This Metasploit module exploits a directory traversal in F5's BIG-IP Traffic Management User Interface (TMUI) to upload a shell script and execute it as the Unix root user. Unix shell access is obtained by escaping the restricted Traffic Management Shell (TMSH). The escape may not be reliable, and you may have to run the exploit multiple times. Versions 11.6.1-11.6.5, 12.1.0-12.1.5, 13.1.0-13.1.3, 14.1.0-14.1.2, 15.0.0, and 15.1.0 are known to be vulnerable. Fixes were introduced in 11.6.5.2, 12.1.5.2, 13.1.3.4, 14.1.2.6, and 15.1.0.4. Tested against the VMware OVA release of 14.1.2.
9f3da84fe52bba475dcd0252ca14c6e0af76dd98df5d1edaaccc7c9a737db2bbSugarCRM versions 13.0.1 and below suffer from a remote shell upload vulnerability in the set_note_attachment SOAP call.
f051a516487d8fd4a224aa9c883a0ab530f400da930805694f2f73cbeae5a487Debian Linux Security Advisory 5530-1 - Several vulnerabilities were discovered in ruby-rack, a modular Ruby webserver interface, which may result in denial of service and shell escape sequence injection.
1d720695b79a166118349cbe5f4050069000900a5d5b9d9439ed4da692cb559fWordPress Royal Elementor plugin versions 1.3.78 and below suffer from a remote shell upload vulnerability.
75ad1e0b13ce523e2824530b0e478c185738d3854be5c82a387c52d974cbc3c4Zoo Management System version 1.0 suffers from a remote shell upload vulnerability. This version originally had a shell upload vulnerability discovered by D4rkP0w4r that leveraged the upload CV flow but this particular finding leverages the save_animal flow.
1c5dc0f84ab00f3b67dc35a964acec141e5750913dde08b3d149ec1816549abaClinic's Patient Management System version 1.0 suffers from a remote shell upload vulnerability.
a2bab2072f94bc92a8eb4477dbec67ab9cc1cba577230d67b8d7c8aa56a1b99dBoidCMS versions 2.0.0 and below suffer from a remote shell upload vulnerability.
a68ec76429430287b0271ea1becbf584591cf6f1bf778b41a1cfebd601dc71d3Ubuntu Security Notice 6395-1 - Mickael Karatekin discovered that GNOME Shell incorrectly allowed the screenshot tool to view open windows when a session was locked. A local attacker could possibly use this issue to obtain sensitive information.
3f816a9930d178217a7288389d3b4673afe6c4eeaa9d4782303571213ae3bce4BDS Freebsd KLD rootkit for FreeBSD 13 that hides files, hides processes, hides ports, and has a bind shell backdoor.
9f6dc7f9bcc4c0f52a39a3c80657272125ec54dc594b44cc36889b2ff724d07cFtrace-based Linux loadable kernel module rootkit for Linux kernel versions 5.x and 6.x on x86_64. It hides files, hides process, hides a bind shell and reverse shell port, provides privilege escalation, and cleans up logs and bash history during installation.
ccd1e1687bfaa5e306d03caa2b040597c4571ce16bc6f5a3ad737ced8e457c56The BDS Userland rootkit is a Linux userland rootkit. It hides files, directories, processes, the bind shell port, the daemon port, and the reverse shell port. It also cleans up bash history and logs during installation.
c7170315137f5e7109aba32c9e58a703b353e1326e4a9584ba97e9f9c1926310The BDS LKM rootkit is a simple and stable Linux loadable kernel module rootkit for Linux kernel versions 5.x and 6.x on x86_64 that hide files, hide processes, hides a bind shell and reverse shell port, provides privilege escalation, provides rootkit persistence, and cleans up logs and bash history during installation.
f80995082ade857bc8c222749aa3ff2fe683f4b3f02e618e111a589f857646e2Red Hat Security Advisory 2023-5178-01 - BusyBox is a binary file that combines a large number of common system utilities into a single executable file. BusyBox provides replacements for most GNU file utilities, shell utilities, and other command-line tools. Issues addressed include a code execution vulnerability.
7c72db5f7b570141670662cc2dbbef8381317a72432a3def63d5b819c76bcea1This Metasploit module exploits a series of vulnerabilities - including auth bypass, SQL injection, and shell injection - to obtain remote code execution on SonicWall GMS versions 9.9.9320 and below.
90d7acef05664be1e0b28da7f711f5c30f094179ef8916c47f28a2418a07056eKibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This leads to an arbitrary command execution with permissions of the Kibana process on the host system. Exploitation will require a service or system reboot to restore normal operation. The WFSDELAY parameter is crucial for this exploit. Setting it too high will cause MANY shells (50-100+), while setting it too low will cause no shells to be obtained. WFSDELAY of 10 for a docker image caused 6 shells.
218aabf6c87ec8ccc508ad1d2d5d2ca8b265eead008ca12a1926cb66c80614ab476 bytes small Windows/x64 PIC null-free TCP reverse shell shellcode.
bba5751e922713bc181d1684a80fe65ee53eab2de87b3bbaf9cb5fc3fdccc945WEBIGniter version 28.7.23 suffers from a remote shell upload vulnerability.
b24db8025b7fcf8d5c1433e0befc886aa43413e875bd6d675124860dcb5f45f2Humhub version 1.3.13 suffers from a remote shell upload vulnerability.
7a715a33400e2add27f596f876eb05f01d21b959756f68afee12e2b91ef7ac46Online ID Generator version 1.0 suffers from remote SQL injection that allows for login bypass and remote shell upload vulnerabilities.
fe94ca18f12e1c64358556d8bd0cbb12f811c2f0176232b8d7dcb632b99ee17fInterPhoto version 2.3.0 suffers from a remote shell upload vulnerability.
5ca35c1825dc45f42cd3a28e602eb0a3285956fa6a3c4b1d41e2cdcc78f49cceThe DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. This exploit will result in several shells (5-7). Successfully tested against Apache nifi 1.17.0 through 1.21.0.
0160a2622a4649020abd8fb0d476ca59d2c4968c668499c8167e44d6c9276020doorGets CMS version 12 suffers from a remote shell upload vulnerability.
97d5c8bc88580a5e7f6f4f60414bfdf754b1f8d3724c17e6e0de5db2a7c63830SugarCRM versions 12.2.0 and below suffers from a multiple step remote shell upload vulnerability.
6bee957dcfc710f3709d5cc3ba3aa33ecb6f07d987d6836c2df36e2f2011c8a8Red Hat Security Advisory 2023-4692-01 - Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language. Issues addressed include cross site request forgery, denial of service, and remote shell upload vulnerabilities.
d9122cb72ed95b3238794cee887418f97639e1010bbe6af474fff461da100916Evsanati Radyo version 1.0 suffers from a remote shell upload vulnerability.
6f289542a9b2ff6259d9eb3de8975ddf2b290e0ca802dfb52bee485e1ba002f9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed