable to string truncation attacks. This module leverages this issue in conjunction with log poisoning to gain remote code execution as root. Upon successful exploitation, the Aerohive NetConfig application will hang for as long as the spawned shell remains open. Closing the session should render the application responsive again. The module provides an automatic cleanup option to clean the log. However, this option is disabled by default because any modifications to the /tmp/messages log, even via sed, may render the target (temporarily) unexploitable. This state can last over an hour. This module has been successfully tested against Aerohive NetConfig versions 8.2r4 and 10.0r7a.

tags | exploit, remote, shell, local, root, php, vulnerability, code execution, file inclusion
advisories | CVE-2020-16152
MD5 | 70c6dcfbe8cd1056d848f4af42f66776
Codiad 2.8.4 Shell Upload
Posted Nov 2, 2021
Authored by P4p4_M4n3

Codiad version 2.8.4 remote reverse shell upload exploit. Original discovery of code execution in this version is attributed to WangYihang in 2018.

tags | exploit, remote, shell, code execution
MD5 | 221c2c5e5a6e53dff35451f35d9e550e
Sophos UTM WebAdmin SID Command Injection
Posted Oct 28, 2021
Authored by wvu, Justin Kennedy | Site metasploit.com

This Metasploit module exploits an SID-based command injection in Sophos UTM's WebAdmin interface to execute shell commands as the root user.

tags | exploit, shell, root
advisories | CVE-2020-25223
MD5 | 450a9936d144b1ecd0f7e57c243bf4a9
Online Student Admission System 1.0 SQL Injection / Shell Upload
Posted Oct 25, 2021
Authored by Gerard Carbonell

Online Student Admission System version 1.0 suffers from remote SQL injection and shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, sql injection
advisories | CVE-2021-37371, CVE-2021-37372
MD5 | 7c229a5b9a8e0f3ef87c71a68a2a9b33
Engineers Online Portal 1.0 Shell Upload
Posted Oct 23, 2021
Authored by SadKris

Engineers Online Portal version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2021-42671
MD5 | 0b750d8a34a7cb1264a710eafc36a645
Clinic Management System 1.0 Code Execution / SQL Injection
Posted Oct 22, 2021
Authored by Pablo Santiago

Clinic Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for a shell upload.

tags | exploit, remote, shell, sql injection
MD5 | 89d48af5619424e600f5f3f549e39af5
TextPattern CMS 4.8.7 Shell Upload
Posted Oct 14, 2021
Authored by Mert Das

TextPattern CMS version 4.8.7 suffers from an authenticated remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | a48c73645293b99b6fbcfeb552bf7cc4
Moodle Authenticated Spelling Binary Remote Code Execution
Posted Oct 12, 2021
Authored by Brandon Perry | Site metasploit.com

Moodle allows an authenticated user to define spellcheck settings via the web interface. The user can update the spellcheck mechanism to point to a system-installed aspell binary. By updating the path for the spellchecker to an arbitrary command, an attacker can run arbitrary commands in the context of the web application upon spellchecking requests. This Metasploit module also allows an attacker to leverage another privilege escalation vuln. Using the referenced XSS vuln, an unprivileged authenticated user can steal an admin sesskey and use this to escalate privileges to that of an admin, allowing the module to pop a shell as a previously unprivileged authenticated user. This module was tested against Moodle version 2.5.2 and 2.2.3.

tags | exploit, web, arbitrary, shell
advisories | CVE-2013-3630, CVE-2013-4341
MD5 | 92a400708d6b383cfe2f1bd0d3314d11
Cypress Solutions CTM-200 2.7.1 Root Remote OS Command Injection
Posted Oct 11, 2021
Authored by LiquidWorm | Site zeroscience.mk

Cypress Solutions CTM-200 wireless gateway version 2.7.1 suffers from an authenticated semi-blind OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'ctm-config-upgrade.sh' script leveraging the 'fw_url' POST parameter used in the cmd upgreadefw as argument, called by ctmsys() as pointer to execv() and make_wget_url() function to the wget command in /usr/bin/cmdmain ELF binary.

tags | exploit, arbitrary, shell, root
MD5 | 5443c1ca578d802c9f7cf55428781490
Aviatrix Controller 6.x Path Traversal / Code Execution
Posted Oct 11, 2021
Authored by 0xJoyGhosh

Aviatrix Controller versions 6.x prior to 6.5-1804.1922 shell upload exploit that leverages a directory traversal vulnerability.

tags | exploit, shell
advisories | CVE-2021-40870
MD5 | c9d98e50193dc69bebb982a539da15c7
VMware vCenter Server Analytics (CEIP) Service File Upload
Posted Oct 7, 2021
Authored by VMware, Derek Abdine, wvu, Sergey Gerasimov, George Noseevich | Site metasploit.com

This Metasploit module exploits a file upload in VMware vCenter Server's analytics/telemetry (CEIP) service to write a system crontab and execute shell commands as the root user. Note that CEIP must be enabled for the target to be exploitable by this module. CEIP is enabled by default.

tags | exploit, shell, root, file upload
advisories | CVE-2021-22005
MD5 | d46c0245ccc36fc657f9f4ef1767092a
Online Traffic Offense Management System 1.0 Shell Upload
Posted Oct 7, 2021
Authored by Hubert Wojciechowski

Online Traffic Offense Management System version 1.0 suffers from multiple remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability
MD5 | 49a9a35505dbb9ef31bd821563cd591f
WordPress MStore API 2.0.6 Shell Upload
Posted Oct 5, 2021
Authored by spacehen

WordPress MStore API plugin version 2.0.6 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 6e3f0552b63e3cd586048101955060f8
Vehicle Service Managment System 1.0 Shell Upload
Posted Oct 4, 2021
Authored by Richard Jones

Vehicle Service Management System version 1.0 unauthenticated remote shell upload exploit that uses authentication bypass with SQL injection.

tags | exploit, remote, shell, sql injection
MD5 | 243eaba5d6291c10ea45e14a67617fbf
Pet Shop Management System 1.0 Privilege Escalation / Shell Upload
Posted Oct 4, 2021
Authored by Oscar Gutierrez

Pet Shop Management System version 1.0 suffers from privilege escalation and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability
MD5 | 210c02bde43decbb2a8119311298118b
Vehicle Service Management System 1.0 Shell Upload
Posted Oct 1, 2021
Authored by Fikrat Ghuliev

Vehicle Service Management System version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 01d3085f8bd760fde3397a0c284829f2
Pet Shop Management System 1.0 Shell Upload
Posted Sep 29, 2021
Authored by Mr.Gedik

Pet Shop Management System version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 627f1d99e1a6128d4f0c6fe3fd446a5b
Storage Unit Rental Management System 1.0 Shell Upload
Posted Sep 29, 2021
Authored by Fikrat Ghuliev

Storage Unit Rental Management System version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 5421a7893a6512edbf13aa29036effff
WordPress 3DPrint Lite 1.9.1.4 Shell Upload
Posted Sep 23, 2021
Authored by spacehen

WordPress 3DPrint Lite plugin version 1.9.1.4 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | df05024a490ce087dd2a9ea5257bf09c
E-Negosyo System 1.0 Shell Upload
Posted Sep 22, 2021
Authored by Janik Wehrli

E-Negosyo System version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | f0d85a1322ee67d65a1f75316c55eebc
Page 1 of 120
Back12345Next

File Archive:

November 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    19 Files
  • 2
    Nov 2nd
    25 Files
  • 3
    Nov 3rd
    8 Files
  • 4
    Nov 4th
    7 Files
  • 5
    Nov 5th
    24 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    0 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    106 Files
  • 11
    Nov 11th
    19 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    18 Files
  • 16
    Nov 16th
    12 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    12 Files
  • 19
    Nov 19th
    4 Files
  • 20
    Nov 20th
    2 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    14 Files
  • 24
    Nov 24th
    19 Files
  • 25
    Nov 25th
    4 Files
  • 26
    Nov 26th
    1 Files
  • 27
    Nov 27th
    4 Files
  • 28
    Nov 28th
    1 Files
  • 29
    Nov 29th
    11 Files
  • 30
    Nov 30th
    7 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close