This Metasploit module exploits command injection vulnerability in v-list-user-backups bash script file. Low privileged authenticated users can execute arbitrary commands under the context of the root user. An authenticated attacker with a low privileges can inject a payload in the file name starts with dot. During the user backup process, this file name will be evaluated by the v-user-backup bash scripts. As result of that backup process, when an attacker try to list existing backups injected payload will be executed.

Linux versions 5.3 and above appear to have an issue where io_uring suffers from insecure handling of the root directory for path lookups.

This Metasploit module exploits an authenticated command injection vulnerability in the v-list-user-backups bash script file in Vesta Control Panel to gain remote code execution as the root user.

This Metasploit module exploits a command injection vulnerability in the tdpServer daemon (/usr/bin/tdpServer), running on the router TP-Link Archer A7/C7 (AC1750), hardware version 5, MIPS Architecture, firmware version 190726. The vulnerability can only be exploited by an attacker on the LAN side of the router, but the attacker does not need any authentication to abuse it. After exploitation, an attacker will be able to execute any command as root, including downloading and executing a binary from another host. This vulnerability was discovered and exploited at Pwn2Own Tokyo 2019 by the Flashback team.

This Metasploit module exploits two vulnerabilities affecting Unraid 6.8.0. An authentication bypass is used to gain access to the administrative interface, and an insecure use of the extract PHP function can be abused for arbitrary code execution as root.

107 bytes small Linux/x86 shellcode that adds the user 'ctl' with the password 'ctl' to the /etc/passwd file with the UID and GID of 0 (root). This shellcode uses legacy passwd functionality. Therefore the /etc/shadow file does not need to be accessed or modified.

155 bytes small Linux/x86 shellcode that has a MMX stub decoder that dynamically decodes the payload in memory. The FPU GetPC technique is used to determine the offset from EIP dynamically in running memory. Once decoded. this shellcode adds the user 'ctl' with the password 'ctl' to the /etc/passwd file with the UID and GID of 0 (root). This shellcode uses legacy passwd functionality. Therefore the /etc/shadow file does not need to be accessed or modified.

TP-LINK Cloud Cameras including products NC260 and NC450 suffer from a command injection vulnerability. The issue is located in the httpSetEncryptKeyRpm method (handler for /setEncryptKey.fcgi) of the ipcamera binary, where the user-controlled EncryptKey parameter is used directly as part of a command line to be executed as root without any input sanitization.

This Metasploit module is an exploit that takes advantage of xglance-bin, part of HP's Glance (or Performance Monitoring) version 11 and subsequent, which was compiled with an insecure RPATH option. The RPATH includes a relative path to -L/lib64/ which can be controlled by a user. Creating libraries in this location will result in an escalation of privileges to root.

This Metasploit module exploits an authenticated OS command injection vulnerability found in Trixbox CE versions 1.2.0 through 2.8.0.4 inclusive in the network POST parameter of the /maint/modules/endpointcfg/endpoint_devicemap.php page. Successful exploitation allows for arbitrary command execution on the underlying operating system as the asterisk user. Users can easily elevate their privileges to the root user however by executing sudo nmap --interactive followed by !sh from within nmap.

This Metasploit module exploits a Java unmarshalling vulnerability via JSONWS in Liferay Portal versions prior to 6.2.5 GA6, 7.0.6 GA7, 7.1.3 GA4, and 7.2.1 GA2 to execute code as the Liferay user. Tested against 7.2.0 GA1.

This Metasploit module exploits a Java Expression Language (EL) injection in Nexus Repository Manager versions up to and including 3.21.1 to execute code as the Nexus user. Tested against 3.21.1-01.

WordPress WooCommerce Advanced Order Export plugin version 3.1.3 suffers from a cross site scripting vulnerability.

Gentoo Linux Security Advisory 202003-59 - Multiple vulnerabilities have been found in libvpx, the worst of which could result in the execution of arbitrary code. Versions less than 1.8.1 are affected.

Gentoo Linux Security Advisory 202003-60 - Multiple vulnerabilities have been found in QtCore, the worst of which could result in the execution of arbitrary code. Versions less than 5.13.2-r2 are affected.

Gentoo Linux Security Advisory 202003-61 - A vulnerability in Adobe Flash Player might allow remote attackers to execute arbitrary code. Versions less than 32.0.0.330 are affected.

Gentoo Linux Security Advisory 202003-62 - A buffer overflow in GNU Screen might allow remote attackers to corrupt memory. Versions less than 4.8.0 are affected.

Gentoo Linux Security Advisory 202003-63 - Multiple vulnerabilities have been found in GNU IDN Library 2, the worst of which could result in the remote execution of arbitrary code. Versions less than 2.2.0 are affected.

Gentoo Linux Security Advisory 202003-64 - Multiple vulnerabilities have been found in libxls, the worst of which could result in the arbitrary execution of code. Versions less than 1.5.2 are affected.

Gentoo Linux Security Advisory 202003-65 - Multiple vulnerabilities have been found in FFmpeg, the worst of which allows remote attackers to execute arbitrary code. Versions greater than or equal to 4 are affected.

Gentoo Linux Security Advisory 202003-66 - Multiple vulnerabilities have been found in QEMU, the worst of which could result in the arbitrary execution of code. Versions less than 4.2.0-r2 are affected.

Gentoo Linux Security Advisory 202004-1 - A vulnerability in HAProxy might lead to remote execution of arbitrary code. Versions less than 2.0.10 are affected.

Gentoo Linux Security Advisory 202004-2 - Multiple vulnerabilities have been found in VirtualBox, the worst of which could allow an attacker to take control of VirtualBox. Versions prior to 6.1.2 are affected.

Gentoo Linux Security Advisory 202004-3 - Multiple vulnerabilities have been found in GPL Ghostscript, the worst of which could result in the execution of arbitrary code. Versions prior to 9.28_rc4 are affected.

Gentoo Linux Security Advisory 202004-4 - A heap use-after-free flaw in Qt WebEngine at worst might allow an attacker to execute arbitrary code. Versions less than 5.14.1 are affected.

Gentoo Linux Security Advisory 202004-5 - Multiple vulnerabilities have been found in ledger, the worst of which could result in the arbitrary execution of code. Versions less than 3.1.2 are affected.

Gentoo Linux Security Advisory 202004-7 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. Versions less than 74.0.1 are affected.

Gentoo Linux Security Advisory 202004-8 - A vulnerability in libssh could allow a remote attacker to cause a Denial of Service condition. Versions less than 0.9.4 are affected.

Gentoo Linux Security Advisory 202004-9 - Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could allow remote attackers to execute arbitrary code. Versions less than 81.0.4044.92 are affected.

Gentoo Linux Security Advisory 202004-10 - Multiple vulnerabilities were found in OpenSSL, the worst of which could allow remote attackers to cause a Denial of Service condition. Versions less than 1.1.1g are affected.

Gentoo Linux Security Advisory 202004-11 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. Versions less than 68.7.0 are affected.

Gentoo Linux Security Advisory 202004-12 - Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could allow remote attackers to execute arbitrary code. Versions less than 81.0.4044.122 are affected.

Gentoo Linux Security Advisory 202004-13 - Multiple vulnerabilities have been found in Git which might all allow attackers to access sensitive information. Versions less than 2.26.2 are affected.

netkit-telnet version 0.17 telnetd on Fedora 31 BraveStarr remote code execution exploit.