ZeroShell <= 1.0beta11 Remote Code Execution

ZeroShell 1.0beta11 and earlier via cgi-bin/kerbynet allows remote attackers to execute arbitrary commands through shell metacharacters in the type parameter in a NoAuthREQ x509List action. id: CVE-2009-0545 info: name: ZeroShell = 1.0beta11 Remote Code Execution author: geeknik severity: critica...

CVE-2021-41738

ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerbynet IP parameter, which may allow an authenticated attacker to execute system commands...

CVE-2021-41738

ZeroShell 3.9.5 is affected by a command injection in the /cgi-bin/kerbynet endpoint (IP parameter). An authenticated attacker could execute system commands through this parameter. Affected product/version: ZeroShell 3.9.5. Root cause: command injection via the IP parameter in kerbynet. Impact: p...

Zeroshell 操作系统命令注入漏洞

Zeroshell is a Linux distribution for servers and embedded systems. Zeroshell version 3.9.5 suffers from an operating system command injection vulnerability that stems from a command injection issue in the /cgi-bin/kerbynet IP parameter. An authenticated attacker can use this vulnerability to...

PT-2022-11471 · Zeroshell · Zeroshell

Name of the Vulnerable Software and Affected Versions: ZeroShell version 3.9.5 Description: The issue is a command injection vulnerability in the "/cgi-bin/kerbynet" API endpoint, specifically in the IP parameter. This may allow an authenticated attacker to execute system commands. Recommendation...

ZeroShell kerbynet remote command execution

Added: 05/24/2021 Background Zeroshell is a Linux distribution designed for router and firewall appliances which can be administered from a web interface. Zeroshell is no longer supported. Problem A command injection vulnerability allows unauthenticated attackers to execute arbitrary commands by...

CVE-2020-29390

Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character...

Zeroshell 操作系统命令注入漏洞

Zeroshell is a small open source Linux distribution for servers and embedded systems designed to provide web services. a command injection vulnerability exists in the /cgi-bin/kerbynet StartSessionSubmit parameter in Zeroshell 3.9.3. An attacker could execute system commands via shell...

ZeroShell 3.9.0 - &#039;cgi-bin/kerbynet&#039; Remote Root Command Injection (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zeroshell 3.9.0 Remote Command Execution', 'Description' = %q This module exploits an unauthenticated command injection vulnerability found in...

Zeroshell 3.6.03.7.0 Net Services - Remote Code Execution

Zeroshell 3.6.03.7.0 Net Services - Remote Code Execution Exploit Title: Zeroshell - Net Services Unauthenticated Remote Code Execution | RCE Date: 13.01.2017 Exploit Author: Ozer Goker Vendor Homepage: http://www.zeroshell.org Software Link: www.zeroshell.org/download/ Version: 3.6.0 & 3.7.0...

ZeroShell 'cgi-bin/kerbynet' - Local File Disclosure Vulnerability

No description provided by source. Introduction to the PoC : ====================================================================== In this distribution, the managment website is a binary file named kerbynet interpreted in cgi-bin directory here : /cdrom/usr/local/apache2/cgi-bin/kerbynet So all...

ZeroShell cgi-binkerbynet - Local File Disclosure

ZeroShell cgi-binkerbynet - Local File Disclosure Introduction to the PoC : ====================================================================== In this distribution, the managment website is a binary file named "kerbynet" interpreted in cgi-bin directory here :...

ZeroShell Remote Code Execution

This module exploits a vulnerability found in ZeroShell 2.0 RC2 and lower. It will leverage an unauthenticated local file inclusion vulnerability in the "/cgi-bin/kerbynet" url. The file retrieved is "/var/register/system/ldap/rootpw". This file contains the admin password in cleartext. The...

ZeroShell 2.0RC2 File Disclosure / Command Execution

Exploit Title: ZeroShell = 2.0RC2 Local file disclosure and Remote Command Execution Date: 13/08/2013 Author: Yann CAM @ Synetis - ASafety Vendor or Software Link: www.zeroshell.org - www.zeroshell.org/download/ Version: 2.0RC2 Category: Local File disclosure and Remote Command Execution Google...

CVE-2009-0545

cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action...