Native Church Website version 1.0 suffers from a remote shell upload vulnerability.
dee64438c491f2610eabc5f7febbf30bComposr version 10.0.36 suffers from a remote shell upload vulnerability.
735eb24f76261ce2e85c105910c3e39cScadaBR version 1.0 suffers from multiple remote shell upload vulnerabilities.
8626f1f23af69cc594f9e46083b387d9GetSimple CMS version 3.3.16 cross site scripting to remote shell upload exploit.
3c1d773d613339fb004324bead97e042This Metasploit module exploits the CVE-2020-6207 vulnerability within the SAP EEM servlet of SAP Solution Manager (SolMan) running version 7.2. The vulnerability occurs due to missing authentication checks when submitting a SOAP request to the /EemAdminService/EemAdmin page to get information about connected SMDAgents allowing an attacker to send HTTP requests (SSRF) and execute OS commands on the connected SMDAgent. Works stable in connected SMDAgent with Java version 1.8. Successful exploitation will allow unauthenticated remote attackers to get a reverse shell from connected to the SolMan agent as the user under which it runs SMDAgent service, which is usually daaadm.
1c233a9f84fe24a1f701e2b602123168Development Kamel KCFinder version 1.7 suffers from a remote shell upload vulnerability.
bf6153a4c62e633652255251746f04d7Online Faculty Clearance System version 1.0 suffers from a remote shell upload vulnerability.
79bc85565f117cac4e713d381f853d87Online Reviewer Management System version 1.0 suffers from a remote shell upload vulnerability.
9d3b419524c9b1d3f62ecd6becf032baCMS Made Simple version 2.2.15 suffers from a remote shell upload vulnerability.
dc9c78c07b3ed7e55a1c24a996a4e90dKZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the pingAddr HTTP POST parameter bypassing the injection protection filter.
1a328f5c085e43fdbc6aa762de109b6frConfig version 3.9.6 suffers from a remote shell upload vulnerability.
7068626a36bde3c6ba897ce4012fc020CuteNews version 2.1.2 Avatar upload remote shell upload exploit. Original discovery of remote shell upload in this version is attributed to Ozkan Mustafa Akkus in April of 2019.
2f8e8a2669b12d6dc41eb292c26ca39aAlphaware E-Commerce System version 1.0 suffers from unauthenticated remote shell upload and remote SQL injection vulnerabilities.
6f60573df06c46c975bfa0b3b3aaff4fMonitoring System (Dashboard) version 1.0 suffers from multiple remote code execution vulnerabilities that can be leveraged by malicious shells being uploaded.
6fe62b2299146e49f1d6d5baac2d1d37OpenCMS version 11.0.2 suffers from a remote shell upload vulnerability.
c723d79a8297b3ce3ac3075416c8832fHotel and Lodge Management System version 1.0 suffers from a remote shell upload vulnerability.
d2d8858d968c116baf2c562e946b308dOnline Ordering System version 1.0 suffers from a remote shell upload vulnerability.
05f808849bc20a2901c3aeb914582758Zenphoto CMS versions 1.5.7 and below suffer from a remote shell upload vulnerability.
a2953bf434e2c790793df43f6311240fSimple Employee Records System version 1.0 suffers from an unauthenticated remote shell upload vulnerability.
d0eef29666b46dd7390d7081cb53a6e9TestLink version 1.9.20 suffers from a remote shell upload vulnerability.
ae7a82dc9cd277f7eda03cb9961266caOnline Car Rental version 1.0 suffers from a remote shell upload vulnerability.
16e7dbecfa2fc7c91e9c10a0ab80b747Car Rental Project version 2.0 suffers from a remote shell upload vulnerability.
931b1766d4fdd75c0bd8596b70a042b6Online Reviewer System version 1.0 remote shell upload exploit that also leverages a remote SQL injection vulnerability that allows for authentication bypass.
51109808c0a78c3656ec6d9759f49a77Ubuntu Security Notice 4714-1 - Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code execution. A remote attacker could run arbitrary shell commands by manipulating the processed input stream. It was discovered that XStream was vulnerable to server-side forgery attacks. A remote attacker could request data from internal resources that are not publicly available only by manipulating the processed input stream. Various other issues were also addressed.
3cdeed73f8b46410b7481e928cd50ec1This Metasploit module exploits an authenticated remote code execution vulnerability in PRTG Network Monitor. Notifications can be created by an authenticated user and can execute scripts when triggered. Due to a poorly validated input on the script name, it is possible to chain it with a user-supplied command allowing command execution under the context of privileged user. The module uses provided credentials to log in to the web interface, then creates and triggers a malicious notification to perform remote code execution using a Powershell payload. It may require a few tries to get a shell because notifications are queued up on the server. This vulnerability affects versions prior to 18.2.39.
60bd8795d3c06d9bcbf5158034587215
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed