exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 3,245 RSS Feed

Shell Files

Red Hat Security Advisory 2024-0189-03
Posted Jan 17, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0189-03 - An update for python-werkzeug is now available for Red Hat OpenStack Platform 17.1. Issues addressed include denial of service and remote shell upload vulnerabilities.

tags | advisory, remote, denial of service, shell, vulnerability, python
systems | linux, redhat
advisories | CVE-2023-46136
SHA-256 | 50c2f21eebdf9757eb666fbf646f7701855b330687977003cfb6ff2ba950f45c
Lot Reservation Management System 1.0 Shell Upload
Posted Dec 28, 2023
Authored by Elijah Mandila Syoyi

Lot Reservation Management System version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | e412e93388798209ade400aff41a77ff351847f86f63f4e81db78a35ca5ddef3
Hospital Management System 4.0 XSS / Shell Upload / SQL Injection
Posted Dec 22, 2023
Authored by Louise Ng, Chris Chan

Hospital Management System versions 4.0 and below suffer from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss, sql injection, file upload
advisories | CVE-2020-26627, CVE-2020-26628, CVE-2020-26629, CVE-2020-26630
SHA-256 | 4c4cb4162e1a493a04ab18896d55ef8649d628f41d3426944382f8e72a0ea4f9
Terrapin SSH Connection Weakening
Posted Dec 20, 2023
Authored by Jorg Schwenk, Marcus Brinkmann, Fabian Baumer | Site terrapin-attack.com

In this paper, the authors show that as new encryption algorithms and mitigations were added to SSH, the SSH Binary Packet Protocol is no longer a secure channel: SSH channel integrity (INT-PST) is broken for three widely used encryption modes. This allows prefix truncation attacks where some encrypted packets at the beginning of the SSH channel can be deleted without the client or server noticing it. They demonstrate several real-world applications of this attack. They show that they can fully break SSH extension negotiation (RFC 8308), such that an attacker can downgrade the public key algorithms for user authentication or turn off a new countermeasure against keystroke timing attacks introduced in OpenSSH 9.5. They also identified an implementation flaw in AsyncSSH that, together with prefix truncation, allows an attacker to redirect the victim's login into a shell controlled by the attacker. Related proof of concept code from their github has been added to this archive.

tags | exploit, paper, shell, protocol, proof of concept
advisories | CVE-2023-46445, CVE-2023-46446, CVE-2023-48795
SHA-256 | 3d6be8cc2a9c624a06990226485956c5d92675a632da2182c2546e4af814ff93
osCommerce 4.13-60075 Shell Upload
Posted Dec 15, 2023
Authored by nu11secur1ty

osCommerce version 4.13-60075 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | ec2851de45716323cc9586ace2e5ab5f4c1232d38a2afff9df61187983d1047d
Splunk XSLT Upload Remote Code Execution
Posted Dec 12, 2023
Authored by h00die, Valentin Lobstein, nathan | Site metasploit.com

This Metasploit module exploits a remote code execution vulnerability in Splunk Enterprise. The affected versions include 9.0.x before 9.0.7 and 9.1.x before 9.1.2. The exploitation process leverages a weakness in the XSLT transformation functionality of Splunk. Successful exploitation requires valid credentials, typically admin:changeme by default. The exploit involves uploading a malicious XSLT file to the target system. This file, when processed by the vulnerable Splunk server, leads to the execution of arbitrary code. The module then utilizes the runshellscript capability in Splunk to execute the payload, which can be tailored to establish a reverse shell. This provides the attacker with remote control over the compromised Splunk instance. The module is designed to work seamlessly, ensuring successful exploitation under the right conditions.

tags | exploit, remote, arbitrary, shell, code execution
advisories | CVE-2023-46214
SHA-256 | ea31fbcf387f710ebb5a4b9243ec8009edb093af5bce5d17f8b759e679c83bdf
Kopage Website Builder 4.4.15 Shell Upload
Posted Dec 8, 2023
Authored by nu11secur1ty

Kopage Website Builder version 4.4.15 appears to suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | c7c044286a2574e2349a91e45670f2ab02c5df6ed10e4f242160211e6c892661
CE Phoenixcart 1.0.8.20 Shell Upload
Posted Dec 6, 2023
Authored by nu11secur1ty

CE Phoenixcart version 1.0.8.20 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 07b363b061bd5168064a8bc9eb0e871c0ae4e8d96a0a87798b419cec452c6070
WBCE CMS 1.6.1 Shell Upload
Posted Dec 1, 2023
Authored by tmrswrr

WBCE CMS version 1.6.1 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 7695de4e35509e1c4db3c4076032af2a7d6631056618550d68d670c15cf66962
Online Student Clearance System 1.0 Shell Upload
Posted Nov 30, 2023
Authored by Akash Pandey

Online Student Clearance System versions 1.0 and below suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2022-3436
SHA-256 | c55fe1c8bc487499e2a14d9993102c3a4e9ac0513d390be3458030a9f0aec021
WordPress Royal Elementor Addons And Templates Remote Shell Upload
Posted Nov 29, 2023
Authored by Valentin Lobstein, Fioravante Souza | Site metasploit.com

WordPress Royal Elementor Addons and Templates plugin versions prior to 1.3.79 suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2023-5360
SHA-256 | 514871b05ceb1ed65e97c420f4e9a96957ce2443102fd59ba2de86664048ea50
CSZ CMS 1.3.0 Shell Upload
Posted Nov 25, 2023
Authored by tmrswrr

CSZ CMS version 1.3.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | b8f0f3c59686781c297f072ed9c3ca2896c1c6ea8f3916447a7e73c9086eb19a
F5 BIG-IP TMUI Directory Traversal / File Upload / Code Execution
Posted Nov 14, 2023
Authored by wvu, Mikhail Klyuchnikov | Site metasploit.com

This Metasploit module exploits a directory traversal in F5's BIG-IP Traffic Management User Interface (TMUI) to upload a shell script and execute it as the Unix root user. Unix shell access is obtained by escaping the restricted Traffic Management Shell (TMSH). The escape may not be reliable, and you may have to run the exploit multiple times. Versions 11.6.1-11.6.5, 12.1.0-12.1.5, 13.1.0-13.1.3, 14.1.0-14.1.2, 15.0.0, and 15.1.0 are known to be vulnerable. Fixes were introduced in 11.6.5.2, 12.1.5.2, 13.1.3.4, 14.1.2.6, and 15.1.0.4. Tested against the VMware OVA release of 14.1.2.

tags | exploit, shell, root
systems | unix
advisories | CVE-2020-5902
SHA-256 | 9f3da84fe52bba475dcd0252ca14c6e0af76dd98df5d1edaaccc7c9a737db2bb
SugarCRM 13.0.1 Shell Upload
Posted Oct 27, 2023
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions 13.0.1 and below suffer from a remote shell upload vulnerability in the set_note_attachment SOAP call.

tags | exploit, remote, shell
SHA-256 | f051a516487d8fd4a224aa9c883a0ab530f400da930805694f2f73cbeae5a487
Debian Security Advisory 5530-1
Posted Oct 23, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5530-1 - Several vulnerabilities were discovered in ruby-rack, a modular Ruby webserver interface, which may result in denial of service and shell escape sequence injection.

tags | advisory, denial of service, shell, vulnerability, ruby
systems | linux, debian
advisories | CVE-2022-30122, CVE-2022-30123, CVE-2022-44570, CVE-2022-44571, CVE-2022-44572, CVE-2023-27530, CVE-2023-27539
SHA-256 | 1d720695b79a166118349cbe5f4050069000900a5d5b9d9439ed4da692cb559f
WordPress Royal Elementor 1.3.78 Shell Upload
Posted Oct 16, 2023
Authored by Fioravante Souza | Site wordfence.com

WordPress Royal Elementor plugin versions 1.3.78 and below suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2023-5360
SHA-256 | 75ad1e0b13ce523e2824530b0e478c185738d3854be5c82a387c52d974cbc3c4
Zoo Management System 1.0 Shell Upload
Posted Oct 16, 2023
Authored by Cagatay Ceyhan

Zoo Management System version 1.0 suffers from a remote shell upload vulnerability. This version originally had a shell upload vulnerability discovered by D4rkP0w4r that leveraged the upload CV flow but this particular finding leverages the save_animal flow.

tags | exploit, remote, shell
SHA-256 | 1c5dc0f84ab00f3b67dc35a964acec141e5750913dde08b3d149ec1816549aba
Clinic's Patient Management System 1.0 Shell Upload
Posted Oct 12, 2023
Authored by Ogulcan Hami Gul

Clinic's Patient Management System version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | a2bab2072f94bc92a8eb4477dbec67ab9cc1cba577230d67b8d7c8aa56a1b99d
BoidCMS 2.0.0 Shell Upload
Posted Oct 10, 2023
Authored by 1337kid

BoidCMS versions 2.0.0 and below suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2023-38836
SHA-256 | a68ec76429430287b0271ea1becbf584591cf6f1bf778b41a1cfebd601dc71d3
Ubuntu Security Notice USN-6395-1
Posted Sep 22, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6395-1 - Mickael Karatekin discovered that GNOME Shell incorrectly allowed the screenshot tool to view open windows when a session was locked. A local attacker could possibly use this issue to obtain sensitive information.

tags | advisory, shell, local
systems | linux, windows, ubuntu
advisories | CVE-2023-43090
SHA-256 | 3f816a9930d178217a7288389d3b4673afe6c4eeaa9d4782303571213ae3bce4
BDS FreeBSD KLD Rootkit
Posted Sep 22, 2023
Authored by bluedragonsec | Site bluedragonsec.com

BDS Freebsd KLD rootkit for FreeBSD 13 that hides files, hides processes, hides ports, and has a bind shell backdoor.

tags | tool, shell, rootkit
systems | unix, freebsd, bsd
SHA-256 | 9f6dc7f9bcc4c0f52a39a3c80657272125ec54dc594b44cc36889b2ff724d07c
BDS Linux LKM Ftrace-Based Rootkit
Posted Sep 22, 2023
Authored by bluedragonsec | Site bluedragonsec.com

Ftrace-based Linux loadable kernel module rootkit for Linux kernel versions 5.x and 6.x on x86_64. It hides files, hides process, hides a bind shell and reverse shell port, provides privilege escalation, and cleans up logs and bash history during installation.

tags | tool, shell, kernel, rootkit, bash
systems | linux, unix
SHA-256 | ccd1e1687bfaa5e306d03caa2b040597c4571ce16bc6f5a3ad737ced8e457c56
BDS Linux Userland Rootkit
Posted Sep 21, 2023
Authored by bluedragonsec | Site bluedragonsec.com

The BDS Userland rootkit is a Linux userland rootkit. It hides files, directories, processes, the bind shell port, the daemon port, and the reverse shell port. It also cleans up bash history and logs during installation.

tags | tool, shell, rootkit, bash
systems | linux, unix
SHA-256 | c7170315137f5e7109aba32c9e58a703b353e1326e4a9584ba97e9f9c1926310
BDS Linux LKM Rootkit
Posted Sep 21, 2023
Authored by bluedragonsec | Site bluedragonsec.com

The BDS LKM rootkit is a simple and stable Linux loadable kernel module rootkit for Linux kernel versions 5.x and 6.x on x86_64 that hide files, hide processes, hides a bind shell and reverse shell port, provides privilege escalation, provides rootkit persistence, and cleans up logs and bash history during installation.

tags | tool, shell, kernel, rootkit, bash
systems | linux, unix
SHA-256 | f80995082ade857bc8c222749aa3ff2fe683f4b3f02e618e111a589f857646e2
Red Hat Security Advisory 2023-5178-01
Posted Sep 18, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5178-01 - BusyBox is a binary file that combines a large number of common system utilities into a single executable file. BusyBox provides replacements for most GNU file utilities, shell utilities, and other command-line tools. Issues addressed include a code execution vulnerability.

tags | advisory, shell, code execution
systems | linux, redhat
advisories | CVE-2022-48174
SHA-256 | 7c72db5f7b570141670662cc2dbbef8381317a72432a3def63d5b819c76bcea1
Page 2 of 130
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close