Ubuntu Security Notice 6200-1 - It was discovered that ImageMagick incorrectly handled the "-authenticate" option for password-protected PDF files. An attacker could possibly use this issue to inject additional shell commands and perform arbitrary code execution. This issue only affected Ubuntu 20.04 LTS. It was discovered that ImageMagick incorrectly handled certain values when processing PDF files. If a user or automated system using ImageMagick were tricked into opening a specially crafted PDF file, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 20.04 LTS.
4624c32fa88c1256496ddb16ef8578660e852b2894774605d467f2dca0b95882
POS Codekop version 2.0 suffers from a remote shell upload vulnerability.
5aa6755a5b65a13638c64fca7152e27a5e9265f28f9a56f9146dc230387f94af
AngularJS Filemanager version 1.5.1 suffers from a remote shell upload vulnerability.
4fa53e8b719b93ba31d29c0b301d08247cf7d18c49b62b7507599bde0c388ffa
Amazon S3 Droppy version 1.4.6 suffers from a remote shell upload vulnerability.
43cc95379c72d3b0c0c1096ec7abcf6ebf7f654062b8495b331169aae01e0832
Job Board version 1.0 suffers from a remote shell upload vulnerability.
f7203303285c27e34b43e1ca88c500efecfa3ba96a7c0c4199535084be1cc9bc
This Metasploit module exploits an unauthenticated remote code execution vulnerability in TerraMaster TOS versions 4.2.06 and below via shell metacharacters in the Event parameter at vulnerable endpoint include/makecvs.php during CSV creation. Any unauthenticated user can therefore execute commands on the system under the same privileges as the web application, which typically runs under root at the TerraMaster Operating System.
8935d1e9f61d6f9eb3550ec44e1a8a5d97992b91e55a7456ae2af009097db539
WordPress theme Workreap version 2.2.2 suffers from a remote shell upload vulnerabilities.
88613ebc6afdbf65ab6006134c141ccea5e75079b6943db66508c59fc8ddd503
Total CMS version 1.7.4 suffers from a remote shell upload vulnerability.
311a9fa22f204b4564b82c2a94c4476851b555dc106ca4601cf30653dcdf3e5a
Faculty Evaluation System version 1.0 suffers from a remote shell upload vulnerability.
241254abd3df9a7455cf5f17e73c98c7409c952bdb7ce70c4a493a17b023d043
Bumsys Business Management System version 1.0.3-beta suffers from a remote shell upload vulnerability.
9b18d9d9786b65e2dd3bca451efb34b98dda2b60625edec7acca67ab3fa4a44a
Ubuntu Security Notice 6115-1 - Max Chernoff discovered that LuaTeX did not properly disable shell escape. An attacker could possibly use this issue to execute arbitrary shell commands.
0dcdb7dba102cbaf12dc94678349cca8c6c28a3e57f65bdb436b58404469aca1
GetSimple CMS version 3.3.16 suffers from a remote shell upload vulnerability.
99127c487b04ae24e2f03143097d9abfc702cfd0d14e9f6462be41ae66fc0642
thrsrossi Millhouse-Project version 1.414 suffers from a remote shell upload vulnerability.
1ececf1ddc0c31852824c0b7dceddfc7d144d83e63121e5572869a090104debc
SitemagicCMS version 4.4.3 suffers from a remote shell upload vulnerability.
e81c1c2d5a6e4753bef17f0fc6ccb3caf6ce9d2eb88c286e5843d50fb1cd964a
Best POS Management System version 1.0 remote shell upload exploit. This is a variant exploit with the original discovery being attributed to Ahmed Ismail in February of 2023.
3074358cb31b2d86e231b6d456108ebd704d4d01aa067483b1f950c3bbe1d51e
TinyWebGallery version 2.5 suffers from a remote shell upload vulnerability.
843af9f8ac15605e751c3f42672d40e393faccdca39dd76e41acfca4f9ec1b21
Debian Linux Security Advisory 5406-1 - Max Chernoff discovered that improperly secured shell-escape in LuaTeX may result in arbitrary shell command execution, even with shell escape disabled, if specially crafted tex files are processed.
5295edf512ed1a9a3cee6103f9bf48379a4b69b3e5af6b362a9016821312bfd2
Millhouse-Project version 1.414 suffers from a remote shell upload vulnerability.
d9440e9d98656c902addd3830bcc58b2884d9efe16d39dc3fda9254a4ed475ff
Online Pizza Ordering System version 1.0 suffers from an unauthenticated remote shell upload vulnerability.
80df53bb8e4ac83f3a8c9a8479844dfeeee4bccfdb19185efe7b7094d02dcf42
UliCMS version 2023-1 Sniffing-Vicuna suffers from a remote shell upload vulnerability.
7f8b2a3d9dc0003788e80ca160e8a6b7b8d1eb214bf2fb3ef5c70d5ca617eb71
File Thingie version 2.5.7 remote shell upload exploit. This exploit is based on the vulnerability priorly discovered by Cakes in September of 2019.
d44a72bdde9ca82d38db73a7d7203fdc58ec24e3c9b534fb183ce6221f6bef8c
Wolf CMS version 0.8.3.1 suffers from a remote shell upload vulnerability.
98cad37a936adf4b7776edb66393ae949678eb81b4017d39c5a031483c2d041e
Red Hat Security Advisory 2023-2097-03 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include code execution, cross site scripting, denial of service, deserialization, improper neutralization, information leakage, and remote shell upload vulnerabilities.
50fea193584f82c8f1d6717f456a59c84a8ff40da5472a16b24d35524eadc879
Red Hat Security Advisory 2023-2101-01 - Red Hat Update Infrastructure offers a highly scalable, highly redundant framework that enables you to manage repositories and content. It also enables cloud providers to deliver content and updates to Red Hat Enterprise Linux instances. Issues addressed include denial of service and remote shell upload vulnerabilities.
2b5ebe94865b3ffd2e36ff0fcd58a37a83e0059cdb4bed21cb41db6d6c6cf9af
KODExplorer versions 4.49 and below suffer from cross site request forgery and remote shell upload vulnerabilities.
2c24ede0b6c9ade31db524c30505dfd3c2502c034c6ae0b1c0858a97d424c42d