JVN#55667175: QNAP QTS vulnerable to OS command injection

QNAP QTS is an operating system for Turbo NAS. QNAP QTS contains a flaw in the GNU Bash shell, which may result in an OS command injection vulnerability CWE-78. Impact A malicious attacker may be able to execute arbitrary command at the privilege level of the calling application. Solution Update...

[security bulletin] HPSBST03122 rev.1 - HP StoreAll Operating System Software running Bash Shell, Remote Code Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04471532 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04471532 Version: 1 HPSBST03122 rev....

Fedora 21 : check-mk-1.2.4p5-2.fc21 (2014-11896)

Do not require any other shell than bash since that's the default shell for the Fedora / RHEL distributions New upstream release providing many security fixes. New upstream release providing many security fixes. Note that Tenable Network Security has extracted the preceding description block...

[security bulletin] HPSBGN03117 rev.1 - HP Remote Device Access: Virtual Customer Access System (vCAS) running Bash Shell, Remote Code Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04467807 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04467807 Version: 1 HPSBGN03117 rev....

[security bulletin] HPSBHF03119 rev.2 - HP DreamColor Professional Display running Bash Shell, Remote Code Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04468293 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04468293 Version: 2 HPSBHF03119 rev....

Bash through special environment variables code injection attack-vulnerability warning-the black bar safety net

Bash or Bourne again shell, is a UNIX-like shell script, might be any Linux system is the most common mounting Assembly. From 1 9 8 0 year of birth to now, bash has evolved from a simple terminal based command interpreter evolved to many other fancy uses. In Linux, the environment variables...

GNU Bash Environment Variable Handling Code Injection via ProFTPD (Shellshock)

The remote FTP server is affected by a remote code execution vulnerability due to an error in the Bash shell running on the remote host. A remote, unauthenticated attacker can execute arbitrary code on the remote host by sending a specially crafted request via the USER FTP command. The 'modexec'...

HPSBHF03119 rev.3 - HP DreamColor Professional Display running Bash Shell, Remote Code Execution

Potential Security Impact Remote code execution VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP DreamColor Z27x Professional Display running Bash Shell. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow...

bash (important)

The command-line shell 'bash' evaluates environment variables, which allows the injection of characters and might be used to access files on the system in some circumstances CVE-2014-7169. Please note that this issue is different from a previously fixed vulnerability tracked under CVE-2014-6271 a...

Important security fix for bash that allows the injection of commands. (important)

This update fixes a bug in the bash shell that allows an attacker to execute arbitrary commands upon shell invocation if he can control the shell's environment. This is particularly dangerous if the shell is used as a cgi interpreter for a web server, or if the shell handles untrusted input...

bash (important)

The command-line shell 'bash' evaluates environment variables, which allows the injection of characters and might be used to access files on the system in some circumstances CVE-2014-7169. Please note that this issue is different from a previously fixed vulnerability tracked under CVE-2014-6271 a...

Dhclient Bash Environment Variable Injection (Shellshock)

This module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets dhclient by responding to DHCP requests with a malicious hostname, domainname, and URL which are then passed to the configuration scripts as environment...

Bash environment variable code injection over HTTP

Added: 09/26/2014 CVE: CVE-2014-6271 BID: 70103 OSVDB: 112004 Background GNU Bash Bourne Again SHell is a command shell commonly used on Linux and Unix systems. Problem The Bash shell executes commands injected after function definitions contained in environment variables. This could be used by a...

Bash environment variable code injection over HTTP

Added: 09/26/2014 CVE: CVE-2014-6271 BID: 70103 OSVDB: 112004 Background GNU Bash Bourne Again SHell is a command shell commonly used on Linux and Unix systems. Problem The Bash shell executes commands injected after function definitions contained in environment variables. This could be used by a...

The threat is far better than“bleeding heart”for? Abroad new explosion Bash security vulnerability-vulnerability warning-the black bar safety net

These days Linux users can happily play the Red Hat security team yesterday broke a dangerous Bash Shell vulnerability. Its threat may be higher than the earlier disclosure of the“heartbleed”vulnerability is more and more strong! ! A network security company, Engineering Manager Tod Beardsley als...

Bash Shell remote code execution (CVE-2014-6271, CVE-2014-7169)

Palo Alto Networks has become aware of a remote code execution vulnerability in the Bash shell utility. This vulnerability CVE-2014-6271 allows for remote code execution through multiple vectors due to the way Bash is often used on linux systems for processing commands. Additional information can...

Batch site DNS zone transfer vulnerability detection-bash shell implemented-vulnerability warning-the black bar safety net

0x00 background The following illustration of eecs. cc author self-built a machine with a private root DNS server, and open the zone transfer permissions, so the results: the cc zone transfer success. The figure is just an experimental verification, the following article started! ! 2 0 1 4 0 5 1 ...

Quantum vmPRO Backdoor Command

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'net/ssh' class Metasploit3 "Quantum vmPRO Backdoor Command", 'Description' = %q This module abuses a backdoor command in vmPRO 3.1.2. Any user,...

Quantum vmPRO Backdoor Command

This module abuses a backdoor command in Quantum vmPRO. Any user, even one without admin privileges, can get access to the restricted SSH shell. By using the hidden backdoor "shell-escape" command it's possible to drop to a real root bash shell. This module has been tested successfully on Quantum...

Cisco NX-OS Software Arbitrary Code Execution Vulnerability

A vulnerability in the input parsing of Cisco NX-OS Software could allow an authenticated, local attacker to execute commands on the underlying operating system. The vulnerability is due to poor processing of parameters that include special characters. An attacker could exploit this vulnerability...