Gas Agency Management 2022 suffers from cross site scripting, remote SQL injection, and remote shell upload vulnerabilities.
fbd80e45f29f9c744b81fc81cb49905ea0ee4dbf9f49738b949c8e75caba6e49Garage Management System version 1.0 suffers from a remote shell upload vulnerability.
ab0ebb6c87eb34a7a0f252098e28dd19c540d7bd1bf348be3b734685516a5a76Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) versions 1.31.460 and below suffer from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user via the name GET parameter in delsnap.pl Perl/CGI script which is used for deleting snapshots taken from the webcam.
d419b1daf53d0f565d05d6ba8ea75d7ee176ccb9140c55fa6180d7f9532dc155Red Hat Security Advisory 2022-5498-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include HTTP request smuggling, buffer overflow, bypass, code execution, cross site scripting, denial of service, heap overflow, information leakage, privilege escalation, remote shell upload, remote SQL injection, and traversal vulnerabilities.
c0789250da6e85f6ddbf1eff137427983e596902d3fa57015a6fd21b598eac60This is a C language reverse shell generator that is written in Python.
5dd358c97fb9c1f37b759fb43edddae386016d7945cc7d063e37b7e28f9e337fThis script is a great tool for pentesters needing to create reverse shells using either bash or netcat.
6fa1de2937ad42cc30d32f1a0d8144e64791a2c154a8baa4dad7d30634eb9f38Library Management System with QR Code version 1.0 suffers from a remote shell upload vulnerability.
3a8ce351708906e85954acf5c152d09183ea9e79616f36410b16490f39b0edcdUbuntu Security Notice 5459-1 - Aurélien Aptel discovered that cifs-utils invoked a shell when requesting a password. In certain environments, a local attacker could possibly use this issue to escalate privileges. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that cifs-utils incorrectly used host credentials when mounting a krb5 CIFS file system from within a container. An attacker inside a container could possibly use this issue to obtain access to sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
2742ad8c53c8d4078d2663f3a6a291fda0c5b7a8aaddb41246e402f6bb7d11f1This Metasploit module exploits a stack buffer overflow in the Cisco RV series router's SSL VPN functionality. The default SSL VPN configuration is exploitable, with no authentication required and works over the Internet! The stack is executable and no ASLR is in place, which makes exploitation easier. Successful execution of this module results in a reverse root shell. A custom payload is used as Metasploit does not have ARMLE null free shellcode. This vulnerability was presented by the Flashback Team in Pwn2Own Austin 2021 and OffensiveCon 2022. For more information check the referenced advisory. This module has been tested in firmware versions 1.0.03.15 and above and works with around 65% reliability. The service restarts automatically so you can keep trying until you pwn it. Only the RV340 router was tested, but other RV series routers should work out of the box.
619682621429d96cd23a1e1bcd69a008398c5244223265886c52e2e417242d02Red Hat Security Advisory 2022-2120-01 - The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell, but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell functions, a history mechanism, and more.
cad6b69e64623ac3d744ea4e012aea789f4ebb8fab7d528559b72331b27bbf9eRed Hat Security Advisory 2022-1814-01 - GNOME Shell acts as a compositing manager for the desktop, and displays both application windows and other objects. It provides core interface functions like switching windows, launching applications, and notifications. It takes advantage of the capabilities of modern graphics hardware and introduces innovative user interface concepts.
6aef6e9677cf9c1bb55c80d3c53876b94f7260847d6381d799556ac3d7ca711ae107 CMS version 3.2.1 suffers from cross site scripting and arbitrary file upload vulnerabilities that can allow for a shell upload.
3ae8caceae21f93d20493507ca607ad9781c300dc643e858c7c2ac8aa48b23b5WordPress Advanced Uploader plugin versions 4.2 and below suffer from a remote shell upload vulnerability.
d6da47e9cfa89f863bdbab26f72fb5536450efbf87365b7899f665f69f1edd2aThis Metasploit module exploits CVE-2022-22954, an unauthenticated server-side template injection (SSTI) vulnerability in VMware Workspace ONE Access, to execute shell commands as the horizon user.
bf4114fce190a8b9bc1f2bfc2013620b04b05e7030c7cc59f3d685b8db2038b1Tenda HG6 version 3.3.0 suffers from a remote command injection vulnerability. It can be exploited to inject and execute arbitrary shell commands through the pingAddr and traceAddr HTTP POST parameters in formPing, formPing6, formTracert and formTracert6 interfaces.
49f6e50dad2f50c5f9bee5f1105d5092b826a6f5ba27d2193fc00498390e1373Pharmacy Management System version 1.0 suffers from a remote shell upload vulnerability.
2da67c6c7a5c14228149e21e3cff2a8e2b144090f44d0181b62a6d2a34478852WordPress Elementor versions 3.6.0, 3.6.1, and 3.6.2 suffer from a remote shell upload vulnerability.
603237e279a2f8ffe3ece2867c143ddd6adc454ce1a658fa415b646b8ddb139fScriptcase version 9.7 suffers from a remote shell upload vulnerability.
705c580f419afeea2dc499c20aeef237849dd1a83cfc82260fbd3807b7385d36AeroCMS version 0.0.1 suffers from a remote shell upload vulnerability.
0829b922a0f4795f7428d43e52ebfbde5bb95f0c1238d5c58486e8a65f917f8fSimple House Rental System version 1 suffers from a remote shell upload vulnerability.
08758f678f8c4fc418d8d9517c841f053dbffc2e1507149c1a99fb38c15f3933Social Codia SMS version 1 suffers from a remote shell upload vulnerability.
4a7427d4fc0576c982c955ac1f929021a915162dd9065b11a25c19c67f8378b7E-Commerce Website version 1.1.0 suffers from a remote shell upload vulnerability.
1b9bd78010d60aaf601fb90507e50506efc424b988f99536383741a478b15552Musical World version 1 suffers from a remote shell upload vulnerability.
7da6ca366e4aa84857f2f399ff232d8312c64c14435be4d9948bfe5e0166f573E-Commerce Website version 1.0 suffers from a remote shell upload vulnerability.
7a3aaebde457cfdba6fc15fa5c0b8bd1116d56a78bad78ee7de4f9c3d3574ed1PHPGurukul Zoo Management System version 1.0 suffers from a remote shell upload vulnerability.
dca1f178a16cf53e52736d7b787820a9fbabb32e64848116ca5fc2680795d6d7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed