Fedora 24 : bash (2016-a822b472c4)

Security fix for CVE-2016-0634. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 7030...

CVE-2016-4755

Terminal in Apple OS X before 10.12 uses weak permissions for the .bashhistory and .bashsession files, which allows local users to obtain sensitive information via unspecified vectors...

[SECURITY] Fedora 25 Update: bash-4.3.43-3.fc25

The GNU Bourne Again shell Bash is a shell or command language interpreter that is compatible with the Bourne shell sh. Bash incorporates useful features from the Korn shell ksh and the C shell csh. Most sh scripts can be run by bash without modification...

Fedora Update for bash FEDORA-2016-a822b472c4

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GNU Bash Local Code Execution Vulnerability

GNU Bash is a shell command language interpreter written by American software developer Brian J. Fox for the GNU Project, which runs on Unix-like operating systems the default shell for Linux systems and is capable of reading from, and executing commands from, a standard input device or file, as...

CVE-2016-0634

The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine...

UBUNTU-CVE-2016-0634

The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine...

Samsung Repair Information Disclosure

!/bin/bash for t in 4136987977..4136989977; do echo "testing ticket $t" for i in 2000000000..9999999999; do echo "testing telephone $i" p1=$echo $i | cut --characters 1-3 p2=$echo $i | cut --characters 4-6 p3=$echo $i | cut --characters 7- curl=$curl -sS -d ticketno=$t -d telephone1=$p1 -d...

Bash Shell X - Possible privilege escalation, Runtime command execution, Runtime privilege escalation vulnerabilities

HackApp vulnerability scanner discovered that application Bash Shell X published at the 'play' market has multiple vulnerabilities...

USB Anti Forensic Tool: usbdeath

USB Anti Forensic Tool anti-forensic tool that writes udev rules for known usb devices and do some things at unknown usb device insertion or specific usb device removal. usbdeath is a small script inspired by usbkill , “an anti-forensic kill-switch that waits for a change on your USB ports and th...

Nextcloud: Wordpress: Directory Traversal / Denial of Serivce

Hello Security team, While testing nextcloud.com i have found that you are not using the lastest version of wordpress you are using old version 4.5.3 which is vulnerable to Directory Traversal / Denial of Serivce Description : A path traversal vulnerability was found in the Core Ajax handlers of...

bash и ядро Linux в windows 10 anniversary update

Тут на днях 2 Августа подъехало новое обновление для Windows 10 "anniversary update" так вот самый интересной фишкой мне кажется будет bash в окнах. Обновление пока что доступно не всем регионам. По умолчанию bash не "включен". Если у вас версия ОС выше 1511 значит вы обладатель данного обновлени...

GNU Bash Information Disclosure Vulnerability

GNU Bash is a shell command language interpreter written by American software developer Brian J. Fox for the GNU Project. An information disclosure vulnerability exists in GNU Bash version 4.3, which can be exploited by an attacker to obtain sensitive information or possibly cause a denial of...

WordPress Core 4.5.3 - Directory Traversal / Denial of Service

Path traversal vulnerability in WordPress Core Ajax handlers Abstract A path traversal vulnerability was found in the Core Ajax handlers of the WordPress Admin API. This issue can potentially be used by an authenticated user Subscriber to create a denial of service condition of an affected...

Fedora 24 : pulp / pulp-docker / pulp-ostree / pulp-puppet / pulp-python / etc (2016-4373f7d32a)

2.8.6 is a security and bugfix release. Included in the list of fixed issues in 2.8.5 are two CVEs : - CVE-2016-3696: Leakage of CA key in pulp-qpid-ssl-cfg - CVE-2016-3704: Unsafe use of bash $RANDOM for NSS DB password and seed Several issues with database migrations are also addressed in this...

Pentmenu - A simple Bash Script for Recon and DOS Attacks

A bash script inspired by pentbox. Designed to be a simple way to implement various network pentesting functions, including network attacks, using wherever possible readily available software commonly installed on most linux distributions without having to resort to multiple specialist tools. Sud...

Windows 10 Attack Surface Grows with Linux Support in Anniversary Update

Microsoft’s release of Windows Anniversary Update last week included an optional feature called Windows Subsystem for Linux that allows native support for Linux binaries. That has some security experts concerned the Windows 10 attack surface has been expanded. The threat, according to Alex Ionesc...

NUUO NVRmini 2 3.0.8 - Remote Command Injection (Shellshock)

NUUO NVRmini 2 NE-4160 ShellShock Remote Code Execution Vendor: NUUO Inc. Product web page: http://www.nuuo.com Affected version: Firmware Version: 02.02.00 NVR Version: 02.02.0000.0040 Device Pack Version: 04.07.0000.0030 Summary: NUUO NVRmini 2 is the lightweight, portable NVR solution with NAS...

How to run Graphical Ubuntu Linux from Bash Shell in Windows 10

You might be aware of Microsoft and Canonical's partnership to integrate "Bash on Ubuntu on Windows 10," which is typically a non-graphical Ubuntu running over Windows Subsystem for Linux. Windows 10 doesn’t officially support graphical Linux desktop applications. But, now we have noticed a very...

Vulnerabilities of the Alt Linux SPT operating system, which allow a malicious attacker to disable the device’s functionality

Multiple vulnerabilities in the bash command-line interpreter of the Altron Linux SPT operating system are caused by errors in processing input data during syntax analysis of code. Exploiting these vulnerabilities allows a malicious individual to execute arbitrary commands with the privileges of...