This Metasploit module lets you create a batch job on HashiCorp's Nomad service to spawn a shell. The default option is to use the raw_exec driver, which runs with high privileges. Development servers and clients explicitly enabling the raw_exec plugin can spawn these type of jobs. Regular exec jobs can be created in a similar fashion at a lower privilege level.
43fcfd455dd3900ac07eb5c17b346b5dRed Hat Security Advisory 2021-2286-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.16. Issues addressed include a remote shell upload vulnerability.
3108f712077cfbeb44524f6cf709fed5OpenEMR version 5.0.1.3 authenticated remote shell upload exploit.
7700613258c55d87cc8689ab8d49b6f7OpenEMR version 5.0.0 authenticated remote shell upload exploit.
12e2029d683e77944af7d9e8015af08dThis Metasploit module allows an attacker with knowledge of the admin password of NSClient++ to start a privileged shell. For this module to work, both web interface of NSClient++ and ExternalScripts feature should be enabled.
ee03ba18004e1e17f2300e870c462d8970 bytes small Linux/x86 shellcode with XOR decoder stub and fstenv MMX FPU spawning a /bin/sh shell.
e253cdb3deeb186f54711db1afcee22eWordPress wpDiscuz plugin version 7.0.4 remote shell upload exploit.
03935e525138dda6961b79bfe756d49dThis Metasploit module exploits an unauthenticated command injection in Cisco HyperFlex HX Data Platform's /storfs-asup endpoint to execute shell commands as the Tomcat user.
84909084ffbe70c31014516f90109679Cisco SD-WAN vManage version 19.2.2 remote root shell proof of concept exploit that leverages multiple vulnerabilities.
a4bd588c350b9a327fc445d03fadab85ProjeQtOr Project Management version 9.1.4 suffers from a remote shell upload vulnerability.
c339c240029d0206837f21f8c4bf2f70Trixbox version 2.8.0.4 has an OS command injection vulnerability that can be leveraged via shell metacharacters in the lang parameter to /maint/modules/home/index.php.
b20a34f5709b4607d3383fa6db1f537fPluck CMS version 4.7.13 suffers from a remote shell upload vulnerability.
8cadd74ca3a154c501a026a5b30e8f90Codiad version 2.8.4 suffers from a remote shell upload vulnerability.
d3aabce9b795faa267d5b779874bdd9dRed Hat Security Advisory 2021-1679-01 - The bash packages provide Bash, which is the default shell for Red Hat Enterprise Linux.
9b994c525fd8e0af524ca1b2adb7681cSubrion CMS version 4.2.1 file upload bypass exploit that uploads a shell.
e874feae0d57f116b1f5a86b2f618f2bPrintable Staff ID Card Creator System version 1.0 suffers from remote shell upload and remote SQL injection vulnerabilities.
4490bd349a0b50e4d7488c7b344af3e9ScadaBR versions 1.0 and 1.1CE authenticated shell upload exploit written for Windows targets.
04c215bbe62a07fd802ce382554daf46ScadaBR versions 1.0 and 1.1CE authenticated shell upload exploit written for Linux targets.
3ad6c1b0c4cf0a0d3c8de295a42f4340This Metasploit module exploits a Perl injection vulnerability in the DjVu ANT parsing code of ExifTool versions 7.44 through 12.23 inclusive. The injection is used to execute a shell command using Perl backticks. The DjVu image can be embedded in a wrapper image using the HasselbladExif EXIF field.
1fba1ff491cb6bf069766f65d4437c6eCustomer Relationship Management (CRM) System version 1.0 suffers from a remote shell upload vulnerability.
fd0485926223aa2206f5546dccf46c64Ubuntu Security Notice 4943-1 - Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code execution. A remote attacker could run arbitrary shell commands by manipulating the processed input stream. This issue affected only affected Ubuntu 20.10. It was discovered that XStream was vulnerable to server-side forgery attacks. A remote attacker could request data from internal resources that are not publicly available only by manipulating the processed input stream. This issue only affected Ubuntu 20.10. Various other issues were also addressed.
a565fe2178a44c21cfecd0d125585112Voting System version 1.0 suffers from a remote shell upload vulnerability.
50bd682d293cd6f65051ddf82595a097Internship Portal Management System version 1.0 suffers from a remote shell upload vulnerability.
0e64d22b012cb716290ae978805da036655 bytes small 64-bit Windows 10 shellcode that injects all processes with Meterpreter reverse shells.
75a126bd35170b68365261ae4f904c66Fog Project version 1.5.9 suffers from a remote shell upload vulnerability.
4137325100e71652f6c4dc385797fd66
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed