25 matches found
Gnu Bash 4.3 CGI Scan Remote Command Injection
!/usr/bin/env python http connection import urllib2 Args management import optparse Error managemen import sys banner = """ | .-----.--.--. | .---.-.-----| |--. |. || | | | |. 1 | | --| | |. | |||| |. |.|||| |: 1 | |: 1 \ |::.. . | |::.. . / -------' -------' | Y | | | | | | | | | ||| | |. l |. 1...
Bash 4.3 远程命令执行漏洞 (破壳)
更新情况版本时间描述第一版2014/9/26 中午第一版完成。第二版2014/9/26 下午1. 新增:加速乐防御平台的攻击统计细节;2. 完善:修复建议;第三版2014/9/27 下午1. 破壳漏洞官网出现:shellshocker.net2. 更新:漏洞概要;3. 新增:补丁绕过后(CVE-2014-7169)的漏洞源码级分析;4. 新增:ZoomEye第四组数据:QNAP NAS漏洞情况;5. 新增:ZoomEye第五组数据:CheckPoint安全网关漏洞情况;6. 完善:修复建议;7. 新增:相关资源链接;第四版2014/10/14 晚1...
CVE-2014-7169
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the...
CVE-2014-7169
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the...
Design/Logic Flaw
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and modcg...