what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 3,319 RSS Feed

Shell Files

ABB Cylon Aspect 3.08.00 yumSettings.php Command Injection
Posted Oct 14, 2024
Authored by LiquidWorm | Site zeroscience.mk

ABB Cylon Aspect version 3.08.00 suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the PROXY HTTP POST parameter called by the yumSettings.php script.

tags | exploit, web, arbitrary, shell, php
SHA-256 | 745fecf29b9b2473e58492b59fb0c9e867cdd58cc5a3ecbb448313aaa681f34e
Vivo Fibra Askey RTF8225VW Command Execution
Posted Oct 14, 2024
Authored by takashi

The Vivo Fibra Askey RTF8225VW modem suffers from an input validation vulnerability that allows for full escalation to a functioning shell once logged in and using the restricted aspsh shell.

tags | exploit, shell
SHA-256 | edf855b06c71dfe99f294649be53aad56d922600786e0dd75e802740e673d599
WordPress File Manager Advanced Shortcode 2.3.2 Code Injectin / Shell Upload
Posted Oct 14, 2024
Authored by indoushka

WordPress File Manager Advanced Shortcode plugin version 2.3.2 suffers from a code injection vulnerability that allows for remote shell upload.

tags | exploit, remote, shell
SHA-256 | c3c91c881eefe624d3d7dfab709897221d26c0579d2ee6152e7b82b5bc372b7c
ABB Cylon Aspect 3.08.00 dialupSwitch.php Remote Code Execution
Posted Oct 11, 2024
Authored by LiquidWorm | Site zeroscience.mk

ABB Cylon Aspect version 3.08.00 suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the MODEM HTTP POST parameter called by the dialupSwitch.php script.

tags | exploit, web, arbitrary, shell, php
SHA-256 | a4086eec7a5ee5c9db9cd5f10469f947a7061c1d4d1d322d7820c84737b04b5e
Artica Proxy 4.40 Code Injection
Posted Oct 11, 2024
Authored by indoushka

Artica Proxy version 4.40 suffers from a code injection vulnerability that provides a reverse shell.

tags | exploit, shell
SHA-256 | c1517d7efd5b58efb0947f3e574c94e4dff36e9127ec54ebd5658e96d60b3efb
ABB Cylon Aspect 3.08.00 syslogSwitch.php Remote Code Execution
Posted Oct 7, 2024
Authored by LiquidWorm | Site zeroscience.mk

ABB Cylon Aspect versions 3.08.00 and below suffer from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the SYSLOG HTTP POST parameter called by the syslogSwitch.php script.

tags | exploit, web, arbitrary, shell, php
SHA-256 | bd108fa7ce900744b1676f5426423c1034cfcf86df1a6c72f006197b3c7c4616
ABB Cylon Aspect 3.08.01 caldavUtil.php Remote Code Execution
Posted Oct 7, 2024
Authored by LiquidWorm | Site zeroscience.mk

ABB Cylon Aspect versions 3.08.01 and below suffer from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the Footer HTTP POST parameter called by the caldavUtil.php script.

tags | exploit, web, arbitrary, shell, php
SHA-256 | 8a578a88dc628bdf9030f24dfeb5efed5a2916122d7b2c6617ee5215c5c7a0d4
ABB Cylon Aspect 3.08.00 setTimeServer.php Remote Code Execution
Posted Oct 7, 2024
Authored by LiquidWorm | Site zeroscience.mk

ABB Cylon Aspect versions 3.08.00 and below suffer from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the timeserver HTTP POST parameter called by the setTimeServer.php script.

tags | exploit, web, arbitrary, shell, php
SHA-256 | 7a951ff7fa25dce192577e79009a2ecc161d07c5d3e93a4698034aee54606ea7
MD-Pro 1.0.76 Shell Upload / SQL Injection
Posted Oct 4, 2024
Authored by Emiliano Febbi

MD-Pro version 1.0.76 suffers from remote SQL injection and shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, sql injection
SHA-256 | b641856919de4d5b0a61bc35a8e30fb6042f78f529af33b52af81ec5d5f73c4e
Ubuntu Security Notice USN-7052-1
Posted Oct 3, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7052-1 - It was discovered that GNOME Shell mishandled extensions that fail to reload, possibly leading to extensions staying enabled on the lock screen. An attacker could possibly use this issue to launch applications, view sensitive information, or execute arbitrary commands. It was discovered that the GNOME Shell incorrectly handled certain keyboard inputs. An attacker could possibly use this issue to invoke keyboard shortcuts, and potentially other actions while the workstation was locked.

tags | advisory, arbitrary, shell
systems | linux, ubuntu
advisories | CVE-2017-8288, CVE-2019-3820
SHA-256 | d145ca7fe21493de973870eec17c6d14d6d8ba7536b1cb88569b36730ddfee8c
VICIdial Authenticated Remote Code Execution
Posted Oct 1, 2024
Authored by Valentin Lobstein, Jaggar Henry | Site metasploit.com

An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective.

tags | exploit, arbitrary, shell, root
advisories | CVE-2024-8504
SHA-256 | 2328f6faa4b6ae3ca330a27bb8694e1604bd747c455740abb7e147c4bd02a379
Simple College Website 1.0 Shell Upload
Posted Sep 27, 2024
Authored by indoushka

Simple College Website version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 9743abd528fa884cba34b2d978d020f289c933601ad38b93dad5abca4a9f1f59
Ubuntu Security Notice USN-7036-1
Posted Sep 26, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7036-1 - It was discovered that Rack was not properly parsing data when processing multipart POST requests. If a user or automated system were tricked into sending a specially crafted multipart POST request to an application using Rack, a remote attacker could possibly use this issue to cause a denial of service. It was discovered that Rack was not properly escaping untrusted data when performing logging operations, which could cause shell escaped sequences to be written to a terminal. If a user or automated system were tricked into sending a specially crafted request to an application using Rack, a remote attacker could possibly use this issue to execute arbitrary code in the machine running the application.

tags | advisory, remote, denial of service, arbitrary, shell
systems | linux, ubuntu
advisories | CVE-2022-30122, CVE-2022-30123, CVE-2022-44572, CVE-2023-27530, CVE-2023-27539, CVE-2024-25126, CVE-2024-26141, CVE-2024-26146
SHA-256 | c4acd1ffc8ca871047fb8a39618d9c0b95465770474d22abee717b0b2de788ad
ABB Cylon Aspect 3.07.00 Remote Code Execution
Posted Sep 25, 2024
Authored by LiquidWorm | Site zeroscience.mk

The ABB Cylon Aspect version 3.07.00 BMS/BAS controller suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the host HTTP GET parameter called by networkDiagAjax.php script.

tags | exploit, web, arbitrary, shell, php
advisories | CVE-2023-0636
SHA-256 | 8123a5d0a4c6fa336d0b765079abb5168cf0f686b24baa715db1e55915f315fe
Dockwatch Remote Command Execution
Posted Sep 17, 2024
Authored by Jeremy Brown

Dockwatch is a container management web UI for docker. It runs by default without authentication, although guidance is available for how to setup credentials for access. It has a Commands feature that allows a user to run docker commands such as inspect, network, ps. Prior to fix, it did not restrict input for parameters, so both container and parameters for the dockerInspect command were vulnerable to shell command injection on the container as the abc user with (limited) command output. See commits 23df366 and c091e4c for fixes.

tags | exploit, web, shell
SHA-256 | 4dc88e4bbab7011783c0ecfab89efa0414dbb5928fb33b19bb6580f2eaabe3c2
Ubuntu Security Notice USN-6560-3
Posted Sep 17, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6560-3 - USN-6560-2 fixed a vulnerability in OpenSSH. This update provides the corresponding update for Ubuntu 16.04 LTS. It was discovered that OpenSSH incorrectly handled user names or host names with shell metacharacters. An attacker could possibly use this issue to perform OS command injection.

tags | advisory, shell
systems | linux, ubuntu
advisories | CVE-2023-51385
SHA-256 | d79217f3c4179c2615288ef92644ea2a7503ce8dc66a1ea3994cfdb65236cdfb
QNX Qconn Command Execution
Posted Sep 12, 2024
Authored by Brendan Coles, Mor!p3r, David Odell | Site metasploit.com

This Metasploit module uses the qconn daemon on QNX systems to gain a shell. The QNX qconn daemon does not require authentication and allows remote users to execute arbitrary operating system commands. This Metasploit module has been tested successfully on QNX Neutrino 6.5.0 (x86) and 6.5.0 SP1 (x86).

tags | exploit, remote, arbitrary, shell, x86
SHA-256 | 217c97be589524ea77431218332eff5e82efabdd6dfa3503ed0ddab691480814
VICIdial 2.14-917a Remote Code Execution
Posted Sep 11, 2024
Authored by Jaggar Henry | Site korelogic.com

An attacker with authenticated access to VICIdial version 2.14-917a as an agent can execute arbitrary shell commands as the root user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective.

tags | exploit, arbitrary, shell, root
advisories | CVE-2024-8504
SHA-256 | 6b4666c70098b4747658896c605a4f2b8c41c41c51144da20cf5be37e90a20b0
Queuing Simple Chatbot 1.0 Shell Upload
Posted Sep 11, 2024
Authored by indoushka

Queuing Simple Chatbot version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, file upload
SHA-256 | 1ac1abe713bae44f313173560ae4b2399dcbac5f41ce3ca8ddd25b5daa57b3ff
Profiling System 1.0 Shell Upload
Posted Sep 11, 2024
Authored by indoushka

Profiling System version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 63f7cdb039e829c25285d0ad8ecd14b888386b6d2f06ebc4b1945e056ed8cd64
Online Marriage Registration System 1.0 Shell Upload
Posted Sep 10, 2024
Authored by indoushka

Online Marriage Registration System version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 990ace207073f604556500939f13df158bf2dfab39adaff554b8e9d0500f40f9
C-MOR Video Surveillance 5.2401 Remote Shell Upload
Posted Sep 6, 2024
Authored by Matthias Deeg, Chris Beiter, Frederik Beimgraben | Site syss.de

C-MOR Video Surveillance version 5.2401 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2024-45171
SHA-256 | 787e5049c9d126f909aa923e05bb07cd07413bc5154345d71f346e74ec5c9114
Travel 1.0 Shell Upload
Posted Sep 6, 2024
Authored by indoushka

Travel version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | e1c910902237872a9a7ebb40f19760f24f84f89e4b7e66a2979867c3d7860ef2
Online Travel Agency System 1.0 Shell Upload
Posted Sep 4, 2024
Authored by indoushka

Online Travel Agency System version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | e1c910902237872a9a7ebb40f19760f24f84f89e4b7e66a2979867c3d7860ef2
IntelliNet 2.0 Remote Root
Posted Sep 2, 2024
Authored by Jean Pereira

Zero day remote root exploit for IntelliNet version 2.0. It affects multiple devices of AES Corp and Siemens. The exploit provides a remote shell and escalates your permissions to full root permissions by abusing exec_suid. No authentication needed at all, neither any interaction from the victim. The firmware affected by this exploit runs on fire alarms, burglar sensors and environmental devices, all on the internet, all vulnerable, no patch. Full control over hardware and software with no restrictions, you can manipulate battery voltage and even damage the hardware with unknown outcomes.

tags | exploit, remote, shell, root
SHA-256 | 03f6a27dff52d1325441a14044dae92e43735378844d284aa4a56aa28a72abe1
Page 1 of 133
Back12345Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    14 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close