Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 08:01:39 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1183577882&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Shell%20Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Ffiles%2Ftags%2Fshell%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1183577882.1338192099.1338192099.1338192099.1%3B%2B__utmz%3D32867617.1338192099.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/113048/dynpage-xsrfshell.txt http://packetstormsecurity.org/files/113048/dynpage-xsrfshell.txt http://packetstormsecurity.org/files/113048/DynPage-1.0-Cross-Site-Request-Forgery-Shell-Upload.html Fri, 25 May 2012 19:11:11 GMT DynPage version 1.0 suffers from cross site request forgery and shell upload vulnerabilities. http://packetstormsecurity.org/files/112936/acuitycms-shell.txt http://packetstormsecurity.org/files/112936/acuitycms-shell.txt http://packetstormsecurity.org/files/112936/Acuity-CMS-2.6.x-Shell-Upload.html Sun, 20 May 2012 19:22:22 GMT Acuity CMS version 2.6.x suffers from a shell upload vulnerability. http://packetstormsecurity.org/files/112935/concretecms-shelldos.txt http://packetstormsecurity.org/files/112935/concretecms-shelldos.txt http://packetstormsecurity.org/files/112935/Concrete-CMS-5.5-Shell-Upload-Denial-Of-Service.html Sun, 20 May 2012 15:22:11 GMT Concrete CMS version 5.5 suffers from shell upload and denial of service vulnerabilities. http://packetstormsecurity.org/files/112925/cmsahmebaprofessional-shell.txt http://packetstormsecurity.org/files/112925/cmsahmebaprofessional-shell.txt http://packetstormsecurity.org/files/112925/CMS-AhMeBa-Professional-Shell-Upload.html Sun, 20 May 2012 13:22:22 GMT CMS-AhMeBa Professional suffers from a shell upload vulnerability. http://packetstormsecurity.org/files/112654/VL-530.txt http://packetstormsecurity.org/files/112654/VL-530.txt http://packetstormsecurity.org/files/112654/Travelon-Express-CMS-6.2.2-XSS-Shell-Upload-SQL-Injection.html Sun, 13 May 2012 06:02:40 GMT Travelon Express CMS version 6.2.2 suffers from cross site scripting, shell upload, and remote SQL injection vulnerabilities. http://packetstormsecurity.org/files/112496/efront-shellxss.txt http://packetstormsecurity.org/files/112496/efront-shellxss.txt http://packetstormsecurity.org/files/112496/Efront-3.6.11-Cross-Site-Scripting-Shell-Upload.html Mon, 07 May 2012 19:57:17 GMT Efront version 3.6.11 suffers from cross site scripting and shell upload vulnerabilities. http://packetstormsecurity.org/files/112491/NetcatPHPShell-1.10.zip http://packetstormsecurity.org/files/112491/NetcatPHPShell-1.10.zip http://packetstormsecurity.org/files/112491/NetcatPHPShell-1.10.html Mon, 07 May 2012 19:49:06 GMT NetcatPHPShell is a PHP backdoor that can be leveraged to launch a connect-back shell. http://packetstormsecurity.org/files/112477/php_cgi_arg_injection.rb.txt http://packetstormsecurity.org/files/112477/php_cgi_arg_injection.rb.txt http://packetstormsecurity.org/files/112477/PHP-CGI-Argument-Injection.html Sun, 06 May 2012 01:32:17 GMT When run as a CGI, PHP up to version 5.3.12 and 5.4.2 is vulnerable to an argument injection vulnerability. This Metasploit module takes advantage of the -d flag to set php.ini directives to achieve code execution. From the advisory: "if there is NO unescaped '=' in the query string, the string is split on '+' (encoded space) characters, urldecoded, passed to a function that escapes shell metacharacters (the "encoded in a system-defined manner" from the RFC) and then passes them to the CGI binary." http://packetstormsecurity.org/files/112443/mcafee_mvt_exec.rb.txt http://packetstormsecurity.org/files/112443/mcafee_mvt_exec.rb.txt http://packetstormsecurity.org/files/112443/McAfee-Virtual-Technician-MVTControl-6.3.0.1911-GetObject-Vulnerability.html Thu, 03 May 2012 22:45:26 GMT This Metasploit modules exploits a vulnerability found in McAfee Virtual Technician's MVTControl. This ActiveX control can be abused by using the GetObject() function to load additional unsafe classes such as WScript.Shell, therefore allowing remote code execution under the context of the user. http://packetstormsecurity.org/files/112335/rkhunter-1.4.0.tar.gz http://packetstormsecurity.org/files/112335/rkhunter-1.4.0.tar.gz http://packetstormsecurity.org/files/112335/Rootkit-Hunter-1.4.0.html Tue, 01 May 2012 21:24:57 GMT Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix variety except Solaris and NetBSD. http://packetstormsecurity.org/files/112387/whmcs-google-scan.sh.txt http://packetstormsecurity.org/files/112387/whmcs-google-scan.sh.txt http://packetstormsecurity.org/files/112387/WHMCS-Scanning-Tool.html Tue, 01 May 2012 12:12:12 GMT WHMCS scanning tool that uses Google to find systems that are possible vulnerable to shell upload. http://packetstormsecurity.org/files/112318/VL-522.txt http://packetstormsecurity.org/files/112318/VL-522.txt http://packetstormsecurity.org/files/112318/Opial-CMS-2.0-XSS-SQL-Injection-Shell-Upload.html Sun, 29 Apr 2012 16:22:22 GMT Opial CMS version 2.0 suffers from cross site scripting, shell upload, and remote SQL injection vulnerabilities. http://packetstormsecurity.org/files/112226/VL-502.txt http://packetstormsecurity.org/files/112226/VL-502.txt http://packetstormsecurity.org/files/112226/Car-Portal-CMS-3.0-CSRF-XSS-Shell-Upload.html Thu, 26 Apr 2012 22:38:05 GMT Car Portal CMS version 3.0 suffers from cross site request forgery, cross site scripting, and shell upload vulnerabilities. http://packetstormsecurity.org/files/112175/wporganizer-xssxsrfshell.txt http://packetstormsecurity.org/files/112175/wporganizer-xssxsrfshell.txt http://packetstormsecurity.org/files/112175/WordPress-Organizer-1.2.1-XSS-CSRF-Shell-Upload.html Wed, 25 Apr 2012 18:53:32 GMT WordPress Organizer version 1.2.1 suffers from cross site request forgery, cross site scripting, and shell upload vulnerabilities. http://packetstormsecurity.org/files/112115/AST-2012-004.txt http://packetstormsecurity.org/files/112115/AST-2012-004.txt http://packetstormsecurity.org/files/112115/Asterisk-Project-Security-Advisory-AST-2012-004.html Mon, 23 Apr 2012 23:04:37 GMT Asterisk Project Security Advisory - A user of the Asterisk Manager Interface can bypass a security check and execute shell commands when they lack permission to do so. Under normal conditions, a user should only be able to run shell commands if that user has System class authorization. Users could bypass this restriction by using the MixMonitor application with the originate action or by using either the GetVar or Status manager actions in combination with the SHELL and EVAL functions. The patch adds checks in each affected action to verify if a user has System class authorization. If the user does not have those authorizations, Asterisk rejects the action if it detects the use of any functions or applications that run system commands. http://packetstormsecurity.org/files/112104/HITB-Ezine-Issue-008.pdf http://packetstormsecurity.org/files/112104/HITB-Ezine-Issue-008.pdf http://packetstormsecurity.org/files/112104/HITB-Magazine-Volume-1-Issue-8.html Mon, 23 Apr 2012 20:37:05 GMT HITB Magazine Volume 1 Issue 8 - Topics include Online Security At The Crossroads, Reverse Shell Traffic Obfuscation, and more. http://packetstormsecurity.org/files/112009/adobe_flashplayer_aslaunch.rb.txt http://packetstormsecurity.org/files/112009/adobe_flashplayer_aslaunch.rb.txt http://packetstormsecurity.org/files/112009/Adobe-Flash-Player-ActionScript-Launch-Command-Execution.html Fri, 20 Apr 2012 05:57:41 GMT This Metasploit module exploits a vulnerability in Adobe Flash Player for Linux, version 10.0.12.36 and 9.0.151.0 and prior. An input validation vulnerability allows command execution when the browser loads a SWF file which contains shell metacharacters in the arguments to the ActionScript launch method. The victim must have Adobe AIR installed for the exploit to work. This Metasploit module was tested against version 10.0.12.36 (10r12_36). http://packetstormsecurity.org/files/111754/koprana-shell.txt http://packetstormsecurity.org/files/111754/koprana-shell.txt http://packetstormsecurity.org/files/111754/Koprana-CMS-Shell-Upload.html Wed, 11 Apr 2012 15:10:59 GMT Koprana CMS remote shell upload exploit written in PHP. http://packetstormsecurity.org/files/111752/wicd-escalate.txt http://packetstormsecurity.org/files/111752/wicd-escalate.txt http://packetstormsecurity.org/files/111752/wicd-Privilege-Escalation.html Wed, 11 Apr 2012 15:04:27 GMT wicd suffers from a privilege escalation vulnerability. Exploit that spawns a root shell and a patch are included. http://packetstormsecurity.org/files/111650/wcms-disclosexssxsrf.txt http://packetstormsecurity.org/files/111650/wcms-disclosexssxsrf.txt http://packetstormsecurity.org/files/111650/w-CMS-2.0.1-CSRF-XSS-File-Disclosure-Shell-Upload.html Sat, 07 Apr 2012 01:07:44 GMT w-CMS version 2.0.1 suffers from cross site request forgery, cross site scripting, file disclosure and shell upload vulnerabilities. http://packetstormsecurity.org/files/111359/getsimple-shell.txt http://packetstormsecurity.org/files/111359/getsimple-shell.txt http://packetstormsecurity.org/files/111359/GetSimple-3.1-Shell-Upload-Disclosure.html Fri, 30 Mar 2012 00:02:43 GMT GetSimple version 3.1 suffers from backup download and shell upload vulnerabilities. http://packetstormsecurity.org/files/111358/havalite-shelldisclosesql.txt http://packetstormsecurity.org/files/111358/havalite-shelldisclosesql.txt http://packetstormsecurity.org/files/111358/Havalite-CMS-Shell-Upload-SQL-Injection-Disclosure.html Fri, 30 Mar 2012 00:01:34 GMT Havalite CMS suffers from database disclosure, shell upload, and remote SQL injection vulnerabilities. http://packetstormsecurity.org/files/111330/cisco-sa-20120328-ssh.txt http://packetstormsecurity.org/files/111330/cisco-sa-20120328-ssh.txt http://packetstormsecurity.org/files/111330/Cisco-Security-Advisory-20120328-ssh.html Thu, 29 Mar 2012 05:01:15 GMT Cisco Security Advisory - The Secure Shell (SSH) server implementation in Cisco IOS Software and Cisco IOS XE Software contains a denial of service (DoS) vulnerability in the SSH version 2 (SSHv2) feature. An unauthenticated, remote attacker could exploit this vulnerability by attempting a reverse SSH login with a crafted username. Successful exploitation of this vulnerability could allow an attacker to create a DoS condition by causing the device to reload. Repeated exploits could create a sustained DoS condition. The SSH server in Cisco IOS Software and Cisco IOS XE Software is an optional service, but its use is highly recommended as a security best practice for the management of Cisco IOS devices. Devices that are not configured to accept SSHv2 connections are not affected by this vulnerability. Cisco has released free software updates that address this vulnerability. http://packetstormsecurity.org/files/111275/webportal-shell.txt http://packetstormsecurity.org/files/111275/webportal-shell.txt http://packetstormsecurity.org/files/111275/WebPortal-CMS-Beta-Arbitrary-File-Upload.html Thu, 29 Mar 2012 02:39:12 GMT WebPortal CMS Beta suffers from a shell upload vulnerability. http://packetstormsecurity.org/files/111073/ojs-shellxss.txt http://packetstormsecurity.org/files/111073/ojs-shellxss.txt http://packetstormsecurity.org/files/111073/Open-Journal-Systems-2.3.6-XSS-File-Manipulation-Shell-Upload.html Thu, 22 Mar 2012 03:48:36 GMT Open Journal Systems version 2.3.6 suffers from file manipulation, cross site scripting, and shell upload vulnerabilities.