CVE-2017-12340

A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Cisco Nexus 7000 Series Switches, and Cisco Nexus 7700 Series Switches could allow an authenticated, local attacker to access the Bash shell of an affected device's operating system, even if the Bash...

CVE-2017-12340

CVE-2017-12340 affects Cisco NX-OS System Software on Cisco MDS Multilayer Director Switches, Nexus 7000, and Nexus 7700 series. The flaw is due to insufficient sanitization of user-supplied parameters in the Python scripting sandbox, enabling an authenticated, local attacker to escape the sandbo...

Cisco Multilayer Director, Nexus 7000 Series, and Nexus 7700 Series Switches Bash Shell Unauthorized Access Vulnerability

A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Cisco Nexus 7000 Series Switches, and Cisco Nexus 7700 Series Switches could allow an authenticated, local attacker to access the Bash shell of an affected device's operating system, even if the Bash...

D-Link DIR-850L Credential Disclosure Exploit

D-Link DIR-850L remote code execution variant exploit that extracts username and password for the device. !/bin/bash Derped together by Raphael de la Vienne A.K.A. Hackdwerg Original exploit https://www.rapid7.com/db/modules/exploit/linux/http/dlinkdir850lunauthexec Just in case if you dont have...

Critical Photon OS Security Update - PHSA-2017-0002

Updates of 'go', 'bash', 'systemd', 'libtiff', 'curl' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2017-0084

Updates of 'systemd', 'curl', 'sqlite-autoconf', 'bash', 'openvswitch' packages of Photon OS have been released...

P4wnP1: A Open Source USB Attack Platform

PenTestIT RSS Feed As of now, hardware security projects seem to be attracting me more than software based projects. Evidently, I wrote a few posts covering them - List of Portable Hardware Devices for Penetration Testing, List of Raspberry Pi DIY Projects for Anonymity, etc. among other awesome...

Infoblox NetMRI Administration Shell Escape and Privilege Escalation

Vulnerability Details Affected Vendor: Infoblox Affected Product: NetMRI Affected Version: 7.1.2 - 7.1.4 Platform: Embedded Linux CWE Classification: CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection', CWE-272: Least Privilege Violation Impact: Root...

GNU Bash Detection (Linux/Unix SSH Login)

Detects the installed version of GNU bash. The script logs in via SSH, searches for the executable SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

IntRec-Pack - Intelligence and Reconnaissance Package/Bundle installer

Intelligence and Reconnaissance Package/Bundle installer. IntRec-Pack is a Bash script designed to download, install and deploy several quality OSINT, Recon and Threat Intelligence tools. Due to the fact it manages the installation of the various dependencies related to these programs as well it...

Anti-DDOS - Anti DDOS Bash Script

Programming Languages : BASH RUN root@ismailtasdelen: bash ./anti-ddos.sh Cloning an Existing Repository Clone with HTTPS git clone https://github.com/ismailtasdelen/Anti-DDOS.git Cloning an Existing Repository Clone withSSH git clone [email protected]:ismailtasdelen/Anti-DDOS.git Download...

Exfiltrates data on installation

Overview The coffe-script package is a piece of malware that steals sensitive data such as a user's private SSH key and bash history, sending them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation If you have found coffe-script installed in...

Exfiltrates data on installation

Overview The coffescript package is a piece of malware that steals sensitive data such as a user's private SSH key and bash history, sending them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation If you have found coffescript installed in...

Exfiltrates data on installation

Overview The cofeescript package is a piece of malware that steals sensitive data such as a user's private SSH key and bash history, sending them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation If you have found cofeescript installed in...

Exfiltrates data on installation

Overview The cofee-script package is a piece of malware that steals sensitive data such as a user's private SSH key and bash history, sending them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation If you have found cofee-script installed in...

Qmail SMTP - Bash Environment Variable Injection (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Qmail SMTP Bash Environment Variable Injection Shellshock', 'Description' = %q This module exploits a shellshock vulnerability on Qmail, a public...

Qmail SMTP Bash Environment Variable Injection (Shellshock) Exploit

This Metasploit module exploits a shellshock vulnerability on Qmail, a public domain MTA written in C that runs on Unix systems. Due to the lack of validation on the MAIL FROM field, it is possible to execute shell code on a system with a vulnerable BASH Shellshock. This flaw works on the latest...

Qmail SMTP Bash Environment Variable Injection (Shellshock)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Qmail SMTP Bash Environment Variable Injection Shellshock', 'Description' = %q This module exploits a shellshock vulnerability on Qmail, a public...

Slackware 13.1 / 13.37 / 14.0 / 14.1 / 14.2 : bash (SSA:2017-251-01)

New bash packages are available for Slackware 13.1, 13.37, 14.0, 14.1, and 14.2 to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2017-251-01. The text itself is...

[slackware-security] bash

New bash packages are available for Slackware 13.1, 13.37, 14.0, 14.1, and 14.2 to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/bash-4.3.048-i586-1slack14.2.txz: Upgraded. This update fixes two security issues found in bash before 4.4: The expansio...