ShellShock - Remote Code Execution

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and modcg...

EUVD-2012-3380

Malware in sbrugna...

EUVD-2012-6552

Malware in sbrugna...

GNU Bash OS Command Injection Vulnerability

GNU Bash contains an OS command injection vulnerability which allows remote attackers to execute arbitrary commands via a crafted environment...

Exploit for OS Command Injection in Gnu Bash

Exploits Miscellaneous proof of concept exploit code written at Xiphos Research for testing purposes. Current Exploits index may be out of date phpMoAdmin Remote Code Execution CVE-2015-2208 LotusCMS Remote Code Execution OSVDB-75095 ElasticSearch Remote Code Execution CVE-2015-1427 ShellShock...

Linux Distros Unpatched Vulnerability : CVE-2014-6271

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute...

Linux Distros Unpatched Vulnerability : CVE-2012-6711

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LCCTYPE environment variable, ar...

Linux Distros Unpatched Vulnerability : CVE-2014-7169

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows...

Linux Distros Unpatched Vulnerability : CVE-2019-18276

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in disableprivmode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real...

Linux Distros Unpatched Vulnerability : CVE-2014-7187

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Off-by-one error in the readtokenword function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service out-of-bounds...

Linux Distros Unpatched Vulnerability : CVE-2014-7186

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service out-of-bounds array access and...

Qnap QTS Bash OS Command Injection (CVE-2014-7169)

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the...

K15629: Multiple GNU Bash vulnerabilities

Security Advisory Description CVE-2014-6271 GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand...

Security Bulletin: Vulnerabilities in GNU Bash affect the IBM FlashSystem models 840 and 900

Summary There are vulnerabilities in GNU Bash to which the IBM FlashSystem™ 840 and FlashSystem 900 are susceptible. An exploit of these vulnerabilities CVE-2016-0634, CVE-2016-7543, CVE-2016-9401 could make the system susceptible to an attack which could allow an attacker to execute arbitrary co...

SUSE CVE-2014-7169

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the...

SUSE CVE-2014-7187

Off-by-one error in the readtokenword function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service out-of-bounds array access and application crash or possibly have unspecified other impact via deeply nested for loops, aka the "wordlineno" issue...

Security Bulletin: Vulnerabilities in Bash affect DS8000 HMC (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by the DS8000 HMC. Vulnerability Details This update provides details on...

GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code. This CVE correctly remediates the vulnerability in CVE-2014-6271...

Security Bulletin: Vulnerability in Bash (CVE-2019-18276) affects HMC

Summary GNU Bash is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-18276 DESCRIPTION: GNU Bash could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in the disableprivmode...

Advisory ROSA-SA-2021-1802

Software: bash 4.2.46 OS: Cobalt 7.9 CVE-ID: CVE-2012-6711 CVE-Crit: HIGH CVE-DESC: A heap-based buffer overflow exists in GNU Bash before 4.3, when broad characters not supported by the current language standard set in the LCCTYPE environment variable are printed using the built-in echo function...