WordPress AIT CSV Import/Export plugin versions 3.0.3 and below allow unauthenticated remote attackers to upload and execute arbitrary PHP code. The upload-handler does not require authentication, nor validates the uploaded content. It may return an error when attempting to parse a CSV, however the uploaded shell is left. The shell is uploaded to wp-content/uploads/. The plugin is not required to be activated to be exploitable.
c39ac90e0b404ac71d25decc4f495aecWordPress Autoptimize plugin suffers from a remote shell upload vulnerability. The ao_ccss_import AJAX call does not ensure that the file provided is a legitimate zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote code execution.
b411262c32d42ec1cbf7382e1a8f4a37Employee Record System version 1.0 suffers from a remote shell upload vulnerability.
743848822029ae69cea3de6909d752daResponsive E-Learning System version 1.0 suffers from a remote shell upload vulnerability.
34fb807bfbcc5b76646c356f0de6c804Online Learning Management System 1.0 remote command execution exploit. Remote shell upload was already discovered in this version in October of 2020 by Jyotsna Adhana.
f9924d1cbe0095eacec9c93fa6ce973fResumes Management and Job Application Website version 1.0 suffers from a remote shell upload vulnerability.
965020b6096dd5fc5279c3f205e12936Adning Advertising plugin version 1.5.5 suffers from a remote shell upload vulnerability.
4533cad4ba378e377d042ba106f71debVictor CMS version 1.0 suffers from an authenticated remote shell upload vulnerability. A shell upload vulnerability in this version was originally discovered in May of 2020 by Kishan Lal Choudhary.
ea9ec402dba2c583b897d250c5776c88WordPress Contact Form 7 plugin version 5.3.1 suffers from a remote shell upload vulnerability.
fb51b96b8a6834e0059bf0f53bbb280bRed Hat Security Advisory 2020-5605-01 - Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include denial of service and remote shell upload vulnerabilities.
d80cc94dc288f32240fa0de3e6e2b216Alumni Management System version 1.0 suffers from a remote shell upload vulnerability. Original discovery for this vulnerability in this version is attributed to Valerio Alessandroni.
33f05570a0fcaa7f59c66529b0f38940Red Hat Security Advisory 2020-5434-01 - The targetcli package contains an administration shell for configuring Internet Small Computer System Interface, Fibre Channel over Ethernet, and other SCSI targets, using the Target Core Mod/Linux-IO kernel target subsystem. FCoE users also need to install and use the fcoe-utils package.
02b3a817779e433309bbe12539106befAlumni Management System version 1.0 suffers from a remote shell upload vulnerability.
58e5a6073467f6ef3371ca7df9cb3f1bRukovoditel version 2.6.1 remote code execution exploit that leverages shell upload and local file inclusion vulnerabilities.
e2fa9c797d92a57016481570e269e9e5Task Management System version 1.0 suffers from a remote shell upload vulnerability.
108d5bc7b1ec887b810d69669584a122Red Hat Security Advisory 2020-5351-01 - KornShell is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the Bourne shell and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard.
d0c0e105a1db23827e75ce7072db41b9Red Hat Security Advisory 2020-5352-01 - KornShell is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the Bourne shell and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard.
12b6bb5f09185927f265dbab3a4e04a4eClass LMS version 2.6 suffers from a remote shell upload vulnerability.
27ab302a8ee9d1973f951525ce39698fComplaint Management System version 1.0 suffers from a remote shell upload vulnerability.
c7041ac8f36188440071c2ed76b5d17bArtworks Gallery version 1.0 suffers from multiple remote shell upload vulnerabilities.
ca2142a5ef21aa8aad9aa7013aa18a0aCar Rental Management System version 1.0 suffers from a remote shell upload vulnerability.
c42840abea293ce3967f753e3dd1cc6aCar Rental Management System version 1.0 remote SQL injection and shell upload exploit.
7028cda543bffd9460cbc39e018092daRed Hat Security Advisory 2020-4697-01 - The targetcli package contains an administration shell for configuring Internet Small Computer System Interface, Fibre Channel over Ethernet, and other SCSI targets, using the Target Core Mod/Linux-IO kernel target subsystem. FCoE users also need to install and use the fcoe-utils package.
0d55ec9a68eaef13be5664f16d70a5b8PDW File Browser version 1.3 suffers from a remote shell upload vulnerability.
c5d984e11fcc1aa1af9a176e3ea360b0WordPress Simple File List plugin version 5.4 suffers from a remote shell upload vulnerability.
75488258360850a9899dfe59fe7a49df
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed