Planet eStream versions prior to 6.72.10.07 suffer from shell upload, account takeover, broken access control, SQL injection, both persistent and reflective cross site scripting, path traversal, and information disclosure vulnerabilities.
0dca96db49c3aae632e40d6b29c30d32088f3d7c6667b64b954a6a6345dcc625
Red Hat Security Advisory 2022-8872-01 - An update for python-django20 is now available for Red Hat OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2. Issues addressed include cross site scripting, denial of service, remote shell upload, and remote SQL injection vulnerabilities.
e5e7d087bfcb84b64424f6f5ba3f374d1774f83da6dd2bb3d702e487b2cbd58b
Red Hat Security Advisory 2022-8863-01 - Paramiko is a module for python 2.3 or greater that implements the SSH2 protocol for secure connections to remote machines. Unlike SSL, the SSH2 protocol does not require heirarchical certificates signed by a powerful central authority. You may know SSH2 as the protocol that replaced telnet and rsh for secure access to remote shells, but the protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel.
59534817e9e5c4ed208e21817cc8d384718759ee9feaec332ee49ea7ba65f1b5
Red Hat Security Advisory 2022-8845-01 - Paramiko is a module for python 2.3 or greater that implements the SSH2 protocol for secure connections to remote machines. Unlike SSL, the SSH2 protocol does not require heirarchical certificates signed by a powerful central authority. You may know SSH2 as the protocol that replaced telnet and rsh for secure access to remote shells, but the protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel.
a6a2060126d1be99be2aca8297f1257ee4619fcacb1e48e24b430da0c6b1eb8c
Roxy Fileman versions 1.4.6 and below remote shell upload proof of concept exploit.
16a9c59173c82b869a340397a5e68377531e0e0f9be9781793142e4f47786e1b
All FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to remote command injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. This module uses the vulnerability to upload and execute payloads gaining root privileges.
a321cd3e8960e684cbab1cd82bb0f9be0cda474af87c57e7f89fa9aaa83b6bca
This Metasploit module exploits a vulnerable sudo configuration that permits the Zimbra user to execute postfix as root. In turn, postfix can execute arbitrary shellscripts, which means it can execute a root shell.
60ec0dcab5b58dbebac7ed6c99c5cf1fb52f76e5b1a5f3723089e823fc252948
This Metasploit module leverages a remote shell upload vulnerability in pfSense pfBlockerNG plugin versions 2.1.4_26 and below. Note that version 3.x is unaffected.
4189e967b6b81ffffd850d9ece99fb550a29985985f2bcf2dcb9de105fffe02c
Web Based Student Clearance version 1.0 suffers from a remote shell upload vulnerability.
ac7df912113c209e4aa92b944d9b94db3f34c974d4195900b8a821b928f931f6
WordPress Elementor plugin versions 3.6.0 through 3.6.2 suffer from a remote shell upload vulnerability. This is achieved by sending a request to install Elementor Pro from a user supplied zip file. Any user with Subscriber or more permissions is able to execute this.
0537a61d8c7e168ee93f25ae88cc62b13741cb186c02291ebc2f946f834cd81f
GuppY CMS version 6.00.10 suffers from an authenticated remote shell upload vulnerability.
7379f5703f8c8447e89b8393459ce54d04deb30eed715a6df6b281a1b380609b
Debian Linux Security Advisory 5229-1 - Two vulnerabilities were discovered in FreeCAD, a CAD/CAM program, which could result in the execution of arbitrary shell commands when opening a malformed file.
e221b714aa252c043fe261bba268b9bb76b8a4565c7895307eb7ff13412d67b8
Debian Linux Security Advisory 5234-1 - An arbitrary code execution vulnerability was disovered in fish, a command line shell. When using the default configuraton of fish, changing to a directory automatically ran `git` commands in order to display information about the current repository in the prompt. Such repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands.
d6134612ed2eb603546e00e78930c6db0692023b8724bb62b9827ee351491ec4
Debian Linux Security Advisory 5242-1 - It was discovered that the Commandline class in maven-shared-utils, a collection of various utility classes for the Maven build system, can emit double-quoted strings without proper escaping, allowing shell injection attacks.
84714da50549cd80b4994a0222f28c86342b8b85cee2cb07fc540a8b7d3eba9b
Online Diagnostic Lab Management System version 1.0 remote exploit that bypasses login with SQL injection and then uploads a shell.
a9a666adc9b5791a812164167d20c4ced022f91eed35188667143b4e7b0ee94e
pfBlockerNG version 2.1.4_26 unauthenticated remote shell upload exploit.
1d7eee5bc1593b474c54a3d280da28d67551d6ae08d22fa5a7a679595e50b007
VIAVIWEB Wallpaper Admin suffers from remote shell upload and remote SQL injection vulnerabilities.
2adfb8f70f50742a66bf5ad5b7a1bccff06637cf13ee52a9534547c07ead30ed
Academy Learning Management System version 5.7 suffers from a remote shell upload vulnerability.
8f5ea1ed03e514169afbef198fca84d3a923d2ba76402fc2c21d5c8fce52443a
Rocket LMS version 1.6 suffers from a remote shell upload vulnerability.
e2684a4c3d7870e561b03625a565e5e6160ae406c842cde5968d1ac67eb2ffa3
Infix LMS version 4.3.0 suffers from a remote shell upload vulnerability.
b9fb1eb73b48a203ba61020ca1bc27e9a98b348e216dac02454c0283feade433
This Metasploit module exploits an authenticated command injection vulnerability affecting Cisco ASA-X with FirePOWER Services. This exploit is executed through the ASA's ASDM web server and lands in the FirePower Services SFR module's Linux virtual machine as the root user. Access to the virtual machine allows the attacker to pivot to the inside network, and access the outside network. Also, the SFR virtual machine is running snort on the traffic flowing through the ASA, so the attacker should have access to this diverted traffic as well. This module requires ASDM credentials in order to traverse the ASDM interface. A similar attack can be performed via Cisco CLI (over SSH), although that isn't implemented here. Finally, it's worth noting that this attack bypasses the affects of the lockdown-sensor command (e.g. the virtual machine's bash shell shouldn't be available but this attack makes it available). Cisco assigned this issue CVE-2022-20828. The issue affects all Cisco ASA that support the ASA FirePOWER module (at least Cisco ASA-X with FirePOWER Service, and Cisco ISA 3000). The vulnerability has been patched in ASA FirePOWER module versions 6.2.3.19, 6.4.0.15, 6.6.7, and 7.0.21. The following versions will receive no patch: 6.2.2 and earlier, 6.3.*, 6.5.*, and 6.7.*.
68e16d3ce86c6321808a38fd985d56e82e3e74f93b1ebe13be653fa09e00432e
This Metasploit module exploits CVE-2022-30526, a local privilege escalation vulnerability that allows a low privileged user (e.g. nobody) escalate to root. The issue stems from a suid binary that allows all users to copy files as root. This module overwrites the firewall's crontab to execute an attacker provided script, resulting in code execution as root. In order to use this module, the attacker must first establish shell access. For example, by exploiting CVE-2022-30525. Known affected Zyxel models include USG FLEX (50, 50W, 100W, 200, 500, 700), ATP (100, 200, 500, 700, 800), VPN (50, 100, 300, 1000), USG20-VPN and USG20W-VPN.
ce0978f09bdc4f825505d8590e1f429b3ba8069c5e7e83d2268b514b437133c9
This paper is an in-depth blog post on hacking Zyxel IP cameras to obtain a root shell.
b1c1d5af6bd2b118ab3a1c720fe41a27cfec41885c4cf555570f4e8a14d7f78b
Gigaland NFT Marketplace version 1.9 suffers from remote shell upload and ETH private key disclosure vulnerabilities.
ce98bcba1114e91aa9e9ba66766075c6356a782f55f6b972328c6840eadf1713
Gas Agency Management 2022 suffers from cross site scripting, remote SQL injection, and remote shell upload vulnerabilities.
fbd80e45f29f9c744b81fc81cb49905ea0ee4dbf9f49738b949c8e75caba6e49