Planet eStream versions prior to 6.72.10.07 suffer from shell upload, account takeover, broken access control, SQL injection, both persistent and reflective cross site scripting, path traversal, and information disclosure vulnerabilities.
0dca96db49c3aae632e40d6b29c30d32088f3d7c6667b64b954a6a6345dcc625Red Hat Security Advisory 2022-8872-01 - An update for python-django20 is now available for Red Hat OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2. Issues addressed include cross site scripting, denial of service, remote shell upload, and remote SQL injection vulnerabilities.
e5e7d087bfcb84b64424f6f5ba3f374d1774f83da6dd2bb3d702e487b2cbd58bRed Hat Security Advisory 2022-8863-01 - Paramiko is a module for python 2.3 or greater that implements the SSH2 protocol for secure connections to remote machines. Unlike SSL, the SSH2 protocol does not require heirarchical certificates signed by a powerful central authority. You may know SSH2 as the protocol that replaced telnet and rsh for secure access to remote shells, but the protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel.
59534817e9e5c4ed208e21817cc8d384718759ee9feaec332ee49ea7ba65f1b5Red Hat Security Advisory 2022-8845-01 - Paramiko is a module for python 2.3 or greater that implements the SSH2 protocol for secure connections to remote machines. Unlike SSL, the SSH2 protocol does not require heirarchical certificates signed by a powerful central authority. You may know SSH2 as the protocol that replaced telnet and rsh for secure access to remote shells, but the protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel.
a6a2060126d1be99be2aca8297f1257ee4619fcacb1e48e24b430da0c6b1eb8cRoxy Fileman versions 1.4.6 and below remote shell upload proof of concept exploit.
16a9c59173c82b869a340397a5e68377531e0e0f9be9781793142e4f47786e1bAll FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to remote command injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. This module uses the vulnerability to upload and execute payloads gaining root privileges.
a321cd3e8960e684cbab1cd82bb0f9be0cda474af87c57e7f89fa9aaa83b6bcaThis Metasploit module exploits a vulnerable sudo configuration that permits the Zimbra user to execute postfix as root. In turn, postfix can execute arbitrary shellscripts, which means it can execute a root shell.
60ec0dcab5b58dbebac7ed6c99c5cf1fb52f76e5b1a5f3723089e823fc252948This Metasploit module leverages a remote shell upload vulnerability in pfSense pfBlockerNG plugin versions 2.1.4_26 and below. Note that version 3.x is unaffected.
4189e967b6b81ffffd850d9ece99fb550a29985985f2bcf2dcb9de105fffe02cWeb Based Student Clearance version 1.0 suffers from a remote shell upload vulnerability.
ac7df912113c209e4aa92b944d9b94db3f34c974d4195900b8a821b928f931f6WordPress Elementor plugin versions 3.6.0 through 3.6.2 suffer from a remote shell upload vulnerability. This is achieved by sending a request to install Elementor Pro from a user supplied zip file. Any user with Subscriber or more permissions is able to execute this.
0537a61d8c7e168ee93f25ae88cc62b13741cb186c02291ebc2f946f834cd81fGuppY CMS version 6.00.10 suffers from an authenticated remote shell upload vulnerability.
7379f5703f8c8447e89b8393459ce54d04deb30eed715a6df6b281a1b380609bDebian Linux Security Advisory 5229-1 - Two vulnerabilities were discovered in FreeCAD, a CAD/CAM program, which could result in the execution of arbitrary shell commands when opening a malformed file.
e221b714aa252c043fe261bba268b9bb76b8a4565c7895307eb7ff13412d67b8Debian Linux Security Advisory 5234-1 - An arbitrary code execution vulnerability was disovered in fish, a command line shell. When using the default configuraton of fish, changing to a directory automatically ran `git` commands in order to display information about the current repository in the prompt. Such repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands.
d6134612ed2eb603546e00e78930c6db0692023b8724bb62b9827ee351491ec4Debian Linux Security Advisory 5242-1 - It was discovered that the Commandline class in maven-shared-utils, a collection of various utility classes for the Maven build system, can emit double-quoted strings without proper escaping, allowing shell injection attacks.
84714da50549cd80b4994a0222f28c86342b8b85cee2cb07fc540a8b7d3eba9bOnline Diagnostic Lab Management System version 1.0 remote exploit that bypasses login with SQL injection and then uploads a shell.
a9a666adc9b5791a812164167d20c4ced022f91eed35188667143b4e7b0ee94epfBlockerNG version 2.1.4_26 unauthenticated remote shell upload exploit.
1d7eee5bc1593b474c54a3d280da28d67551d6ae08d22fa5a7a679595e50b007VIAVIWEB Wallpaper Admin suffers from remote shell upload and remote SQL injection vulnerabilities.
2adfb8f70f50742a66bf5ad5b7a1bccff06637cf13ee52a9534547c07ead30edAcademy Learning Management System version 5.7 suffers from a remote shell upload vulnerability.
8f5ea1ed03e514169afbef198fca84d3a923d2ba76402fc2c21d5c8fce52443aRocket LMS version 1.6 suffers from a remote shell upload vulnerability.
e2684a4c3d7870e561b03625a565e5e6160ae406c842cde5968d1ac67eb2ffa3Infix LMS version 4.3.0 suffers from a remote shell upload vulnerability.
b9fb1eb73b48a203ba61020ca1bc27e9a98b348e216dac02454c0283feade433This Metasploit module exploits an authenticated command injection vulnerability affecting Cisco ASA-X with FirePOWER Services. This exploit is executed through the ASA's ASDM web server and lands in the FirePower Services SFR module's Linux virtual machine as the root user. Access to the virtual machine allows the attacker to pivot to the inside network, and access the outside network. Also, the SFR virtual machine is running snort on the traffic flowing through the ASA, so the attacker should have access to this diverted traffic as well. This module requires ASDM credentials in order to traverse the ASDM interface. A similar attack can be performed via Cisco CLI (over SSH), although that isn't implemented here. Finally, it's worth noting that this attack bypasses the affects of the lockdown-sensor command (e.g. the virtual machine's bash shell shouldn't be available but this attack makes it available). Cisco assigned this issue CVE-2022-20828. The issue affects all Cisco ASA that support the ASA FirePOWER module (at least Cisco ASA-X with FirePOWER Service, and Cisco ISA 3000). The vulnerability has been patched in ASA FirePOWER module versions 6.2.3.19, 6.4.0.15, 6.6.7, and 7.0.21. The following versions will receive no patch: 6.2.2 and earlier, 6.3.*, 6.5.*, and 6.7.*.
68e16d3ce86c6321808a38fd985d56e82e3e74f93b1ebe13be653fa09e00432eThis Metasploit module exploits CVE-2022-30526, a local privilege escalation vulnerability that allows a low privileged user (e.g. nobody) escalate to root. The issue stems from a suid binary that allows all users to copy files as root. This module overwrites the firewall's crontab to execute an attacker provided script, resulting in code execution as root. In order to use this module, the attacker must first establish shell access. For example, by exploiting CVE-2022-30525. Known affected Zyxel models include USG FLEX (50, 50W, 100W, 200, 500, 700), ATP (100, 200, 500, 700, 800), VPN (50, 100, 300, 1000), USG20-VPN and USG20W-VPN.
ce0978f09bdc4f825505d8590e1f429b3ba8069c5e7e83d2268b514b437133c9This paper is an in-depth blog post on hacking Zyxel IP cameras to obtain a root shell.
b1c1d5af6bd2b118ab3a1c720fe41a27cfec41885c4cf555570f4e8a14d7f78bGigaland NFT Marketplace version 1.9 suffers from remote shell upload and ETH private key disclosure vulnerabilities.
ce98bcba1114e91aa9e9ba66766075c6356a782f55f6b972328c6840eadf1713Gas Agency Management 2022 suffers from cross site scripting, remote SQL injection, and remote shell upload vulnerabilities.
fbd80e45f29f9c744b81fc81cb49905ea0ee4dbf9f49738b949c8e75caba6e49
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed