PT-2024-10988 · Netiq · Netiq Advance Authentication

Name of the Vulnerable Software and Affected Versions: NetIQ Advance Authentication versions prior to 6.3.5.1 Description: A vulnerability identified in Advance Authentication allows bash command injection in administrative controlled functionality of backup due to improper handling in provided...

Exploit for Incorrect Authorization in Apache Ofbiz

CVE-2024-38856-EXP --- bash bash CVE-2024-23692.sh...

CVE-2020-11847

SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1...

CVE-2020-11847 Vulnerability in sshrelay in privileged access manager provides full system access.

SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1...

PT-2024-6113 · Cisco · Cisco Nx-Os +1

Name of the Vulnerable Software and Affected Versions: Cisco NX-OS Software affected versions not specified Description: The issue is related to insufficient security restrictions when executing application arguments from the Bash shell, allowing an authenticated, local attacker with privileges t...

Juju's unprivileged user running on charm node can leak any secret or relation data accessible to the local charm

An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm. A potential exploit where a user can run a bash loop attempting to execute hook tools. If...

Exploit for Unrestricted Upload of File with Dangerous Type in Chamilo Chamilo_Lms

Chamilo LMS Unauthenticated RCE PoC This is a script written...

Exploit for Unrestricted Upload of File with Dangerous Type in Git

PoC exploit for CVE-2024-32002, a remote code execution vulnerab...

CVE-2024-41815

Starship is a cross-shell prompt. Starting in version 1.0.0 and prior to version 1.20.0, undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. This issue only affects users with...

RUSTSEC-2024-0446 Shell expansion in custom commands

Summary Undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. Details I wanted to show the git commit name in my prompt I use bash, so I added a command: custom.gitcommitname comma...

Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce

A Cosmicsting POC...

Exploit for Path Traversal in Chamilo

Chamilo LMS Unauthenticated Remote Code Execution Exploit CVE...

Exploit for Race Condition in Openbsd Openssh

CVE-2024-6387-OpenSSH-Vulnerability-Checker This repository co...

Exploit for Race Condition in Openbsd Openssh

CVE-2024-6387 PoC This Bash script is designed to check if a...

CVE-2024-4578 Privilege escalation in Arista Wireless Access Points

This Advisory describes an issue that impacts Arista Wireless Access Points. Any entity with the ability to authenticate via SSH to an affected AP as the “config” user is able to cause a privilege escalation via spawning a bash shell. The SSH CLI session does not require high permissions to explo...

MAL-2024-6769 Malicious code in beer-bash (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in beer-bash (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-6240

Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. An attacker could add malicious code in a script and populate the BASHENV environment variable with the path to the malicious script, executing on application startup. An attacke...

CVE-2024-6240

Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. An attacker could add malicious code in a script and populate the BASHENV environment variable with the path to the malicious script, executing on application startup. An attacke...

CVE-2022-48750 hwmon: (nct6775) Fix crash in clear_caseopen

In the Linux kernel, the following vulnerability has been resolved: hwmon: nct6775 Fix crash in clearcaseopen Paweł Marciniak reports the following crash, observed when clearing the chassis intrusion alarm. BUG: kernel NULL pointer dereference, address: 0000000000000028 PGD 0 P4D 0 Oops: 0000 1...