CVE-2012-6711

A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LCCTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the "echo -e" built-in function, ma...

CVE-2012-6711

CVE-2012-6711 describes a heap-based buffer overflow in GNU Bash prior to 4.3. When wide characters not supported by the current LC_CTYPE locale are printed via the echo builtin, ansicstr() mishandles u32cconv() in lib/sh/strtrans.c, potentially allowing a local attacker to crash a script or exec...

CVE-2012-6711

A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LCCTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the "echo -e" built-in function, ma...

Terminus - A Terminal For A More Modern Age

Terminus is a highly configurable terminal emulator for Windows, macOS and Linux Theming and color schemes Fully configurable shortcuts Split panes Remembers your tabs PowerShell and PS Core, WSL, Git-Bash, Cygwin, Cmder and CMD support Integrated SSH client and connection manager Full Unicode...

CentOS 7.6 - ptrace_scope Privilege Escalation

CentOS 7.6 - ptracescope Privilege Escalation !/usr/bin/env bash 'ptracescope' misconfiguration Local Privilege Escalation Affected operating systems TESTED: Parrot Home/Workstation 4.6 Latest Version Parrot Security 4.6 Latest Version CentOS / RedHat 7.6 Latest Version Kali Linux 2018.4 Latest...

The vulnerability in the Bash shell implementation of the Cisco NX-OS network operating system allows a hacker to execute arbitrary commands.

The vulnerability of the Bash command shell implementation in the Cisco NX-OS network operating system of Cisco devices is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to bypass the restrictions of the Guest Shell and execute arbitrary commands...

Ubuntu 18.04 lxd Privilege Escalation

!/usr/bin/env bash ---------------------------------- Authors: Marcelo Vazquez S4vitar Victor Lasa vowkin ---------------------------------- Step 1: Download build-alpine = wget https://raw.githubusercontent.com/saghul/lxd-alpine-builder/master/build-alpine Attacker Machine Step 2: Build alpine =...

Privilege escalation

The function getoptsimple as described in Advanced Bash Scripting Guide ISBN 978-1435752184 allows privilege escalation and execution of commands when used in a shell script called, for example, via sudo...

CVE-2019-9891

The function getoptsimple as described in Advanced Bash Scripting Guide ISBN 978-1435752184 allows privilege escalation and execution of commands when used in a shell script called, for example, via sudo...

CVE-2019-9891

The CVE-2019-9891 entry concerns the getopt_simple function from the Advanced Bash Scripting Guide. Connected sources confirm that using this function in a shell script (e.g., invoked via sudo) can lead to privilege escalation and execution of attacker-controlled commands. Red Hat’s advisory reit...

CentOS Update for libvirt CESA-2019:1264 centos7

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : bash (EulerOS-SA-2019-1564)

According to the version of the bash package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASHCMDS, thus allowing the user to execute any command with the...

EulerOS 2.0 SP5 : bash (EulerOS-SA-2019-1565)

According to the version of the bash package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASHCMDS, thus allowing the user to execute any command with the...

EulerOS 2.0 SP2 : bash (EulerOS-SA-2019-1563)

According to the version of the bash package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASHCMDS, thus allowing the user to execute any command with the...

Malicious Package

destroyer-of-worlds is a malicious package. A malicious bash script resides in the package which will execute as a postinstall script. The script deletes system files and creates a large file, fork bomb and an endless loop in an attempt to crash the host...

Graffiti - A Tool To Generate Obfuscated One Liners To Aid In Penetration Testing

NOTE : Never upload payloads to online checkers Graffiti is a tool to generate obfuscated oneliners to aid in penetration testing situations. Graffiti accepts the following languages for encoding: Python Perl Batch Powershell PHP Bash Graffiti will also accept a language that is not currently on...

Malicious Package

Overview The package destroyer-of-worlds contained malicious code. The package contained a bash script that was run as a postinstall script. The script deleted system files and attempted to exhaust resources by creating a large file, a fork bomb and an endless loop. The script targeted UNIX...

Unix Command Shell, Reverse UDP (/dev/udp)

Creates an interactive shell via bash's builtin /dev/udp. This will not work on circa 2009 and older Debian-based Linux distributions including Ubuntu because they compile bash without the /dev/udp feature. This module requires Metasploit: https://metasploit.com/download Current source:...

Authentication Bypass

Red Hat Satellite is vulnerable to authentication bypass attacks. This is because the Pulp's pulp-qpid-ssl-cfg script uses bash's $RANDOM in unsafe ways to generate a NSS DB password. An attacker could potentially guess the seed used given enough time and compute resources...

CVE-2019-1730

A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to bypass the limited command set of the restricted Guest Shell and execute commands at the privilege level of a network-admin user outside of the Guest Shell. The attacker must...