ShellShock - Remote Code Execution

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and modcg...

Qnap QTS Bash OS Command Injection (CVE-2014-7169)

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the...

SUSE CVE-2014-6271

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and modcg...

SUSE CVE-2014-7169

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the...

NewStart CGSL MAIN 6.02 : bash Multiple Vulnerabilities (NS-SA-2021-0118)

The remote NewStart CGSL host, running version MAIN 6.02, has bash packages installed that are affected by multiple vulnerabilities: - GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remot...

Authentication flaw

An issue was discovered on the NEC Aterm WG2600HP2 1.0.2. The router has a set of web service APIs for access to and setup of the configuration. Some APIs don't require authentication. An attacker could exploit this vulnerability by sending a crafted HTTP request to retrieve DHCP clients, firmwar...

CVE-2017-12575

An issue was discovered on the NEC Aterm WG2600HP2 1.0.2. The router has a set of web service APIs for access to and setup of the configuration. Some APIs don't require authentication. An attacker could exploit this vulnerability by sending a crafted HTTP request to retrieve DHCP clients, firmwar...

Telesquare SKT LTE Router SDT-CS3B1 - Information Disclosure Vulnerability

Exploit for hardware platform in category web applications Telesquare SKT LTE Router SDT-CS3B1 Insecure Direct Object Reference Info Leak Vendor: Telesquare Co., Ltd. Product web page: http://www.telesquare.co.kr Affected version: FwVer: SDT-CS3B1, sw version 1.2.0 LteVer: ML300S5XEA41090 1 0.1.0...

The vulnerability of the Cisco Unified Communications Manager software allows a malicious individual to gain access to confidential information.

The GNU Bash command shell, as of version 4.3 bash43-025 and later, incorrectly handles lines that follow the declaration of a specially crafted function, which is exported as a variable. This allows a malicious actor to read and write arbitrary files, as well as perform other unconfirmed actions...

The vulnerability of Cisco Nexus 7000 software allows a malicious individual to execute arbitrary code.

The GNU Bash command shell, as of version 4.3 and later, incorrectly handles lines that follow the declaration of a function exported as a variable. This allows a malicious actor to execute arbitrary code by interfering with environment variables. Security researchers have confirmed that this...

The vulnerability of Cisco Nexus 1000V software allows a malicious individual to gain access to confidential information.

The GNU Bash command shell, as of version 4.3 bash43-025, incorrectly handles lines that follow the declaration of a specially crafted function, which is exported as a variable. This allows a malicious actor to read and write arbitrary files, as well as perform other unconfirmed actions. Security...

The vulnerability of Cisco IPS software allows a malicious actor to execute arbitrary code.

The GNU Bash command shell, as of version 4.3 and later, incorrectly handles lines that follow the declaration of a function exported as a variable. This allows a malicious actor to execute arbitrary code by manipulating environment variables. Security researchers have confirmed that this...

Oracle Solaris Third-Party Patch Update : bash (multiple_vulnerabilities_in_bash1) (Shellshock)

The remote Solaris system is missing necessary patches to address security updates : - GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as...

Oracle Solaris Third-Party Patch Update : bash (multiple_vulnerabilities_in_bash) (Shellshock)

The remote Solaris system is missing necessary patches to address security updates : - GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as...

Oracle third party patch update : bash_2014_10_07

The remote Solaris system is missing necessary patches to address critical security updates related to 'Shellshock' : - GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a...

F5 Networks BIG-IP : Multiple GNU Bash vulnerabilities (SOL15629) (Shellshock)

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and modcg...

Design/Logic Flaw

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and...

CVE-2014-6278

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and...

GNU Bash 4.3 Command Injection

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment. Any Bash 4.43 and prior Modified by JSacco - [email protected] Exploit Pack 2014 How to run:...

Design/Logic Flaw

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service uninitialized memory access, and untrusted-pointer read and write operations via a crafted...