Riello UPS systems can have their restricted configuration shell bypassed to gain full underlying operating system access.
6ef7e8370834a1f65507385ad2f9fb981e57f39aa18bf52ca3a727aaa3955839Ubuntu Security Notice 5956-1 - Dawid Golunski discovered that PHPMailer was not properly escaping user input data used as arguments to functions executed by the system shell. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. It was discovered that PHPMailer was not properly escaping characters in certain fields of the code_generator.php example code. An attacker could possibly use this issue to conduct cross-site scripting attacks. This issue was only fixed in Ubuntu 16.04 ESM and Ubuntu 18.04 ESM.
222714e4ee696b2603d69df38c77117f2e5b2027b932d6a069bca47f30bd053cUbuntu Security Notice 5956-2 - USN-5956-1 fixed vulnerabilities in PHPMailer. It was discovered that the fix for CVE-2017-11503 was incomplete. This update fixes the problem. Dawid Golunski discovered that PHPMailer was not properly escaping user input data used as arguments to functions executed by the system shell. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM.
80b3365b80c510d9ed0f8f67ed3b629ab7b2e844952fb217a7a549d591be9150Red Hat Security Advisory 2023-1281-01 - An update for python-werkzeug is now available for Red Hat OpenStack Platform. Issues addressed include a remote shell upload vulnerability.
987d8f013217b57d1857239f6881cfb726cc3c00c621957b53627dccfc7f4cd9Purchase Order Management version 1.0 suffers a remote shell upload vulnerability. Flow details to achieve this are shown in the video link provided.
ebd87a2284147cd2df2e918dac7d56fd2fe8ef6e6817d1b763329b3720bb9d2aRed Hat Security Advisory 2023-1018-01 - An update for python-werkzeug is now available for Red Hat OpenStack Platform 17.0 (Wallaby). Issues addressed include a remote shell upload vulnerability.
6cabeb616cc86e2cbaf9eeff580fc77e5c814243da7ceecee78741afbe444047Osprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the eventFileSelected HTTP GET parameter called by DataLogView.php, EventsView.php and AlarmsView.php scripts.
db0ca77f3b6262f047a41f704f1fbcabf469fa7d9140d8fddf64e48fc5dc7ab1Osprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the userName HTTP POST parameter called by index.php script.
36296eda1780ae0ac70f0164496b08fb374f20a8169546a905c771704b399ab9Osprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the pseudonym HTTP POST parameter called by index.php script.
54e985965675a39585d65ec988986982607117a47b0151caf9326c6cb4e834f8Ubuntu Security Notice 5896-1 - It was discovered that Rack was not properly parsing data when processing multipart POST requests. If a user or automated system were tricked into sending a specially crafted multipart POST request to an application using Rack, a remote attacker could possibly use this issue to cause a denial of service. It was discovered that Rack was not properly escaping untrusted data when performing logging operations, which could cause shell escaped sequences to be written to a terminal. If a user or automated system were tricked into sending a specially crafted request to an application using Rack, a remote attacker could possibly use this issue to execute arbitrary code in the machine running the application.
af959d565a1afe5e24fd2d9a4c8e3f995e944acd8d8d9680416a97273359eee3Debian Linux Security Advisory 5360-1 - Xi Lu discovered that missing input sanitising in Emacs (in etags, the Ruby mode and htmlfontify) could result in the execution of arbitrary shell commands.
82d11ef9e76f7318d8a66038c6614675b087dfdc2b8d50aad0fe55d3dd74b5c7Best POS Management System version 1.0 suffers from a remote shell upload vulnerability.
18380c19144362b994cc7304b96b87275954a1fb405a57ba6bf5c9c56fbabf2dAtrocore version 1.5.25 suffers from a remote shell upload vulnerability.
1e120e6e4db83718cdc98419e2f3e0b8b3116132deeeaf1795649de6a0137546Monitorr version 1.7.6 remote shell upload proof of concept exploit written in Python.
c0040528446da97e96fe4067b3c78e371267bbe3dfac766ad6862a81992f7d59This Metasploit module exploits a bug in io_uring leading to an additional put_cred() that can be exploited to hijack credentials of other processes. This exploit will spawn SUID programs to get the freed cred object reallocated by a privileged process and abuse them to create a SUID root binary that will pop a shell. The dangling cred pointer will, however, lead to a kernel panic as soon as the task terminates and its credentials are destroyed. We therefore detach from the controlling terminal, block all signals and rest in silence until the system shuts down and we get killed hard, just to cry in vain, seeing the kernel collapse. The bug affected kernels from v5.12-rc3 to v5.14-rc7. More than 1 CPU is required for exploitation. Successfully tested against Ubuntu 22.04.01 with kernel 5.13.12-051312-generic.
ddab5b3975fc82e2a23c5e4e05a57af4893abfbc613df02d507c1013c62dc088Debian Linux Security Advisory 5332-1 - Multiple issues were found in Git, a distributed revision control system. An attacker may trigger remote code execution, cause local users into executing arbitrary commands, leak information from the local filesystem, and bypass restricted shell.
da3283ba137fd88f874430e108ec655e6a4a13b1797054b92dadf3a00e03641dRed Hat Security Advisory 2023-0340-01 - The bash packages provide Bash, which is the default shell for Red Hat Enterprise Linux. Issues addressed include a buffer overflow vulnerability.
c4175fcaf8e760446048b0702a788a15a9b75b05bd2cee9ae422f72e0f822ceeFood Ordering System version 2 suffers from a remote shell upload vulnerability.
761ebf82d1e3d77cbb9e3df3aaa127409e8b8765f9bcd58a38d94c86c83af0cfWordPress Slider Revolution plugin versions 4.x.x suffer from a remote shell upload vulnerability.
91ad27d5b8aae997e047295a60a4b87610223abd915335d38e21feaee0c21334Online Food Ordering System version 2.0 suffers from a remote shell upload vulnerability.
ed85146f24b10099cae57f78d6acaf8386a62cc901158ad0489e271b7f3389abDebian Linux Security Advisory 5314-1 - It was discovered that missing input sanitising in the ctags functionality of Emacs may result in the execution of arbitrary shell commands.
8d71031be094dc1bac13e1c7994d1cfcdb0da1ae5dd428700ba4439417aa0081Online Food Ordering System version 2.0 suffers from a remote shell upload vulnerability.
79d4531d706ef446604fb8038c79402773af79beb3b81e0c9574ec534b5d9ec8WordPress Slider Revolution plugin version 4.6.5 suffers from a remote shell upload vulnerability.
4e8cadbe4d270676c58df50959e60ad62c48e787dbed667844e8a8eda46f121aDebian Linux Security Advisory 5310-1 - It was discovered that ruby-image-processing, a ruby package that provides higher-level image processing helpers, is prone to a remote shell execution vulnerability when using the #apply method to apply a series of operations coming from unsanitized user input.
9114837e45c7440099d3923f2a43991909f94c975f31c25f4230d59e7dc5f0faSugarCRM versions up to 12.2.0 suffer from a remote shell upload vulnerability.
74cace1b6e9afc52d16c5afdcecc42e3abd20dc7f1ccb5629f3f64b72179e905
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed