80 matches found
VulnCheck KEV: CVE-2019-12725
Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters...
ZeroShell kerbynet remote command execution
Added: 05/24/2021 Background Zeroshell is a Linux distribution designed for router and firewall appliances which can be administered from a web interface. Zeroshell is no longer supported. Problem A command injection vulnerability allows unauthenticated attackers to execute arbitrary commands by...
ZeroShell kerbynet remote command execution
Added: 05/24/2021 Background Zeroshell is a Linux distribution designed for router and firewall appliances which can be administered from a web interface. Zeroshell is no longer supported. Problem A command injection vulnerability allows unauthenticated attackers to execute arbitrary commands by...
ZeroShell kerbynet remote command execution
Added: 05/24/2021 Background Zeroshell is a Linux distribution designed for router and firewall appliances which can be administered from a web interface. Zeroshell is no longer supported. Problem A command injection vulnerability allows unauthenticated attackers to execute arbitrary commands by...
ZeroShell 3.9.0 - Remote Command Execution
Exploit Title: ZeroShell 3.9.0 - Remote Command Execution Date: 10/05/2021 Exploit Author: Fellipe Oliveira Vendor Homepage: https://zeroshell.org/ Software Link: https://zeroshell.org/download/ Version: 3.9.0 Tested on: ZeroShell 3.9.0 CVE : CVE-2019-12725 !/usr/bin/python3 import requests impor...
ZeroShell 3.9.0 Remote Command Execution
Exploit Title: ZeroShell 3.9.0 - Remote Command Execution Google Dork: N/A Date: 10/05/2021 Exploit Author: Fellipe Oliveira Vendor Homepage: https://zeroshell.org/ Software Link: https://zeroshell.org/download/ Version: 3.9.0 Tested on: ZeroShell 3.9.0 CVE : CVE-2019-12725 !/usr/bin/python3 impo...
ZeroShell 3.9.0 - Remote Command Execution Exploit
Exploit Title: ZeroShell 3.9.0 - Remote Command Execution Exploit Author: Fellipe Oliveira Vendor Homepage: https://zeroshell.org/ Software Link: https://zeroshell.org/download/ Version: 3.9.0 Tested on: ZeroShell 3.9.0 CVE : CVE-2019-12725 !/usr/bin/python3 import requests import optparse import...
Exploit for OS Command Injection in Zeroshell
CVE-2019-12725 CVE-2019-12725: ZeroS...
Zeroshell type Parameter Command Execution (CVE-2009-0545)
ZeroShell is a small Linux distribution for servers and embedded devices. A vulnerability exists in Zeroshell that could be exploited by remote attackers to compromise a vulnerable system. The vulnerability is due to an input validation error in the "cgi-bin/kerbynet" script that does not validat...
Zeroshell Remote Code Execution (CVE-2020-29390)
A remote code execution vulnerability exists in Zeroshell. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Zeroshell command injection vulnerability
Zeroshell is a small open source Linux distribution for servers and embedded systems designed to provide web services. a command injection vulnerability exists in the /cgi-bin/kerbynet StartSessionSubmit parameter in Zeroshell 3.9.3. An attacker could execute system commands via shell...
CVE-2020-29390
Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character...
CVE-2020-29390
Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character...
Command injection
Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character...
CVE-2020-29390
Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character...
CVE-2020-29390
CVE-2020-29390 affects Zeroshell 3.9.3 and earlier. A command-injection vulnerability exists in the /cgi-bin/kerbynet StartSessionSubmit parameter that can allow an unauthenticated attacker to execute arbitrary OS commands by providing shell metacharacters and the %0a sequence. Impact is describe...
Zeroshell 操作系统命令注入漏洞
Zeroshell is a small open source Linux distribution for servers and embedded systems designed to provide web services. a command injection vulnerability exists in the /cgi-bin/kerbynet StartSessionSubmit parameter in Zeroshell 3.9.3. An attacker could execute system commands via shell...
PT-2020-17155 · Zeroshell · Zeroshell
Name of the Vulnerable Software and Affected Versions: Zeroshell version 3.9.3 Description: The issue allows an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character in the /cgi-bin/kerbynet API endpoint, specifically through the StartSessionSubm...
ZeroShell 3.9.0 Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zeroshell 3.9.0 Remote Command Execution', 'Description' = %q This module exploits an unauthenticated command injection vulnerability found in...
ZeroShell 3.9.0 - 'cgi-bin/kerbynet' Remote Root Command Injection (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zeroshell 3.9.0 Remote Command Execution', 'Description' = %q This module exploits an unauthenticated command injection vulnerability found in...