Spoofing

In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the "NETGEAR Genie" SOAP endpoint at AdvancedQoS:GetCurrentBandwidthByMAC. Although this requires QoS being enabled, advanced QoS being enabled...

ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection

A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables...

Linux: Read sysctl variables (KB)

sysctl is used to modify kernel parameters at runtime. The parameters available are those listed under /proc/sys/. Procfs is required for sysctl support in Linux. You can use sysctl to both read and write sysctl data. Note: This script only stores information for other Policy Controls. Copyright ...

SUDO_KILLER - A Tool To Identify And Exploit Sudo Rules' Misconfigurations And Vulnerabilities Within Sudo

Linux Privilege Escalation through SUDO abuse. If you like the tool and for my personal motivation so as to develop other tools please a +1 star The tool can be used by pentesters, system admins, CTF players, students, System Auditors and trolls :. INTRO WARNING: SUDOKILLER is part of the KILLER...

ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection

A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables...

ksh security update

20120801-253.0.1.el81 - Disable ASTnospawnveg for taskset workaround Orabug: 26754277 Red Hat Bug: 1295563 20120801-253 - Do not evaluate arithmetic expressions from environment variables at startup Resolves: 1790546...

ksh security update

CentOS Errata and Security Advisory CESA-2020:0515 An update for ksh is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

ksh security update

20120801-38 - Do not evaluate arithmetic expressions from environment variables at startup Resolves: 1790542...

Fedora 30 : 1:ksh (2020-a0f0eb8500)

Do not evaluate arithmetic expressions from environment variables at startup Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...

ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection

A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables...

Pytm - A Pythonic Framework For Threat Modeling

Define your system in Python using the elements and properties described in the pytm framework. Based on your definition, pytm can generate, a Data Flow Diagram DFD, a Sequence Diagram and most important of all, threats to your system. Requirements Linux/MacOS Python 3.x Graphviz package Java...

FreeBSD : ksh93 -- certain environment variables interpreted as arithmetic expressions on startup, leading to code injection (8b20d716-49df-11ea-9f7b-206a8a720317)

Upstream ksh93 maintainer Siteshwar Vashisht reports : A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated...

[ASA-202002-4] ksh: arbitrary command execution

Arch Linux Security Advisory ASA-202002-4 ========================================= Severity: High Date : 2020-02-08 CVE-ID : CVE-2019-14868 Package : ksh Type : arbitrary command execution Remote : No Link : https://security.archlinux.org/AVG-1095 Summary ======= The package ksh before version...

Arbitrary Code Execution

ksh is vulnerable to arbitrary code injection. The vulnerability exists as certain environment variables will be interpreted as arithmetic expressions on startup...

Linux: 'export TMOUT' in /etc/profile

When invoked interactively with the --login option or when invoked as sh, Bash reads the /etc/profile instructions. These usually set the shell variables PATH, USER, MAIL, HOSTNAME and HISTSIZE. On some systems, the umask value is configured in /etc/profile, on other systems this file holds...

ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection

A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables...

Security Bulletin: A Security Vulnerability, exists in the Android platform used by the Cordova tools in Rational Application Developer for WebSphere Software (CVE-2015-1835)

Summary A security vulnerability, CVE-2015-1835, has been discovered that affects the Android platform used by the Cordova tools in Rational Application Developer for WebSphere Software. Vulnerability Details CVEID: CVE-2015-1835 DESCRIPTION: The Apache Cordova could allow a remote attacker to...

CVE-2019-4620

IBM MQ Appliance 8.0 and 9.0 LTS could allow a local attacker to bypass security restrictions caused by improper validation of environment variables. IBM X-Force ID: 168863...

CVE-2019-4620

IBM MQ Appliance 8.0 and 9.0 LTS could allow a local attacker to bypass security restrictions caused by improper validation of environment variables. IBM X-Force ID: 168863...

Input validation

IBM MQ Appliance 8.0 and 9.0 LTS could allow a local attacker to bypass security restrictions caused by improper validation of environment variables. IBM X-Force ID: 168863...