Lucene search
+L

167 matches found

exploitpack
exploitpack
added 2014/09/25 12:0 a.m.14 views

GNU Bash - Shellshock Environment Variable Command Injection

GNU Bash - Shellshock Environment Variable Command Injection Exploit Database Note: The following is an excerpt from: https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ Like “real” programming languages, Bash has functions, though in a...

0.9AI score
Exploits0
myhack58
myhack58
added 2014/09/25 12:0 a.m.21 views

The latest bash vulnerability solution-exploits warning-the black bar safety net

Is today just broke the Bash security vulnerability, and SSH bash emergency security patches is very important. Test whether the presence of the vulnerability you Please execute the following command: root@keepalivenginxmaster / env x=' :;; echo vulnerable" bash-c "echo this is a test" 1 2 3 4 5 ...

1.8AI score
Exploits0
osv
osv
added 2014/09/25 12:0 a.m.5 views

UBUNTU-CVE-2014-7169

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the...

9.8CVSS7.5AI score0.9994EPSS
Exploits18References7
securityvulns
securityvulns
added 2014/09/25 12:0 a.m.268 views

Re: [oss-security] CVE-2014-6271: remote code execution through bash

Florian Weimer: Chet Ramey, the GNU bash upstream maintainer, will soon release official upstream patches. http://ftp.gnu.org/pub/gnu/bash/bash-3.0-patches/bash30-017 http://ftp.gnu.org/pub/gnu/bash/bash-3.1-patches/bash31-018 http://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-052...

10CVSS0.3AI score0.99999EPSS
Exploits132
nessus
nessus
added 2014/09/25 12:0 a.m.87 views

Ubuntu 14.04 LTS : Bash vulnerability (USN-2362-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2362-1 advisory. Stephane Chazelas discovered that Bash incorrectly handled trailing code in function definitions. An attacker could use this issue to bypass environment...

10CVSS8.7AI score0.99999EPSS
Exploits132References2
packetstorm
packetstorm
added 2014/09/25 12:0 a.m.89 views

Bash Environment Variable Command Execution

Date: Wed, 24 Sep 2014 17:03:19 +0200 From: Florian Weimer To: [email protected] Subject: Re: CVE-2014-6271: remote code execution through bash Florian Weimer: Chet Ramey, the GNU bash upstream maintainer, will soon release official upstream patches...

10CVSS0.8AI score0.99999EPSS
Exploits132
vulnrichment
vulnrichment
added 2014/09/24 6:0 p.m.16 views

CVE-2014-6271

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and modcg...

8.3AI score0.99999EPSS
Exploits132References170
threatpost
threatpost
added 2014/09/24 3:30 p.m.10 views

Major Bash Shell Vulnerability Affects Linux, UNIX, Mac OS X

A critical vulnerability in the Bourne again shell, simply known as Bash and which is present in most Linux and UNIX distributions and Apple’s Mac OS X, has been discovered and administrators are being urged to patch immediately. The flaw allows an attacker to remotely attach a malicious executab...

1AI score
Exploits0References4
redhat
redhat
added 2014/09/24 2:18 p.m.7 views

bash: specially-crafted environment variables can be used to inject shell commands

A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment...

10CVSS7.5AI score0.99999EPSS
Exploits132References8
redhat
redhat
added 2014/09/24 2:18 p.m.6 views

bash: specially-crafted environment variables can be used to inject shell commands

A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment...

10CVSS7.5AI score0.99999EPSS
Exploits132References8
ptsecurity
ptsecurity
added 2014/09/24 12:0 a.m.13 views

PT-2014-1176

Name of the Vulnerable Software and Affected Versions bash versions 1.14 through 4.2 p52 GNU Bash affected versions not specified Description The issue is related to the way shell functions are passed through environment variables, allowing an attacker to inject commands into a Bash shell. This c...

10CVSS9.2AI score0.99999EPSS
Exploits159References176
hackerone
hackerone
added 2014/09/24 12:0 a.m.214 views

Internet Bug Bounty: GNU Bourne-Again Shell (Bash) 'Shellshock' Vulnerability

GNU Bash versions 1.14 through 4.3 contain a flaw that processes commands placed after function definitions in the added environment variable, allowing remote attackers to execute arbitrary code via a crafted environment which enables network-based exploitation. Original disclosure:...

10CVSS9.7AI score0.99999EPSS
Exploits132
osv
osv
added 2014/09/24 12:0 a.m.4 views

UBUNTU-CVE-2014-6271

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and modcg...

9.8CVSS7.7AI score0.99999EPSS
Exploits132References4
amazon
amazon
added 2014/09/24 12:0 a.m.80 views

Critical: bash

Issue Overview: This ALAS is superceded by ALAS-2014-419 https://alas.aws.amazon.com/ALAS-2014-419.html". A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell...

10CVSS9.4AI score0.99999EPSS
Exploits132
osv
osv
added 2014/09/24 12:0 a.m.17 views

DLA-59-1 bash - security update

Bulletin has no description...

10CVSS9.8AI score0.99999EPSS
Exploits132
seebug
seebug
added 2014/07/01 12:0 a.m.10 views

GNU GNU bash 1.14 Path Embedded Code Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/119/info A vulnerability in bash may allow inadvertently running commands embedded in the path to the currently working directory. If an unsuspecting user enters a directory created by some malicious user with embedded...

7.1AI score
Exploits0
openvas
openvas
added 2012/08/14 12:0 a.m.29 views

Mandriva Update for bash MDVSA-2012:128 (bash)

Check for the Version of bash OpenVAS Vulnerability Test Mandriva Update for bash MDVSA-2012:128 bash Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

4.6CVSS0.2AI score0.00413EPSS
Exploits0References2
cvelist
cvelist
added 2001/09/12 4:0 a.m.23 views

CVE-1999-1383

1 bash before 1.14.7, and 2 tcsh 6.05 allow local users to gain privileges via directory names that contain shell metacharacters back-tick, which can cause the commands enclosed in the directory name to be executed when the shell expands filenames using the \w option in the PS1 variable...

6.8AI score0.004EPSS
Exploits1References2
securityvulns
securityvulns
added 2000/12/21 12:0 a.m.41 views

/bin/ksh creates insecure tmp files

Recently I reported that, similarly to the recently discussed tcsh vulnerability, the Bourne shell /bin/sh creates temporary files in an insecure way: http://www.securityfocus.com/templates/archive.pike?list=1&[email protected] At the time I also tested the Korn...

7.1AI score
Exploits0
cvelist
cvelist
added 2000/06/02 4:0 a.m.21 views

CVE-1999-0491

The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute...

6.9AI score0.00865EPSS
Exploits0References3
Rows per page
Query Builder