NewStart CGSL MAIN 4.05 : bash Multiple Vulnerabilities (NS-SA-2019-0108)

The remote NewStart CGSL host, running version MAIN 4.05, has bash packages installed that are affected by multiple vulnerabilities: - A denial of service flaw was found in the way bash handled popd commands. A poorly written shell script could cause bash to crash resulting in a local denial of...

F5 Networks BIG-IP : F5 tmsh vulnerability (K40378764)

"Authenticated users with the ability to upload files via scp, for example can escalate their privileges to allow root shell access from within the TMOS Shell tmsh interface. The tmsh interface allows users to execute a secondary program via tools like sftp or scp . CVE-2019-6642 Impact...

Mitel 6869i Voip Deskphone 4.2.2032 Command Injection

BlueBox Security http://www.bluebox-security.de/ securityatbluebox-security.de bbs-2019.001.txt 08-August-2019 Vendor: Mitel Affected Products: Mitel 6869i Voip Deskphone Version 4.2.2032 - SIP Not Affected: unknown Vulnerability: Mitel 6869i SIP Deskphone 4.2.2032: Unauthenticated Bash Command...

Mitel 6869i Voip Deskphone 4.2.2032 Command Injection Vulnerability

Mitel 6869i Voip Deskphone version 4.2.2032 suffer from an unauthenticated command injection vulnerability. Vendor: Mitel Affected Products: Mitel 6869i Voip Deskphone Version 4.2.2032 - SIP Not Affected: unknown Vulnerability: Mitel 6869i SIP Deskphone 4.2.2032: Unauthenticated Bash Command...

WAES - Auto Enums Websites And Dumps Files As Result

Doing HTB or other CTFs enumeration against targets with HTTPS can become trivial. It can get tiresome to always run the same script/tests on every box eg. nmap, nikto, dirb and so on. A one-click on target with automatic reports coming solves the issue. Furthermore, with a script the enum proces...

CVE-2019-14706

A denial of service issue in HTTPD was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker without authorization can upload a file to upload.php with a filename longer than 256 bytes. This will be placed in the updownload area. It will not be deleted, because...

Design/Logic Flaw

A denial of service issue in HTTPD was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker without authorization can upload a file to upload.php with a filename longer than 256 bytes. This will be placed in the updownload area. It will not be deleted, because...

USN-4058-2: Bash vulnerability

USN-4058-1 fixed a vulnerability in bash. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Bash incorrectly handled the restricted shell. An attacker could possibly use this issue to escape restrictions and...

USN-4058-2 bash vulnerability

USN-4058-1 fixed a vulnerability in bash. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Bash incorrectly handled the restricted shell. An attacker could possibly use this issue to escape restrictions and...

Cisco NX-OS Software Bash Shell Privilege Escalation Vulnerability

According to its self-reported version, Cisco NX-OS Software is affected by a vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to escalate their privilege level to root. The attacker must authenticate with valid user credentials...

Serv-U FTP Server < 15.1.7 - Local Privilege Escalation (2) Exploit

Exploit for multiple platform in category local exploits !/bin/bash SUroot - Local root exploit for Serv-U FTP Server versions prior to 15.1.7 CVE-2019-12181 Bash variant of Guy Levin's Serv-U FTP Server exploit: - https://github.com/guywhataguy/CVE-2019-12181 --- email protected:/Desktop$ ./SUro...

Ubuntu 16.04 LTS : Bash vulnerability (USN-4058-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4058-1 advisory. It was discovered that Bash incorrectly handled the restricted shell. An attacker could possibly use this issue to escape restrictions and execute any command...

USN-4058-1 bash vulnerability

It was discovered that Bash incorrectly handled the restricted shell. An attacker could possibly use this issue to escape restrictions and execute any command...

USN-4058-1: Bash vulnerability

It was discovered that Bash incorrectly handled the restricted shell. An attacker could possibly use this issue to escape restrictions and execute any command...

Sahi Pro 8.0.0 - Remote Command Execution

Exploit Title: Sahi Pro V8.0.0 - Unauthenticated Remote Command Execution Date: 2019-07-12 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://sahipro.com Software Link: https://sahipro.com/static/builds/pro/installsahiprov80020181031.jar Reference:...

SUSE SLES12 Security Update : bash (SUSE-SU-2019:0838-2)

This update for bash fixes the following issues : Security issue fixed : CVE-2019-9924: Fixed a vulnerability in which shell did not prevent user BASHCMDS allowing the user to execute any command with the permissions of the shell bsc1130324. Note that Tenable Network Security has extracted the...

SUSE-SU-2019:0838-2 Security update for bash

This update for bash fixes the following issues: Security issue fixed: - CVE-2019-9924: Fixed a vulnerability in which shell did not prevent user BASHCMDS allowing the user to execute any command with the permissions of the shell bsc1130324...

Cisco NX-OS Software Bash Shell Role-Based Access Control Bypass Privilege Escalation Vulnerability

According to its self-reported version, a bash shell implementation for Cisco NX-OS software is affected access control bypass privilege vulnerability. An authenticated local attacker can escalate their privilege level by executing commands authorized to other user roles. TRUSTED...

CVE-2017-6900

An issue was discovered in Riello NetMan 204 14-2 and 15-2. The issue is with the login script and wrongpass Python script used for authentication. When calling wrongpass, the variables $VAL0 and $VAL1 should be enclosed in quotes to prevent the potential for Bash command injection. Further to...

Command injection

An issue was discovered in Riello NetMan 204 14-2 and 15-2. The issue is with the login script and wrongpass Python script used for authentication. When calling wrongpass, the variables $VAL0 and $VAL1 should be enclosed in quotes to prevent the potential for Bash command injection. Further to...