Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in JExperts Channel Platform 5.0.33CCB allow remote attackers to inject arbitrary web script or HTML via the 1 usuario.nome variable in an editarUsuario action to usuario.do or 2 titulo.form variable in a novoChamado action to ticket.do...

CUPS Filter Bash Environment Variable Code Injection

No description provided by source. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpClient def initializeinf...

VMware vCenter Converter 5.1.x < 5.1.2 / 5.5.x < 5.5.3 Multiple Vulnerabilities (VMSA-2014-0010) (Shellshock)

The version of VMware vCenter Converter installed on the remote Windows host is 5.1.x prior to 5.1.2 or 5.5.x prior to 5.5.3. It is, therefore, affected by the following vulnerabilities : - A command injection vulnerability exists in GNU Bash known as Shellshock, which is due to the processing of...

CUCM IM and Presence Service GNU Bash Environment Variable Handling Command Injection (CSCur05454) (Shellshock)

According to its self-reported version, the CUCM IM and Presence Service installed on the remote host contains a version of GNU Bash that is affected by a command injection vulnerability known as Shellshock, which is due to the processing of trailing strings after function definitions in the valu...

Bash Environment Variable Handling Shell Command Injection Via CUPS

Added: 11/05/2014 CVE: CVE-2014-6271 BID: 70103 OSVDB: 112004 Background GNU Bash Bourne Again SHell is a command shell commonly used on Linux and Unix systems. CUPS is printing software for UNIX-like systems that allows a computer to act as a print server. Problem The Bash shell executes command...

Bash Environment Variable Handling Shell Command Injection Via CUPS

Added: 11/05/2014 CVE: CVE-2014-6271 BID: 70103 OSVDB: 112004 Background GNU Bash Bourne Again SHell is a command shell commonly used on Linux and Unix systems. CUPS is printing software for UNIX-like systems that allows a computer to act as a print server. Problem The Bash shell executes command...

VMware NSX Bash Environment Variable Command Injection (VMSA-2014-0010) (Shellshock)

The version of VMware NSX installed on the remote host is 4.x prior to 4.0.5 / 4.1.4 / 4.2.1 or 6.x prior to 6.0.7 / 6.1.1. It is, therefore, affected by a command injection vulnerability in GNU Bash known as Shellshock, which is due to the processing of trailing strings after function definition...

SIP Script Remote Command Execution via Shellshock

The remote host appears to be running SIP. SIP itself is not vulnerable to Shellshock; however, any Bash script that SIP runs for filtering or other routing tasks could potentially be affected if the script exports an environmental variable from the content or headers of a SIP message. A negative...

Cisco Prime Security Manager GNU Bash Environment Variable Handling Command Injection (cisco-sa-20140926-bash) (Shellshock)

According to its self-reported version number, the version of Cisco Prime Security Manager installed on the remote host is affected by a command injection vulnerability in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in th...

VMware vSphere Replication Bash Environment Variable Command Injection Vulnerability (VMSA-2014-0010) (Shellshock)

The VMware vSphere Replication installed on the remote host is version 5.1.x prior to 5.1.2.2, 5.5.x prior to 5.5.1.3, 5.6.x prior to 5.6.0.2, or 5.8.x prior to 5.8.0.1. It is, therefore, affected by a command injection vulnerability in GNU Bash known as Shellshock, which is due to the processing...

CUPS Filter Bash Environment Variable Code Injection Exploit

This Metasploit module exploits a post-auth code injection in specially crafted environment variables in Bash, specifically targeting CUPS filters through the PRINTERINFO and PRINTERLOCATION variables by default. This module requires Metasploit: http://metasploit.com/download Current source:...

CVE-2012-5580

Format string vulnerability in the printproxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in a proxy name, as demonstrated using the httpproxy environment...

CVE-2012-5580

Format string vulnerability in the printproxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in a proxy name, as demonstrated using the httpproxy environment...

CVE-2012-5580

Format string vulnerability in the printproxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in a proxy name, as demonstrated using the httpproxy environment...

Shellshock Exploits Used Against SMTP Servers at Webhosts

The persistence of the Shellshock vulnerability remains high more than a month after it first surfaced. The latest attacks involved SMTP servers belonging to web hosts, said a report published by the SANS Internet Storm Center. Attackers are using Shellshock exploits targeting the now infamous...

Cisco NX-OS GNU Bash Environment Variable Command Injection Vulnerability (cisco-sa-20140926-bash) (Shellshock)

According to its self-reported version, the remote NX-OS device is affected by a command injection vulnerability in GNU Bash known as Shellshock, which is due to the processing of trailing strings after function definitions in the values of environment variables. This allows a remote attacker to...

WordPress Plugin CP Multi View Event Calendar 1.01 - SQL Injection

WordPress Plugin CP Multi View Event Calendar 1.01 - SQL Injection Exploit Title : CP Multi View Event Calendar 1.01 SQL Injection Vulnerability Exploit Author : Claudio Viviani Software Link : https://downloads.wordpress.org/plugin/cp-multi-view-calendar.zip Date : 2014-10-23 Tested on : Windows...

WordPress Plugin CP Multi View Event Calendar 1.01 - SQL Injection

Exploit Title : CP Multi View Event Calendar 1.01 SQL Injection Vulnerability Exploit Author : Claudio Viviani Software Link : https://downloads.wordpress.org/plugin/cp-multi-view-calendar.zip Date : 2014-10-23 Tested on : Windows 7 / Mozilla Firefox Windows 7 / sqlmap 0.8-1 Linux / Mozilla Firef...

Discuz!某两个版本前台产品命令执行（无需登录）

简要描述： 最近总有人翻旧程序，我也翻一个出来！ Discuz!某版本虽然停止维护，但使用量还很可观，各大厂商或多或少都有使用。 有条件，直接存在命令执行，但目前大多默认配置直接支持。 此漏洞在互联网上公开过，但厂商不认为是漏洞？ 还是那句：没有POC,你说个jb！ 不登陆，直接执行 详细说明： 影响版本：Discuz! 6.x/7.x 全局变量防御绕过漏洞 互联网比较有人公开过，看：http://www.80vul.com/dzvul/sodb/19/sodb-2010-01.txt 那时描述是：Discuz! 6.x/7.x 全局变量防御绕过漏洞 POC : 缺...

The Bash Vulnerability: How to Protect your Environment

A recently discovered hole in the security of the Bourne-Again Shell bash has the majority of Unix/Linux including OS X admins sweating bullets. You should be, too--attackers have already developed exploits to unleash on unpatched web servers, network services and daemons that use shell scripts...