GNU Bash - Environment Variable Command Injection (Metasploit)

require 'msf/core' class Metasploit3 'bashedCgi', 'Description' = %q Quick & dirty module to send the BASH exploit payload CVE-2014-6271 to CGI scripts that are BASH-based or invoke BASH, to execute an arbitrary shell command. , 'Author' = 'Stephane Chazelas', vuln discovery 'Shaun Colley '...

FreeBSD 7.2-RELEASE - SCTP Local Kernel Denial of Service

FreeBSD 7.2-RELEASE - SCTP Local Kernel Denial of Service / fbsd-sctp-panic.c freebsd 7.2-RELEASE SCTP local kernel DoS kern panic only tested on 7.2-RELEASE, probably older and newer builds are vuln. as well based on an unfixed bug found here: by Shaun Colley , Wed 05 Aug 2009 $ gcc...

FreeBSD : picasm -- buffer overflow vulnerability (8a3ece40-3315-11da-a263-0001020eed82)

Shaun Colley reports : When generating error and warning messages, picasm copies strings into fixed length buffers without bounds checking. If an attacker could trick a user into assembling a source file with a malformed 'error' directive, arbitrary code could be executed with the privileges of t...

Ubuntu 4.10 : sharutils vulnerabilities (USN-102-1)

Shaun Colley discovered a buffer overflow in 'shar' that was triggered by output files specified with -o with names longer than 49 characters. This could be exploited to run arbitrary attacker specified code on systems that automatically process uploaded files with shar. Ulf Harnhammar discovered...

[Full-Disclosure] Texutil symlink vulnerability.

Product: texutil Versions: All Bug: Symlink bug Impact: Attackers can overwrite arbitrary files with the privileges of the invoking user Risk: Medium Date: April 4, 2004 Author: Shaun Colley Email: shaunige yahoo co uk WWW: http://www.nettwerked.co.uk Introduction Vendor description: --- "When...

cdp buffer overflow vulnerability

Product: cdp - console cd player Versions: All Bug: Buffer overflow Impact: Attackers can execute arbitrary code Risk: Medium/High Date: March 31, 2004 Author: Shaun Colley Email: shaunige yahoo co uk WWW: http://www.nettwerked.co.uk Introduction cdp is... "cdp is a program that plays CDs at the...

mysqlbug tmpfile/symlink vulnerability.

Product: mysqlbug packaged with MySQL. Versions: All Bug: Symlink bug / tmpfile bug. Impact: Attacker's can overwrite arbitrary files. Risk: Low/Medium Date: March 24, 2004 Author: Shaun Colley Email: shaunige yahoo co uk WWW: http://www.nettwerked.co.uk Introduction MySQL is an open-source, fast...

motorolaT720.txt

Product: Motorola T720 Cell phones http://www.motorola.com Versions: T270 Bug: DoS vulnerability Impact: Attacker's can reboot the cellphone remotely. Date: March 01, 2004 Author: Shaun Colley Email: [email protected] WWW: http://www.nettwerked.co.uk Introduction "The Motorola T720 proves that...