Recent Shell Command Execution vulnerabilities
Latest information about System Access vulnerabilities
22.02.2012 03:51 sebug sebug.netSSV-ID:30139Wordpress SB Uploader Plugin Shell Upload Vulnerability details >>
21.02.2012 19:51 WordPress SB Uploader Shell Upload: WordPress SB Uploader suffers from a shell upload vulnerability. details >>
20.02.2012 07:39 Apple Mac OS X AppleScript ARDAgent Shell Local Privilege Escalation Vulnerability details >>
16.02.2012 07:51 rapid7 : Getting a shell with metasploit without a vulnerability: Hi i am using metasploit on backtrack5im in t...
16.02.2012 06:57 Getting a shell with metasploit without a vulnerability: Hi i am using metasploit on backtrack5im in the middle...
10.02.2012 10:57 InfoSec - Security-Shell: Google Expands the Scope of Its Vulnerability Reward Programs to Cover Chromium OS - details >>
08.02.2012 02:23 LinkIconShim . (Freeware): A shell extension fixing CVE-2010-2568 link file vulnerability.
07.02.2012 14:38 LinkIconShim (MIT License): A shell extension fixing CVE-2010-2568 link file vulnerability details >>
04.02.2012 21:45 Ajax File Manager ~ Shell and Files Upload Vulnerability -
04.02.2012 10:48 Ajax File Manager ~ Shell and Files Upload Vulnerability -
30.01.2012 16:39 sudo give me a root shell. Ironic format string vulnerability in sudo 1.8.0 through 1.8.3p1 inclusive. details >>
30.01.2012 07:45 sudo give me a root shell. Ironic format string vulnerability in sudo 1.8.0 through 1.8.3p1 inclusive. details >>
30.01.2012 06:38 Vuln: Gitorious 'git_shell.rb' Remote Command Execution Vulnerability details >>
30.01.2012 06:38 New shell & Deface Upload Vulnerability at .
30.01.2012 06:38 "File thingie" ~ Deface & Shell Upload vulnerability at details >>.
30.01.2012 06:38 "Portail Dokeos" deface and Shell Upload vulnerability at details >>.
29.01.2012 23:59 Vuln: Gitorious 'git_shell.rb' Remote Command Execution Vulnerability details >>
29.01.2012 18:39 New shell & Deface Upload Vulnerability at details >>.
29.01.2012 18:39 "File thingie" ~ Deface & Shell Upload vulnerability at details >>.
29.01.2012 18:39 "Portail Dokeos" deface and Shell Upload vulnerability at details >>.
System Access vulnerabilities Archive 2011
Here is short summary of recent Shell Command Execution vulnerabilities discovered by eVuln team. Full list with details is available on the eVuln Security Advisories page.
Multiple flaws in Leif M. Wright Blog.
Description.
All "txt" files isn't protected by htaccess(or any other ways) in default installiation. This can be used to retrieve administrator's password from config file.
"blog.cgi" script dont make password comparisson when identifying administrator by cookie.
Administrator has an ability to edit blog configuration including full path to sendmail program. This can be used to execute arbitrary shell commands.
System access is possible.
Environment variables HTTP_REFERER and HTTP_USER_AGENT are not properly sanitized. This can be used to post HTTP query with fake Referer or User-Agent values which may contain arbitrary html or script code. This code will be executed when administrator will open "Log" page.
Exploit.
Url example:
http://[host]/cgi-bin/blog/blogconfig.txt
Cookie: blogAdmin=true
Sendmail: /bin/ls
GET /cgi-bin/blog/blog.cgi HTTP/1.0
Host: [host]
Referer: [XSS]
User-Agent: [XSS]
Content-Type: application/x-www-form-urlencoded
Content-Length: 93
file=15-13.59.39.txt&year=2006&month=February&name=zz&comment=zzz&submit=Enter%20my%20comment
Solution
Solution is not available.
Other details >>Guestex Shell Command Execution Vulnerability.
Description.
Vulnerable Script: guestex.pl
Variable $form{'email'} isn't properly sanitized. This can be used to execute arbitrary shell commands.
System access is possible.
Exploit.
When adding new record:
email: some@email.com;[command]
Solution
Solution is not available.
Other details >>Arbitrary Shell Command Execution in MyQuiz.
Description.
Vulnerable Script: myquiz.pl
Variable $ENV{'PATH_INFO'} isn't properly sanitized. This can be used to execute arbitrary commands.
System access is possible.
Exploit.
Url Example:
http://host/cgi-bin/myquiz.pl/ask/;command|
Solution.
Vendor-provided solution is available now.
New version of script can be downloaded here:
http://www.corantodemo.net/coranto/viewnews.cgi?id=EpApAAAVkyirPGThSf&style=dldetails
Other details >>