Lucene search
K

4773 matches found

0day.today
0day.today
added 2014/10/14 12:0 a.m.234 views

DNS Reverse Lookup Shellshock Exploit

DNS reverse lookups can be used as a vector of attack for the bash shellshock vulnerability. DNS Reverse Lookup as a vector for the Bash vulnerability CVE-2014-6271 et.al. CVE-2014-3671 references: CVE-2014-6271, CVE-2014-7169, CVE-2014-6277, CVE-2014-6278 CVE-2014-7186 and, CVE-2014-7187 Summary...

10CVSS0.1AI score0.99999EPSS
Exploits157
Packet Storm
Packet Storm
added 2014/10/13 12:0 a.m.70 views

DNS Reverse Lookup Shellshock

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Security Advisory DNS Reverse Lookup as a vector for the Bash vulnerability CVE-2014-6271 et.al. CVE-2014-3671 references: CVE-2014-6271, CVE-2014-7169, CVE-2014-6277, CVE-2014-6278 CVE-2014-7186 and, CVE-2014-7187 Summary: Above CVEs detail a number ...

10CVSS0.99999EPSS
Exploits157
Tenable Nessus
Tenable Nessus
added 2014/10/12 12:0 a.m.82 views

Amazon Linux AMI : bash (ALAS-2014-418) (Shellshock)

This ALAS is superceded by ALAS-2014-419. A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote...

10CVSS8.5AI score0.99999EPSS
Exploits130References3
Tenable Nessus
Tenable Nessus
added 2014/10/12 12:0 a.m.50 views

Amazon Linux AMI : bash (ALAS-2014-419)

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the...

10CVSS8.4AI score0.99999EPSS
Exploits141References6
seebug.org
seebug.org
added 2014/10/10 12:0 a.m.49 views

Pure-FTPd External Authentication Bash Environment Variable Code Injection

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Ftp include...

7.1AI score0.99999EPSS
Exploits130
Tenable Nessus
Tenable Nessus
added 2014/10/10 12:0 a.m.60 views

openSUSE Security Update : bash (openSUSE-SU-2014:1254-1) (deprecated)

This patch was withdrawn by the openSUSE team, as the software was fixed prior to release. No replacement patches/plugins exist. bash was updated to fix command injection via environment variables. CVE-2014-6271,CVE-2014-7169 Also a hardening patch was applied that only imports functions over...

0.4AI score0.99999EPSS
Exploits141References7
Tenable Nessus
Tenable Nessus
added 2014/10/10 12:0 a.m.159 views

F5 Networks BIG-IP : Multiple GNU Bash vulnerabilities (SOL15629) (Shellshock)

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and modcg...

10CVSS8.2AI score0.99999EPSS
Exploits157References12
OSV
OSV
added 2014/10/09 12:48 p.m.2 views

USN-2380-1 bash vulnerabilities

Michal Zalewski discovered that Bash incorrectly handled parsing certain function definitions. If an attacker were able to create an environment variable containing a function definition with a very specific name, these issues could possibly be used to bypass certain environment restrictions and...

10CVSS7.2AI score0.99621EPSS
Exploits36References3
ThreatPost
ThreatPost
added 2014/10/09 12:36 p.m.11 views

Shellshock Exploits Spreading Mayhem Botnet Malware

The Mayhem malware piqued researchers’ interest earlier this summer after a published report from researchers at Russian search engine Yandex shed light on its ability to target Linux and UNIX machines and run under restricted privileges. Generally, web servers are well guarded against remote...

0.3AI score
Exploits0References4
OpenVAS
OpenVAS
added 2014/10/08 12:0 a.m.59 views

GNU Bash Environment Variable Handling RCE Vulnerability (Shellshock, Linux/Unix SSH Login, CVE-2014-6277) - Active Check

GNU Bash is prone to a remote command execution RCE vulnerability dubbed Copyright C 2014 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fre...

10CVSS9.9AI score0.99999EPSS
Exploits141References9
ThreatPost
ThreatPost
added 2014/10/06 8:19 a.m.16 views

Shellshock-like Vulnerability May Affect Windows

In the early hours of the Shellshock vulnerability in Bash, the running joke was that Windows administrators could sit back with a box of popcorn and a beverage and watch the Linux and UNIX admins scramble about for once. Looks like those same Windows admins may soon be dragged into the fray. As...

0.6AI score
Exploits0References4
myhack58
myhack58
added 2014/10/03 12:0 a.m.11 views

Bash through special environment variables code injection attack-vulnerability warning-the black bar safety net

Bash or Bourne again shell, is a UNIX-like shell script, might be any Linux system is the most common mounting Assembly. From 1 9 8 0 year of birth to now, bash has evolved from a simple terminal based command interpreter evolved to many other fancy uses. In Linux, the environment variables...

0.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2014/10/02 6:40 p.m.11 views

bash: specially-crafted environment variables can be used to inject shell commands

A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment...

10CVSS7.5AI score0.99999EPSS
Exploits130References8
Packet Storm
Packet Storm
added 2014/10/02 12:0 a.m.100 views

Pure-FTPd External Authentication Bash Environment Variable Code Injection

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Pure-FTPd External Authentication Bash Environment Variable Code Injection', 'Description' = %q This module exploits the code injecti...

10CVSS1AI score0.99999EPSS
Exploits130
OpenVAS
OpenVAS
added 2014/10/01 12:0 a.m.236 views

GNU Bash Environment Variable Handling RCE Vulnerability (Shellshock, Linux/Unix SSH Login, CVE-2014-6278) - Active Check

GNU Bash is prone to a remote command execution RCE vulnerability dubbed SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gnu:bash...

10CVSS8.3AI score0.99999EPSS
Exploits147References11
OpenVAS
OpenVAS
added 2014/10/01 12:0 a.m.69 views

CentOS Update for bash CESA-2014:1306 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS8.7AI score0.99999EPSS
Exploits139References5
OpenVAS
OpenVAS
added 2014/10/01 12:0 a.m.39 views

openSUSE: Security Advisory for bash (openSUSE-SU-2014:1242-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7.5AI score0.99999EPSS
Exploits141References3
OSV
OSV
added 2014/09/30 10:55 a.m.12 views

CVE-2014-6278

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and...

10CVSS9.7AI score0.99621EPSS
Exploits31References110
Cvelist
Cvelist
added 2014/09/30 10:0 a.m.47 views

CVE-2014-6278

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and...

8.4AI score0.99621EPSS
Exploits31References110
CVE
CVE
added 2014/09/30 10:0 a.m.441 views

CVE-2014-6278

CVE-2014-6278 affects GNU Bash up to 4.3 bash43-026, where parsing of function definitions inside environment variable values is flawed, enabling remote arbitrary command execution across privilege boundaries. Documented vectors include ForceCommand in OpenSSH sshd, mod_cgi/mod_cgid in Apache, an...

10CVSS9.9AI score0.99621EPSS
In wildExploits31References111Affected Software1
Rows per page
Query Builder