DynPage version 1.0 suffers from cross site request forgery and shell upload vulnerabilities.
476adc1bf90918f7ad3741caca2d770eAcuity CMS version 2.6.x suffers from a shell upload vulnerability.
231d8a2326b1b67b3eacd41be37ce4d2Concrete CMS version 5.5 suffers from shell upload and denial of service vulnerabilities.
e5d9fdde1d792cd4bab71b4d1dbfc6eeCMS-AhMeBa Professional suffers from a shell upload vulnerability.
5a5f979b206f24906f399f6bcf455f81Travelon Express CMS version 6.2.2 suffers from cross site scripting, shell upload, and remote SQL injection vulnerabilities.
1862cfb5af1f9c7deba80fea4ff3383fEfront version 3.6.11 suffers from cross site scripting and shell upload vulnerabilities.
7be1b2a2b00aa3f584734f625363dec2NetcatPHPShell is a PHP backdoor that can be leveraged to launch a connect-back shell.
272d6d9b88fa87a16f8660e9f2a198c4When run as a CGI, PHP up to version 5.3.12 and 5.4.2 is vulnerable to an argument injection vulnerability. This Metasploit module takes advantage of the -d flag to set php.ini directives to achieve code execution. From the advisory: "if there is NO unescaped '=' in the query string, the string is split on '+' (encoded space) characters, urldecoded, passed to a function that escapes shell metacharacters (the "encoded in a system-defined manner" from the RFC) and then passes them to the CGI binary."
5ca5165adfa6f997cb7925bf7f9ad0e5This Metasploit modules exploits a vulnerability found in McAfee Virtual Technician's MVTControl. This ActiveX control can be abused by using the GetObject() function to load additional unsafe classes such as WScript.Shell, therefore allowing remote code execution under the context of the user.
bbac038f59ff5043622883a24f875349Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix variety except Solaris and NetBSD.
37b1ceb79a5ff3debca335d6550ac6b0WHMCS scanning tool that uses Google to find systems that are possible vulnerable to shell upload.
6cad0a59efaf2da811ee78105bbddc08Opial CMS version 2.0 suffers from cross site scripting, shell upload, and remote SQL injection vulnerabilities.
acccb552e07ec87ea83457bb160d54e8Car Portal CMS version 3.0 suffers from cross site request forgery, cross site scripting, and shell upload vulnerabilities.
269134f27fcc15434b5e140d8ad6cc69WordPress Organizer version 1.2.1 suffers from cross site request forgery, cross site scripting, and shell upload vulnerabilities.
1636787d421ecc86016d375344c31402Asterisk Project Security Advisory - A user of the Asterisk Manager Interface can bypass a security check and execute shell commands when they lack permission to do so. Under normal conditions, a user should only be able to run shell commands if that user has System class authorization. Users could bypass this restriction by using the MixMonitor application with the originate action or by using either the GetVar or Status manager actions in combination with the SHELL and EVAL functions. The patch adds checks in each affected action to verify if a user has System class authorization. If the user does not have those authorizations, Asterisk rejects the action if it detects the use of any functions or applications that run system commands.
409cfec2b992f13790527da55bc20c35HITB Magazine Volume 1 Issue 8 - Topics include Online Security At The Crossroads, Reverse Shell Traffic Obfuscation, and more.
1df89d656d3099e02fa4026a50d29500This Metasploit module exploits a vulnerability in Adobe Flash Player for Linux, version 10.0.12.36 and 9.0.151.0 and prior. An input validation vulnerability allows command execution when the browser loads a SWF file which contains shell metacharacters in the arguments to the ActionScript launch method. The victim must have Adobe AIR installed for the exploit to work. This Metasploit module was tested against version 10.0.12.36 (10r12_36).
afc250118d90645e4b69c0558747b599Koprana CMS remote shell upload exploit written in PHP.
5363b47d972d785998ba879624130b09wicd suffers from a privilege escalation vulnerability. Exploit that spawns a root shell and a patch are included.
a33a9fa0bd4815a1f8f963ca6c0d50b7w-CMS version 2.0.1 suffers from cross site request forgery, cross site scripting, file disclosure and shell upload vulnerabilities.
cb0e721747d1bb9b991c9a540f125ba9GetSimple version 3.1 suffers from backup download and shell upload vulnerabilities.
56c851873b99c03e0f2e0aa87e8a6ef9Havalite CMS suffers from database disclosure, shell upload, and remote SQL injection vulnerabilities.
95348caad568aa110e8a188446038792Cisco Security Advisory - The Secure Shell (SSH) server implementation in Cisco IOS Software and Cisco IOS XE Software contains a denial of service (DoS) vulnerability in the SSH version 2 (SSHv2) feature. An unauthenticated, remote attacker could exploit this vulnerability by attempting a reverse SSH login with a crafted username. Successful exploitation of this vulnerability could allow an attacker to create a DoS condition by causing the device to reload. Repeated exploits could create a sustained DoS condition. The SSH server in Cisco IOS Software and Cisco IOS XE Software is an optional service, but its use is highly recommended as a security best practice for the management of Cisco IOS devices. Devices that are not configured to accept SSHv2 connections are not affected by this vulnerability. Cisco has released free software updates that address this vulnerability.
a91d87508705fbbed4ab6cf5e057b000WebPortal CMS Beta suffers from a shell upload vulnerability.
2003bbd247f85337cdad3189249b356cOpen Journal Systems version 2.3.6 suffers from file manipulation, cross site scripting, and shell upload vulnerabilities.
a2b8486d53d6b0c5366d35c44573a65b
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed