13 matches found
CVE-2019-12725
Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters...
FreakOut Botnet Turns DVRs Into Monero Cryptominers
Threat group FreakOut’s Necro botnet has developed a new trick: infecting Visual Tools DVRs with a Monero miner. Juniper Threat Labs researchers have issued a report detailing new activities from FreakOut, also known as Necro Python and Python.IRCBot. In late September, the team noticed that the...
Exploit for OS Command Injection in Zeroshell
POC CVE-2019-12725-Remote-Command-Execution ZeroShell 3.9.0 R...
VulnCheck KEV: CVE-2019-12725
Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters...
ZeroShell 3.9.0 Remote Command Execution
Exploit Title: ZeroShell 3.9.0 - Remote Command Execution Google Dork: N/A Date: 10/05/2021 Exploit Author: Fellipe Oliveira Vendor Homepage: https://zeroshell.org/ Software Link: https://zeroshell.org/download/ Version: 3.9.0 Tested on: ZeroShell 3.9.0 CVE : CVE-2019-12725 !/usr/bin/python3 impo...
ZeroShell 3.9.0 - Remote Command Execution Exploit
Exploit Title: ZeroShell 3.9.0 - Remote Command Execution Exploit Author: Fellipe Oliveira Vendor Homepage: https://zeroshell.org/ Software Link: https://zeroshell.org/download/ Version: 3.9.0 Tested on: ZeroShell 3.9.0 CVE : CVE-2019-12725 !/usr/bin/python3 import requests import optparse import...
ZeroShell 3.9.0 - Remote Command Execution
Exploit Title: ZeroShell 3.9.0 - Remote Command Execution Date: 10/05/2021 Exploit Author: Fellipe Oliveira Vendor Homepage: https://zeroshell.org/ Software Link: https://zeroshell.org/download/ Version: 3.9.0 Tested on: ZeroShell 3.9.0 CVE : CVE-2019-12725 !/usr/bin/python3 import requests impor...
ZeroShell 3.9.0 Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zeroshell 3.9.0 Remote Command Execution', 'Description' = %q This module exploits an unauthenticated command injection vulnerability found in...
ZeroShell 3.9.0 - (cgi-bin/kerbynet) Remote Root Command Injection Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zeroshell 3.9.0 Remote Command Execution', 'Description' = %q This module exploits an unauthenticated command injection vulnerability found in...
ZeroShell 3.9.0 - 'cgi-bin/kerbynet' Remote Root Command Injection (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zeroshell 3.9.0 Remote Command Execution', 'Description' = %q This module exploits an unauthenticated command injection vulnerability found in...
Zeroshell Remote Code Execution (CVE-2019-12725)
A remote code execution vulnerability exists in Zeroshell. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
CVE-2019-12725
creationtimestamp| type| source ---|---|--- 2020-07-19 19:18:25+00:00| exploited| https://t.me/cKure/1360 2020-10-09 13:27:00+00:00| seen| MISP/99de2314-4625-4a10-aed6-a4b78fc7c6a8 2020-11-24 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/49096 2021-05-13 09:27:48+00:00| seen|...
CVE-2019-12725
Zeroshell 3.9.0 is affected by a remote command execution vulnerability in the web application, caused by mishandling of HTTP parameters, allowing unauthenticated attackers to inject and execute arbitrary OS commands. The issue primarily affects the web interface (e.g., the vulnerable parameter h...