Red Hat Security Advisory 2024-0189-03 - An update for python-werkzeug is now available for Red Hat OpenStack Platform 17.1. Issues addressed include denial of service and remote shell upload vulnerabilities.
50c2f21eebdf9757eb666fbf646f7701855b330687977003cfb6ff2ba950f45c
Lot Reservation Management System version 1.0 suffers from a remote shell upload vulnerability.
e412e93388798209ade400aff41a77ff351847f86f63f4e81db78a35ca5ddef3
Hospital Management System versions 4.0 and below suffer from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities.
4c4cb4162e1a493a04ab18896d55ef8649d628f41d3426944382f8e72a0ea4f9
In this paper, the authors show that as new encryption algorithms and mitigations were added to SSH, the SSH Binary Packet Protocol is no longer a secure channel: SSH channel integrity (INT-PST) is broken for three widely used encryption modes. This allows prefix truncation attacks where some encrypted packets at the beginning of the SSH channel can be deleted without the client or server noticing it. They demonstrate several real-world applications of this attack. They show that they can fully break SSH extension negotiation (RFC 8308), such that an attacker can downgrade the public key algorithms for user authentication or turn off a new countermeasure against keystroke timing attacks introduced in OpenSSH 9.5. They also identified an implementation flaw in AsyncSSH that, together with prefix truncation, allows an attacker to redirect the victim's login into a shell controlled by the attacker. Related proof of concept code from their github has been added to this archive.
3d6be8cc2a9c624a06990226485956c5d92675a632da2182c2546e4af814ff93
osCommerce version 4.13-60075 suffers from a remote shell upload vulnerability.
ec2851de45716323cc9586ace2e5ab5f4c1232d38a2afff9df61187983d1047d
This Metasploit module exploits a remote code execution vulnerability in Splunk Enterprise. The affected versions include 9.0.x before 9.0.7 and 9.1.x before 9.1.2. The exploitation process leverages a weakness in the XSLT transformation functionality of Splunk. Successful exploitation requires valid credentials, typically admin:changeme by default. The exploit involves uploading a malicious XSLT file to the target system. This file, when processed by the vulnerable Splunk server, leads to the execution of arbitrary code. The module then utilizes the runshellscript capability in Splunk to execute the payload, which can be tailored to establish a reverse shell. This provides the attacker with remote control over the compromised Splunk instance. The module is designed to work seamlessly, ensuring successful exploitation under the right conditions.
ea31fbcf387f710ebb5a4b9243ec8009edb093af5bce5d17f8b759e679c83bdf
Kopage Website Builder version 4.4.15 appears to suffer from a remote shell upload vulnerability.
c7c044286a2574e2349a91e45670f2ab02c5df6ed10e4f242160211e6c892661
CE Phoenixcart version 1.0.8.20 suffers from a remote shell upload vulnerability.
07b363b061bd5168064a8bc9eb0e871c0ae4e8d96a0a87798b419cec452c6070
WBCE CMS version 1.6.1 suffers from a remote shell upload vulnerability.
7695de4e35509e1c4db3c4076032af2a7d6631056618550d68d670c15cf66962
Online Student Clearance System versions 1.0 and below suffer from a remote shell upload vulnerability.
c55fe1c8bc487499e2a14d9993102c3a4e9ac0513d390be3458030a9f0aec021
WordPress Royal Elementor Addons and Templates plugin versions prior to 1.3.79 suffer from a remote shell upload vulnerability.
514871b05ceb1ed65e97c420f4e9a96957ce2443102fd59ba2de86664048ea50
CSZ CMS version 1.3.0 suffers from a remote shell upload vulnerability.
b8f0f3c59686781c297f072ed9c3ca2896c1c6ea8f3916447a7e73c9086eb19a
This Metasploit module exploits a directory traversal in F5's BIG-IP Traffic Management User Interface (TMUI) to upload a shell script and execute it as the Unix root user. Unix shell access is obtained by escaping the restricted Traffic Management Shell (TMSH). The escape may not be reliable, and you may have to run the exploit multiple times. Versions 11.6.1-11.6.5, 12.1.0-12.1.5, 13.1.0-13.1.3, 14.1.0-14.1.2, 15.0.0, and 15.1.0 are known to be vulnerable. Fixes were introduced in 11.6.5.2, 12.1.5.2, 13.1.3.4, 14.1.2.6, and 15.1.0.4. Tested against the VMware OVA release of 14.1.2.
9f3da84fe52bba475dcd0252ca14c6e0af76dd98df5d1edaaccc7c9a737db2bb
SugarCRM versions 13.0.1 and below suffer from a remote shell upload vulnerability in the set_note_attachment SOAP call.
f051a516487d8fd4a224aa9c883a0ab530f400da930805694f2f73cbeae5a487
Debian Linux Security Advisory 5530-1 - Several vulnerabilities were discovered in ruby-rack, a modular Ruby webserver interface, which may result in denial of service and shell escape sequence injection.
1d720695b79a166118349cbe5f4050069000900a5d5b9d9439ed4da692cb559f
WordPress Royal Elementor plugin versions 1.3.78 and below suffer from a remote shell upload vulnerability.
75ad1e0b13ce523e2824530b0e478c185738d3854be5c82a387c52d974cbc3c4
Zoo Management System version 1.0 suffers from a remote shell upload vulnerability. This version originally had a shell upload vulnerability discovered by D4rkP0w4r that leveraged the upload CV flow but this particular finding leverages the save_animal flow.
1c5dc0f84ab00f3b67dc35a964acec141e5750913dde08b3d149ec1816549aba
Clinic's Patient Management System version 1.0 suffers from a remote shell upload vulnerability.
a2bab2072f94bc92a8eb4477dbec67ab9cc1cba577230d67b8d7c8aa56a1b99d
BoidCMS versions 2.0.0 and below suffer from a remote shell upload vulnerability.
a68ec76429430287b0271ea1becbf584591cf6f1bf778b41a1cfebd601dc71d3
Ubuntu Security Notice 6395-1 - Mickael Karatekin discovered that GNOME Shell incorrectly allowed the screenshot tool to view open windows when a session was locked. A local attacker could possibly use this issue to obtain sensitive information.
3f816a9930d178217a7288389d3b4673afe6c4eeaa9d4782303571213ae3bce4
BDS Freebsd KLD rootkit for FreeBSD 13 that hides files, hides processes, hides ports, and has a bind shell backdoor.
9f6dc7f9bcc4c0f52a39a3c80657272125ec54dc594b44cc36889b2ff724d07c
Ftrace-based Linux loadable kernel module rootkit for Linux kernel versions 5.x and 6.x on x86_64. It hides files, hides process, hides a bind shell and reverse shell port, provides privilege escalation, and cleans up logs and bash history during installation.
ccd1e1687bfaa5e306d03caa2b040597c4571ce16bc6f5a3ad737ced8e457c56
The BDS Userland rootkit is a Linux userland rootkit. It hides files, directories, processes, the bind shell port, the daemon port, and the reverse shell port. It also cleans up bash history and logs during installation.
c7170315137f5e7109aba32c9e58a703b353e1326e4a9584ba97e9f9c1926310
The BDS LKM rootkit is a simple and stable Linux loadable kernel module rootkit for Linux kernel versions 5.x and 6.x on x86_64 that hide files, hide processes, hides a bind shell and reverse shell port, provides privilege escalation, provides rootkit persistence, and cleans up logs and bash history during installation.
f80995082ade857bc8c222749aa3ff2fe683f4b3f02e618e111a589f857646e2
Red Hat Security Advisory 2023-5178-01 - BusyBox is a binary file that combines a large number of common system utilities into a single executable file. BusyBox provides replacements for most GNU file utilities, shell utilities, and other command-line tools. Issues addressed include a code execution vulnerability.
7c72db5f7b570141670662cc2dbbef8381317a72432a3def63d5b819c76bcea1