CVE-2014-8074

Buffer overflow in the SetLogFile method in Foxit.FoxitPDFSDKProCtrl.5 in Foxit PDF SDK ActiveX 2.3 through 5.0.1820 before 5.0.2.924 allows remote attackers to execute arbitrary code via a long string, related to global variables...

Oracle Linux 6 : openssh (ELSA-2014-1552)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1552 advisory. - prevent a server from skipping SSHFP lookup 1081338 CVE-2014-2653 - ignore environment variables with embedded '=' or '\0' characters CVE-2014-2532...

[oCERT-2014-004] Ansible input sanitization errors

2014-004 Ansible input sanitization errors Description: The Ansible project is an open source configuration management platform. The Ansible platform suffers from input sanitization errors that allow arbitrary code execution as well as information leak, in case an attacker is able to control...

openssh security, bug fix, and enhancement update

5.3p1-104 - ignore SIGXFSZ in postauth monitor child 1133906 5.3p1-103 - don't try to generate DSA keys in the init script in FIPS mode 1118735 5.3p1-102 - ignore SIGPIPE in ssh-keyscan 1108836 5.3p1-101 - ssh-add: fix fatal exit when removing card 1042519 5.3p1-100 - fix race in backported...

java-1.7.0-openjdk security and bug fix update

1:1.7.0.71-2.5.3.1.0.1.el511 - Add oracle-enterprise.patch - Fix DISTRONAME to 'Enterprise Linux' 1:1.7.0.71-2.5.3.1 - Bump to 2.5.3 with security updates. - Remove obsolete patches which are now included upstream. - Disable LCMS via environment variables rather than maintaining a patch. -...

Foxit ActiveX Pro SDK SetLogFile Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Foxit ActiveX Pro SDK ActiveX control. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exis...

DNS Reverse Lookup Shellshock Exploit

DNS reverse lookups can be used as a vector of attack for the bash shellshock vulnerability. DNS Reverse Lookup as a vector for the Bash vulnerability CVE-2014-6271 et.al. CVE-2014-3671 references: CVE-2014-6271, CVE-2014-7169, CVE-2014-6277, CVE-2014-6278 CVE-2014-7186 and, CVE-2014-7187 Summary...

DNS Reverse Lookup Shellshock

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Security Advisory DNS Reverse Lookup as a vector for the Bash vulnerability CVE-2014-6271 et.al. CVE-2014-3671 references: CVE-2014-6271, CVE-2014-7169, CVE-2014-6277, CVE-2014-6278 CVE-2014-7186 and, CVE-2014-7187 Summary: Above CVEs detail a number ...

Amazon Linux AMI : bash (ALAS-2014-419)

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the...

Amazon Linux AMI : bash (ALAS-2014-418) (Shellshock)

This ALAS is superceded by ALAS-2014-419. A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote...

Pure-FTPd External Authentication Bash Environment Variable Code Injection

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Ftp include...

openSUSE Security Update : bash (openSUSE-SU-2014:1254-1) (deprecated)

This patch was withdrawn by the openSUSE team, as the software was fixed prior to release. No replacement patches/plugins exist. bash was updated to fix command injection via environment variables. CVE-2014-6271,CVE-2014-7169 Also a hardening patch was applied that only imports functions over...

Cisco ASA Software Multiple Vulnerabilities (cisco-sa-20141008-asa)

The remote Cisco ASA device is affected by one or more of the following vulnerabilities : - A flaw exists in the SQLNET Inspection Engine due to improper handling of SQL REDIRECT packets. An attacker can exploit this vulnerability by sending a crafted sequence of REDIRECT packets through the...

F5 Networks BIG-IP : Multiple GNU Bash vulnerabilities (SOL15629) (Shellshock)

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and modcg...

USN-2380-1 bash vulnerabilities

Michal Zalewski discovered that Bash incorrectly handled parsing certain function definitions. If an attacker were able to create an environment variable containing a function definition with a very specific name, these issues could possibly be used to bypass certain environment restrictions and...

Shellshock Exploits Spreading Mayhem Botnet Malware

The Mayhem malware piqued researchers’ interest earlier this summer after a published report from researchers at Russian search engine Yandex shed light on its ability to target Linux and UNIX machines and run under restricted privileges. Generally, web servers are well guarded against remote...

GNU Bash Environment Variable Handling RCE Vulnerability (Shellshock, Linux/Unix SSH Login, CVE-2014-6277) - Active Check

GNU Bash is prone to a remote command execution RCE vulnerability dubbed Copyright C 2014 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fre...

Shellshock-like Vulnerability May Affect Windows

In the early hours of the Shellshock vulnerability in Bash, the running joke was that Windows administrators could sit back with a box of popcorn and a beverage and watch the Linux and UNIX admins scramble about for once. Looks like those same Windows admins may soon be dragged into the fray. As...

Bash through special environment variables code injection attack-vulnerability warning-the black bar safety net

Bash or Bourne again shell, is a UNIX-like shell script, might be any Linux system is the most common mounting Assembly. From 1 9 8 0 year of birth to now, bash has evolved from a simple terminal based command interpreter evolved to many other fancy uses. In Linux, the environment variables...

bash: specially-crafted environment variables can be used to inject shell commands

A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment...