Exploit the possiblities
Showing 51 - 75 of 2,560 RSS Feed

Shell Files

Linux/x86-64 Reverse Shell Shellcode
Posted May 8, 2017
Authored by Srakai

113 bytes small Linux/x86-64 reverse shell shellcode for IPv6.

tags | shell, x86, shellcode
systems | linux
MD5 | ac5201873bbc6a9ce91386d7e9e153d6
Easy File Uploader Remote Shell Upload
Posted Apr 27, 2017
Authored by Daniel Godoy

Easy File Uploader suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, file upload
MD5 | 8ac3610167d2a6610763fae78f9e7f29
Solarwinds LEM 6.3.1 Management Shell Arbitrary File Read
Posted Apr 24, 2017
Authored by Hank Leininger, Matthew Bergin | Site korelogic.com

The management shell on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1 allows the end user to edit the MOTD banner displayed during SSH logon. The editor provided for this is nano. This editor has a keyboard mapped function which lets the user import a file from the local file system into the editor. An attacker can abuse this to read arbitrary files within the allowed permissions.

tags | exploit, arbitrary, shell, local
MD5 | f78a6aa709d515f34ff4063017a41667
Solarwinds LEM 6.3.1 Shell Escape Command Injection
Posted Apr 24, 2017
Authored by Hank Leininger, Matthew Bergin | Site korelogic.com

Insufficient input validation in the management interface can be leveraged in order to execute arbitrary commands. This can lead to (root) shell access to the underlying operating system on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1.

tags | exploit, arbitrary, shell, root
MD5 | c05724ef34080811a5c98ed6a6d254cf
October CMS 1.0.412 Code Execution / Shell Upload
Posted Apr 20, 2017
Authored by Anti Rais

October CMS version 1.0.412 suffers from access bypass, cross site scripting, code execution, and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, code execution, xss
MD5 | e702737b1f0f3d12d56ab625156a9afc
Huawei HG532n Command Injection
Posted Apr 17, 2017
Authored by Ahmed S. Darwish | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in the Huawei HG532n routers provided by TE-Data Egypt, leading to a root shell. The router's web interface has two kinds of logins, a "limited" user:user login given to all customers and an admin mode. The limited mode is used here to expose the router's telnet port to the outside world through NAT port-forwarding. With telnet now remotely accessible, the router's limited "ATP command line tool" (served over telnet) can be upgraded to a root shell through an injection into the ATP's hidden "ping" command.

tags | exploit, web, shell, root
MD5 | 5846ef508d85837a4608f1c94c201d64
Magento 2.1.6 Shell Upload / Cross Site Request Forgery
Posted Apr 13, 2017
Authored by DefenseCode, Bosko Stankovic

Magento versions 2.1.6 and below suffers from cross site request forgery and shell upload vulnerabilities.

tags | exploit, shell, vulnerability, csrf
MD5 | 7eac7c985713b9e6f32be4da1b6565bb
SolarWind LEM Default SSH Password Remote Code Execution
Posted Apr 4, 2017
Authored by Mehmet Ince | Site metasploit.com

This Metasploit module exploits the default credentials of SolarWind LEM. A menu system is encountered when the SSH service is accessed with the default username and password which is "cmc" and "password". By exploiting a vulnerability that exist on the menuing script, an attacker can escape from restricted shell. This Metasploit module was tested against SolarWinds LEM v6.3.1.

tags | exploit, shell
MD5 | b551077e34268bd111ec9232032426a6
Pixie 1.0.4 Shell Upload
Posted Apr 2, 2017
Authored by rungga_reksya, dvnrcy, dickysofficial

Pixie version 1.0.4 suffers from a remote shell upload vulnerability

tags | exploit, remote, shell
advisories | CVE-2017-7402
MD5 | 1f0acf66c9b658bf16eec854d80970ba
Nuxeo Platform 6.x / 7.x Shell Upload
Posted Mar 24, 2017
Authored by Ronan Kervella

Nuxeo Platform versions 6.0 (LTS 2014), 7.1, 7.2, and 7.3 suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2017-5869
MD5 | 7126bfef715d2ac6d4c534ae2886b473
Ubuntu Security Notice USN-3243-1
Posted Mar 23, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3243-1 - It was discovered that Git incorrectly sanitized branch names in the PS1 variable when configured to display the repository status in the shell prompt. If a user were tricked into exploring a malicious repository, a remote attacker could use this issue to execute arbitrary code.

tags | advisory, remote, arbitrary, shell
systems | linux, ubuntu
advisories | CVE-2014-9938
MD5 | 5e9ec3e012f77c65ec3aeea783f3c8b8
Red Hat Security Advisory 2017-0484-01
Posted Mar 23, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0484-01 - Red Hat Gluster Storage is a software only scale-out storage solution that provides flexible and affordable unstructured data storage. It unifies data storage and infrastructure, increases performance, and improves availability and manageability to meet enterprise-level storage challenges. The following packages have been upgraded to a later upstream version: glusterfs, redhat-storage-server. Security Fix: It was found that glusterfs-server RPM package would write file with predictable name into world readable /tmp directory. A local attacker could potentially use this flaw to escalate their privileges to root by modifying the shell script during the installation of the glusterfs-server package.

tags | advisory, shell, local, root
systems | linux, redhat
advisories | CVE-2015-1795
MD5 | 03a5e8f2c644d94a4094c59e0ad9b4d9
SysGauge SMTP Validation Buffer Overflow
Posted Mar 22, 2017
Authored by Chris Higgins, Peter Baris | Site metasploit.com

This Metasploit module will setup an SMTP server expecting a connection from SysGauge 1.5.18 via its SMTP server validation. The module sends a malicious response along in the 220 service ready response and exploits the client, resulting in an unprivileged shell.

tags | exploit, shell
MD5 | aed322bf78a942f8e4c4c99cf051ca51
Red Hat Security Advisory 2017-0725-01
Posted Mar 21, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0725-01 - The bash packages provide Bash, which is the default shell for Red Hat Enterprise Linux. Security Fix: An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines running bash under specific circumstances. An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written setuid programs to elevate their privileges under certain circumstances.

tags | advisory, arbitrary, shell, local, bash
systems | linux, redhat
advisories | CVE-2016-0634, CVE-2016-7543, CVE-2016-9401
MD5 | 6b238477973e67226f55cc4cd86b4c4a
WordPress Multiple Plugin File Upload
Posted Mar 17, 2017
Authored by The Martian

WordPress plugins Zen App Mobile Native versions 3.0 and below, webapp-builder version 2.0, wp2android-turn-wp-site-into-android-app version 1.1.4, mobile-app-builder-by-wappress version 1.05, and mobile-friendly-app-builder-by-easytouch version 3.0 suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2017-1002000, CVE-2017-1002001, CVE-2017-1002002, CVE-2017-1002003, CVE-2017-6104
MD5 | 88bbba2ab602c5fa130ef461e7157609
HumHub 0.20.1 / 1.0.0-beta.3 Shell Upload
Posted Mar 17, 2017
Authored by Tim Coen | Site curesec.com

HumHub versions 0.20.1 and 1.0.0-beta.3 suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | bac27572af595d598e5c3e8c9a092787
Cisco Security Advisory 20170315-asr
Posted Mar 16, 2017
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. The vulnerability is due to missing input validation of parameters passed during SSH or SFTP login. An attacker could exploit this vulnerability by providing crafted user input to the SSH or SFTP command-line interface (CLI) during SSH or SFTP login. An exploit could allow an authenticated attacker to gain root privileges access on the router. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered via both IPv4 and IPv6 traffic. An established TCP connection toward port 22, the SSH default port, is needed to perform the attack. The attacker must have valid credentials to login to the system via SSH or SFTP. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

tags | advisory, remote, shell, root, tcp
systems | cisco
advisories | CVE-2017-3819
MD5 | b5b7b2652bcc9f39211a3ec6419b9ab3
Red Hat Security Advisory 2017-0536-01
Posted Mar 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0536-01 - The policycoreutils packages contain the core policy utilities required to manage a SELinux environment. Security Fix: It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox.

tags | advisory, arbitrary, shell
systems | linux, redhat
advisories | CVE-2016-7545
MD5 | 3a565286e1f9bfdac40c3fb10782ff78
Red Hat Security Advisory 2017-0535-01
Posted Mar 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0535-01 - The policycoreutils packages contain the core policy utilities required to manage a SELinux environment. Security Fix: It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox.

tags | advisory, arbitrary, shell
systems | linux, redhat
advisories | CVE-2016-7545
MD5 | 5d11b5f9a7e18d739c47d4faed69c20e
b2evolution 6.8.8 Shell Upload
Posted Mar 14, 2017
Authored by yokoacc, rungga_reksya, dvnrcy

b2evolution version 6.8.8 Stable suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, file upload
MD5 | ed29437b5e18c77941e9ba2458dfd0a1
Global In Shell Upload
Posted Mar 11, 2017
Authored by Ihsan Sencan

Global In suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | ea385e186a4d09edea9a0079e7eaedd6
Apache Struts 2 2.3.x / 2.5.x Remote Code Execution
Posted Mar 10, 2017
Authored by anarc0der

Apache Struts 2 versions 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 remote code execution exploit that provides a reverse shell.

tags | exploit, remote, shell, code execution
advisories | CVE-2017-5638
MD5 | 1fe1221359b528e0a3f8439c385ef6e1
dnaLIMS Code Execution / XSS / Traversal / Session Hijacking
Posted Mar 10, 2017
Authored by Nicholas von Pechmann

dnaLIMS DNA sequencing application suffers from an improperly protected web shell, a directory traversal, insecure password storage, session hijacking, cross site scripting, and improperly protected content vulnerabilities.

tags | exploit, web, shell, vulnerability, xss, file inclusion
advisories | CVE-2017-6526, CVE-2017-6527, CVE-2017-6528, CVE-2017-6529
MD5 | b192d5704b262c433258f2c3017c4ab2
Linux x86_64 NetCat Reverse Shell Shellcode
Posted Mar 5, 2017
Authored by Robert L. Taylor

72 bytes small Linux x86_64 netcat reverse shell shellcode.

tags | shell, shellcode
systems | linux
MD5 | 6f02364e62c6a247e413f7efab86d251
Linux x86_64 Polymorphic NetCat Reverse Shell Shellcode
Posted Mar 5, 2017
Authored by Robert L. Taylor

106 bytes small Linux x86_64 polymorphic netcat reverse shell shellcode.

tags | shell, shellcode
systems | linux
MD5 | 48409c0e781dd94983e54244be9d7b6c
Page 3 of 103
Back12345Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close