EulerOS 2.0 SP2 : bash (EulerOS-SA-2020-1638)

According to the version of the bash package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LCCTYPE environment...

Huawei EulerOS: Security Advisory for bash (EulerOS-SA-2020-1638)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cisco UCS Director Cloupia Script - Remote Code Execution

This Metasploit module exploits an authentication bypass and directory traversals in Cisco UCS Director This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco UCS Director Cloupia Script RCE',...

Exploit for Path Traversal in Bludit

CVE-2019-16113 CVE-2019-16113 - bludit = 3...

Exploit for CVE-2020-11651

PoC exploit for CVE-2020-11651, a remote code execution vulnerab...

EulerOS Virtualization for ARM 64 3.0.2.0 : bash (EulerOS-SA-2020-1560)

According to the version of the bash package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - An issue was discovered in disableprivmode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its...

CVE-2020-5873

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.1-11.6.5 and BIG-IQ 5.2.0-7.1.0, a user associated with the Resource Administrator role who has access to the secure copy scp utility but does not have access to Advanced Shell bash can execute arbitrary commands...

CVE-2020-5873

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.1-11.6.5 and BIG-IQ 5.2.0-7.1.0, a user associated with the Resource Administrator role who has access to the secure copy scp utility but does not have access to Advanced Shell bash can execute arbitrary commands...

Huawei EulerOS: Security Advisory for bash (EulerOS-SA-2020-1560)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Arista restricted shell escape (with privesc)

This exploit module takes advantage of a poorly configured TACACS+ config, Arista's bash shell and TACACS+ read-only account to privilage escalate. A CVSS v3 base score of 9.8 has been assigned. This module requires Metasploit: https://metasploit.com/download Current source:...

CVE-2020-11963

IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configurati...

CVE-2020-11963

IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configurati...

Remote code execution

IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configurati...

CVE-2020-11963

IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configurati...

CVE-2020-11963

CVE-2020-11963 affects IQrouter up to firmware 3.3.1. When the device is unconfigured, the web-panel is vulnerable to Bash Shell Metacharacter Injection leading to remote code execution and potential root privileges. Documented impact includes multiple RCE vectors in the web-panel; exploitation r...

CVE-2020-11963

IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configurati...

PT-2020-12954 · Linux +3 · Linux +3

Name of the Vulnerable Software and Affected Versions: IQrouter versions prior to 3.3.1 Description: The issue is related to Bash Shell Metacharacter Injection, which leads to multiple remote code execution vulnerabilities in the web-panel of IQrouter when it is unconfigured. This issue is not...

Scientific Linux Security Update : bash on SL7.x x86_64 (20200407)

bash: BASHCMD is writable in restricted bash shells C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid135800; scriptversion"1.3"; scriptsetattributeattribute:"pluginmodificationdate", value:"2024/03/15";...

SUSE SLES12 Security Update : git (SUSE-SU-2020:0992-1)

This update for git fixes the following issues : Security issue fixed : CVE-2020-5260: With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host bsc1168930. Non-security issue fixed : git was updated to 2.26.0 f...

The vulnerability of the disable_priv_mode command in the GNU Bash shell, related to improper checking of deleted privileges, allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the disableprivmode command in the GNU Bash shell relates to a privilege reset error. This occurs when the command is executed with a valid UID, but the UID does not match its actual value. Exploiting this vulnerability can allow an attacker to access confidential data,...