Exploit for OS Command Injection in Gnu Bash

...

Apache Mod_cgi Bash Environment Variable Injection (Shellshock) Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache modcgi Bash Environment Variable Injection Shellshock Scanner', 'Description' = %q This module scans for the Shellshock vulnerability, a...

PT-2022-23112 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description: The issue occurs when mlir::tfg::ConvertGenericFunctionToFunctionDef is given...

OSV-2020-1485 Segv on unknown address in clang::Sema::ActOnStartOfFunctionDef

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19623 Crash type: Segv on unknown address Crash state: clang::Sema::ActOnStartOfFunctionDef clang::Parser::ParseFunctionDefinition clang::Parser::ParseDeclGroup...

[SECURITY] [DSA 3249-2] jqueryui security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3249-2 [email protected] http://www.debian.org/security/ Sebastien Delafond June 02, 2015 http://www.debian.org/security/faq -...

[SECURITY] [DSA 3249-2] jqueryui security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3249-2 [email protected] http://www.debian.org/security/ Sebastien Delafond June 02, 2015 http://www.debian.org/security/faq -...

From the parsing perspective analysis of the Shellshock Vulnerability[CVE-2 0 1 4-6 2 7 1]-vulnerability warning-the black bar safety net

Author: yaoxi Documentation This time, we combined The poc analysis to know about the Bash syntax rules, from another angle to help everyone better understand the bash and the shellshock vulnerability. Vulnerability description CVE-2 0 1 4-6 2 7 1 vulnerability is Stéphane Hassles France found th...

bash security update

3.0-27.0.3 - Rework env function definition for safety Florian Weimer CVE-2014-7169...

GNU Bash - Shellshock Environment Variable Command Injection

GNU Bash - Shellshock Environment Variable Command Injection Exploit Database Note: The following is an excerpt from: https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ Like “real” programming languages, Bash has functions, though in a...

CVE-2013-3735

The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does not properly determine whether a parser error occurred, which allows context-dependent attackers to cause a denial of service memory consumption and application crash via a crafted function definition, as demonstrated by an atta...

CVE-2006-7105

PHP remote file inclusion vulnerability in libs/Smarty.class.php in Smarty 2.6.9 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter. NOTE: in the original disclosure, filename is used in a function definition, so this report is probably incorrect...