McAfee Email Gateway - Bash Shellshock Code Injection Exploit

A number of security vulnerabilities have been identified in the bash SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Openwall 3.1 Released With Fixes for Shellshock, POODLE Attack

The maintainers of the Openwall security enhanced Linux distribution have released a new stable version, which includes fixes for a number of serious vulnerabilities, such as the Shellshock Bash bug and the flaw in SSLv3 that leads to the POODLE attack. Openwall is designed to be a small, compact...

Apache-mod_cgi-Shellshock

Shellshock apache modcgi remote exploit rhost: victim host rport: victim port for TCP shell binding lhost: attacker host for TCP shell reversing lport: attacker port for TCP shell reversing pages: specific cgi vulnerable pages separated by comma proxy: host:port proxy ! /usr/bin/env python from...

Postfix-SMTP---Shellshock

Date: 10/3/2014 Exploit Author: fattymcwopr Vendor Homepage: gnu.org Software Link: http://ftp.gnu.org/gnu/bash/ Version: 4.2.x 4.2.48 !/bin/python Exploit Title: Shellshock SMTP Exploit Date: 10/3/2014 Exploit Author: fattymcwopr Vendor Homepage: gnu.org Software Link: http://ftp.gnu.org/gnu/bas...

Podcast: 2014 Year in Review

Mike Mimoso and Dennis Fisher look back on the crazy year that was in security, including the big Internet-wide bugs such as Heartbleed and Shellshock, the Home Depot and Sony breaches and what lessons we learned in 2014.​ READ: 2014: A Specious Odyssey SEE: Revisiting Threatpost’s 10 Most Popula...

2014: A Specious Odyssey

The wonderful and terrifying thing about the security world is that things never stay calm for long. As soon as you think you have a chance to catch your breath, someone breaks something and it’s time to scramble again. In 2014, those small moments of downtime were hard to come by. There was a...

Juniper Junos Space GNU Bash Command Injection Vulnerability (JSA10648) (Shellshock)

According to its self-reported version number, the remote Junos Space version is prior to 14.1R2, and may be affected by a command injection vulnerability in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in the values of...

Ghosts, goblins Grinch: Bash broken shell shellshock a more serious Linux vulnerability-vulnerability warning-the black bar safety net

Security researcher at the Linux operating system found in a group called the ghosts, goblins（Grinch's vulnerability, the vulnerability exists in the linux system, and Bash broken shell shellshock）vulnerabilities in victim machines to get the highest permissions. Ghosts, goblins overview Bash...

Citrix XenServer Shellshock Security Update (CTX200223)

A number of security vulnerabilities have been identified in the bash SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Malware Exploits SHELLSHOCK Vulnerability to Hack NAS Devices

The year is about to end, but serious threats like Shellshock is "far from over". Cyber criminals are actively exploiting this critical GNU Bash vulnerability to target those network attached storage devices that are still not patched and ready for exploitation. Security researchers have unearthe...

Cisco TelePresence Conductor Bash Remote Code Execution (Shellshock)

According to its self-reported version number, remote Cisco TelePresence Conductor device is affected by a command injection vulnerability in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in the values of environment...

PHP 5.x / Bash Shellshock Proof of Concept

This is a proof of concept that demonstrates how the Bash shellshock vulnerability can be used in PHP to bypass disablefunctions, safemode, etc...

Lynis 1.6.4 - Security auditing tool for Unix/Linux systems

Lynis is an open source security auditing tool. Primary goal is to help users with auditing and hardening of Unix and Linux based systems. The software is very flexible and runs on almost every Unix based system including Mac. Even the installation of the software itself is optional! How it works...

Oracle Linux 6 : bash (ELSA-2014-3093)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-3093 advisory. 4.1.2-29.0.1 - Fix segfaults from CVE-2014-6277 and CVE-2014-6278 completely. orabug 19905294 Tenable has extracted the preceding description block...

ShellShock DHCP Server

Added: 11/20/2014 CVE: CVE-2014-6271 BID: 70103 OSVDB: 112004 Background Bash is vulnerable to command injection using environment variables. When an application takes user input and uses setenv a malicious actor is able to execute commands on the target in the security context of the running...

ShellShock DHCP Server

Added: 11/20/2014 CVE: CVE-2014-6271 BID: 70103 OSVDB: 112004 Background Bash is vulnerable to command injection using environment variables. When an application takes user input and uses setenv a malicious actor is able to execute commands on the target in the security context of the running...

ShellShock DHCP Server

Added: 11/20/2014 CVE: CVE-2014-6271 BID: 70103 OSVDB: 112004 Background Bash is vulnerable to command injection using environment variables. When an application takes user input and uses setenv a malicious actor is able to execute commands on the target in the security context of the running...

BASHLITE Malware leverages ShellShock Bug to Hijack Devices Running BusyBox

Cyber criminals are using new malware variants by exploiting GNU Bash vulnerability referred to as ShellShock CVE-2014-6271 in order to infect embedded devices running BusyBox software, according to a researcher. A new variant of "Bashlite" malware targeting devices running BusyBox software was...

PHP 5.x - Bypass Disable Functions Vulnerability

Exploit for php platform in category web applications Exploit Title: PHP 5.x Shellshock Exploit bypass disablefunctions Google Dork: none Date: 10/31/2014 Exploit Author: Ryan King Starfall Vendor Homepage: http://php.net Software Link: http://php.net/get/php-5.6.2.tar.bz2/from/a/mirror Version: ...

McAfee Next Generation Firewall GNU Bash Code Injection (SB10085) (Shellshock)

The remote host has a version of McAfee Next Generation Firewall NGFW installed that is affected by a command injection vulnerability in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in the values of environment variables...