Huawei EulerOS: Security Advisory for bash (EulerOS-SA-2019-1565)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for bash (EulerOS-SA-2019-1942)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for bash (EulerOS-SA-2019-1621)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for bash (EulerOS-SA-2019-1911)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for bash (EulerOS-SA-2017-1032)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for bash (EulerOS-SA-2017-1031)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for bash (EulerOS-SA-2019-1563)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apache James Server 2.3.2 Insecure User Creation Arbitrary File Write

This module exploits a vulnerability that exists due to a lack of input validation when creating a user. Messages for a given user are stored in a directory partially defined by the username. By creating a user with a directory traversal payload as the username, commands can be written to a given...

LibMiner: Container-Based Cryptocurrency Miner Targeting Unprotected Redis Servers

Qualys is actively tracking threats which target containers. In our recent analysis, we have identified a few docker instances executing a malware which we term as “LibMiner”. This malware has the capability to deploy and execute Cryptominer. It uses a unique technique for lateral movement across...

SWFPFinder - SWF Potential Parameters Finder

SWFPFinder is a simple and open source bash script designed to discovery the potential swf file parameters on the webapp analysing the swf file. SWFPFinder use swfmill tool, swfmill is a tool to process Adobe Flash SWF files. It can convert SWF from and to an XML dialect called “swfml”, which is...

SUSE-SU-2020:0087-1 Security update for libsolv, libzypp, zypper

This update for libsolv, libzypp, zypper fixes the following issues: Security issue fixed: - CVE-2019-18900: Fixed assert cookie file that was world readable bsc1158763. Bug fixes - Fixed removing orphaned packages dropped by to-be-installed products bsc1155819. - Adds libzypp API to mark all...

Exploit for Path Traversal in Citrix Application_Delivery_Controller_Firmware

Remote Code Execution Exploit CVE-2019-19781- Citrix Applica...

Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution (PoC)

!/bin/bash Remote Code Execution Exploit for Citrix Application Delivery Controller and Citrix Gateway - CVE-2019-19781 Usage : bash CVE-2019-19781.sh IPOFVULNURABLEHOST COMMANDTOEXECUTE e.g : bash CVE-2019-19781.sh XX.XX.XX.XX 'uname -a' Release Date : 11/01/2020 Follow Us :...

Code injection

A Bash script injection vulnerability exists in Kemp Load Master 7.1-16 and earlier due to a failure to sanitize input in the Web User Interface WUI...

CVE-2014-5287

A Bash script injection vulnerability exists in Kemp Load Master 7.1-16 and earlier due to a failure to sanitize input in the Web User Interface WUI...

CVE-2014-5287

CVE-2014-5287 affects Kemp Load Master 7.1-16 and earlier; a Bash script injection vulnerability arises from failure to sanitize input in the Web UI. Connected sources document multiple vulnerabilities (RCE, CSRF, XSS, DoS) in Kemp Load Master 7.1-16 and earlier, with exploit references (Exploit-...

Cisco NX-OS Software Bash Bypass Guest Shell (cisco-sa-20190515-nxos-bash-bypass)

According to its self-reported version, Cisco NX-OS Software is affected by following vulnerability in the Bash shell implementation due to the incorrect implementation of a CLI command that allows a Bash command to be incorrectly invoked on the Guest Shell CLI. An authenticated, local attacker c...

CTFd 2.1.5 Administrator Account Takeover

Exploit Title: CTFd Administrator Account Takeover Date: 2/1/20 Exploit Author: Social Engineering Neo - @EngineeringNeo Vendor Homepage: https://ctfd.io Software Link: https://github.com/CTFd/CTFd/releases/tag/2.1.5 Version: CTFd Local/Remote Hosting 2.1.5 and below Tested on: CTFd 2.1.5 CTFd...

WEMS BEMS 21.3.1 Undocumented Backdoor Account

WEMS BEMS 21.3.1 Undocumented Backdoor Account Vendor: WEMS Limited Product web page: https://www.wems.co.uk Affected version: Web: 21.3.1 Web: 20.0beta Web: 19.5 Web: 18.4 Firmware: 1.26.6 OS: 5.3 Firmware: 1.23.7 OS: 5.0 Firmware: 1.21.4 OS: 4.1a-usb Firmware: 1.18.0.3 OS: i686-1.1 Platform:...

Bash Profile Persistence Exploit

This Metasploit module writes an execution trigger to the target's Bash profile. The execution trigger executes a call back payload whenever the target user opens a Bash terminal. A handler is not run automatically, so you must configure an appropriate exploit/multi/handler to receive the callbac...