OS Command Exec, Unix Command Shell, Reverse TCP SSL (telnet)

Execute an OS command from PHP. Creates an interactive shell via mkfifo and telnet. This method works on Debian and other systems compiled without /dev/tcp support. This module uses the '-z' option included on some systems to encrypt using SSL. Module Options msf use...

OS Command Exec, Unix Command Shell, Reverse TCP (via Python)

Execute an OS command from PHP. Connect back and create a command shell via Python Module Options msf use payload/php/unix/cmd/reversepython msf payloadreversepython show actions ...actions... msf payloadreversepython set ACTION msf payloadreversepython show options ...show and set options... msf...

OS Command Exec, Unix Command Shell, Bind TCP (via R)

Execute an OS command from PHP. Continually listen for a connection and spawn a command shell via R Module Options msf use payload/php/unix/cmd/bindr msf payloadbindr show actions ...actions... msf payloadbindr set ACTION msf payloadbindr show options ...show and set options... msf payloadbindr r...

OS Command Exec, Unix Command Shell, Pingback Reverse TCP (via netcat)

Execute an OS command from PHP. Creates a socket, send a UUID, then exit Module Options msf use payload/php/unix/cmd/pingbackreverse msf payloadpingbackreverse show actions ...actions... msf payloadpingbackreverse set ACTION msf payloadpingbackreverse show options ...show and set options... msf...

PHP Exec, PHP Command Shell, Bind TCP (via perl) IPv6

Execute a PHP payload from a command. Listen for a connection and spawn a command shell via perl persistent over IPv6 Module Options msf use payload/cmd/unix/php/bindperlipv6 msf payloadbindperlipv6 show actions ...actions... msf payloadbindperlipv6 set ACTION msf payloadbindperlipv6 show options...

CVE-2022-47531

An issue was discovered in Ericsson Evolved Packet Gateway EPG versions 3.x before 3.25 and 2.x before 2.16, allows authenticated users to bypass system CLI and execute commands they are authorized to execute directly in the UNIX shell...

CVE-2022-36064

Shescape is a shell escape package for JavaScript. An Inefficient Regular Expression Complexity vulnerability impacts users that use Shescape to escape arguments for the Unix shells Bash and Dash, or any not-officially-supported Unix shell; and/or using the escape or escapeAll functions with the...

motionEye vulnerable to RCE in add_camera Function Due to unsafe command execution

Summary Using a constructed camera device path with the config/add/addcamera motionEye web API allows an attacker with motionEye admin user credentials to execute any UNIX shell code within a non-interactive shell as executing user of the motionEye instance, motion by default. function call stack...

From Ahead-of- to Just-in-Time and Back Again: Static Analysis for Unix Shell Programs

Shell programming is as prevalent as ever. It is also quite complex, due to the structure of shell programs, their use of opaque software components, and their complex interactions with the broader environment. As a result, even when exercising an abundance of care, shell developers discover...

CVE-2022-47531

An issue was discovered in Ericsson Evolved Packet Gateway EPG versions 3.x before 3.25 and 2.x before 2.16, allows authenticated users to bypass system CLI and execute commands they are authorized to execute directly in the UNIX shell...

CVE-2022-47531

An issue was discovered in Ericsson Evolved Packet Gateway EPG versions 3.x before 3.25 and 2.x before 2.16, allows authenticated users to bypass system CLI and execute commands they are authorized to execute directly in the UNIX shell...

CVE-2022-47531

An issue was discovered in Ericsson Evolved Packet Gateway EPG versions 3.x before 3.25 and 2.x before 2.16, allows authenticated users to bypass system CLI and execute commands they are authorized to execute directly in the UNIX shell...

CVE-2022-47531

Ericsson EPG (Ericsson Evolved Packet Gateway) is vulnerable to a CLI access control bypass that lets authenticated users run commands in the UNIX shell. Affected versions are 2.x before 2.16 and 3.x before 3.25. The issue arises from insufficient access controls on the CLI, enabling command exec...

CVE-2022-47531

An issue was discovered in Ericsson Evolved Packet Gateway EPG versions 3.x before 3.25 and 2.x before 2.16, allows authenticated users to bypass system CLI and execute commands they are authorized to execute directly in the UNIX shell...

OS Command Injection

Apache Spark is vulnerable to OS command injection. The authentication filter checks if a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter may allow someone to impersonate an arbitrary user name and execute a Unix shell command...

USN-5956-2: PHPMailer vulnerability

USN-5956-1 fixed vulnerabilities in PHPMailer. It was discovered that the fix for CVE-2017-11503 was incomplete. This update fixes the problem. Original advisory details: Dawid Golunski discovered that PHPMailer was not properly escaping user input data used as arguments to functions executed by...

K7147: Execution of UNIX shell commands from the URL in the Admin UI

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

Inefficient Regular Expression Complexity in shescape

Impact This impacts users that use shescape to escape arguments: - for the Unix shell Bash, or any not-officially-supported Unix shell; - using the escape or escapeAll functions with the interpolation option set to true. An attacker can cause polynomial backtracking in terms of the input string...

CVE-2022-36064

Shescape is a shell escape package for JavaScript. An Inefficient Regular Expression Complexity vulnerability impacts users that use Shescape to escape arguments for the Unix shells Bash and Dash, or any not-officially-supported Unix shell; and/or using the escape or escapeAll functions with the...

Code injection

Shescape is a shell escape package for JavaScript. An Inefficient Regular Expression Complexity vulnerability impacts users that use Shescape to escape arguments for the Unix shells Bash and Dash, or any not-officially-supported Unix shell; and/or using the escape or escapeAll functions with the...