what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2014-09-26

Apache mod_cgi Bash Environment Variable Code Injection
Posted Sep 26, 2014
Authored by juan vazquez, wvu, Stephane Chazelas | Site metasploit.com

This Metasploit module exploits a code injection in specially crafted environment variables in Bash, specifically targeting Apache mod_cgi scripts through the HTTP_USER_AGENT variable.

tags | exploit, bash
advisories | CVE-2014-6271
SHA-256 | bddccc35d3cda611c86307a7ce0074fc7d74f100f9a6dea0b6e39a478138e054
Cisco Security Advisory 20140926-bash
Posted Sep 26, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - On September 24, 2014, a vulnerability in the Bash shell was publicly announced. The vulnerability is related to the way in which shell functions are passed though environment variables. The vulnerability may allow an attacker to inject commands into a Bash shell, depending on how the shell is invoked. The Bash shell may be invoked by a number of processes including, but not limited to, telnet, SSH, DHCP, and scripts hosted on web servers. All versions of GNU Bash starting with version 1.14 are affected by this vulnerability and the specific impact is determined by the characteristics of the process using the Bash shell. In the worst case, an unauthenticated remote attacker would be able to execute commands on an affected server. However, in most cases involving Cisco products, exploitation of the vulnerability results in an authenticated attacker having the ability to execute commands for which they are not authorized. A number of Cisco products ship with or leverage an affected version of the Bash shell. This advisory will be updated as additional information becomes available. Cisco may release free software updates that address this vulnerability if a product is determined to be affected by this vulnerability.

tags | advisory, remote, web, shell, bash
systems | cisco
SHA-256 | 67983763ce5d1b5e462159463c83b03085fadbe2fc6b45584c12b6e1e3959da5
DHCP Client Bash Environment Variable Code Injection
Posted Sep 26, 2014
Authored by Ramon de C Valle, scriptjunkie, Stephane Chazelas | Site metasploit.com

This Metasploit module exploits a code injection in specially crafted environment variables in Bash, specifically targeting dhclient network configuration scripts through the HOSTNAME, DOMAINNAME, and URL DHCP options.

tags | exploit, bash
advisories | CVE-2014-6271
SHA-256 | 79d7a8dc657f6596bbdf6d89daca73b5c6faa99cc6ea47bed9be15fb8d04a23a
Gnu Bash 4.3 CGI REFERER Command Injection
Posted Sep 26, 2014
Authored by Simo Ben Youssef | Site morxploit.com

GNU Bash versions 4.3 and below remote command injection exploit that leverages the REFERER header on vulnerable CGI scripts. Launches a connect-back shell. Written in Perl.

tags | exploit, remote, shell, cgi, perl, bash
advisories | CVE-2014-6271, CVE-2014-7169
SHA-256 | 19dfcfb3d85be26b41d2f9316ffaebf7de4fe7c3b8fd4d6b1cf6a55a6f1ba395
Typo3 JobControl 2.14.0 Cross Site Scripting / SQL Injection
Posted Sep 26, 2014
Authored by Hans-Martin Muench

Typo3 JobControl version 2.14.0 suffers from cross site scripting and remote SQL injection vulnerabilities. Typo3 no longer provides updates for this extension and it is considered unsafe to use.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | fd26ba8328d734e82a7dea5f7dff200a5a1a0a8862c060bfd070948aa195c3db
Gnu Bash 4.3 CGI Scan Remote Command Injection
Posted Sep 26, 2014
Authored by Claudio Viviani, Stephane Chazelas

Gnu Bash versions 4.3 and below remote command injection exploit that leverages the User-Agent header via vulnerable CGI scripts. Written in Python.

tags | exploit, remote, cgi, python, bash
advisories | CVE-2014-6271, CVE-2014-7169
SHA-256 | 057996be27a48a42909a085ad63607f515c2c4f7a1da1dc7eddd802689cd126c
SmarterTools Smarter Track 6-10 Information Disclosure
Posted Sep 26, 2014
Authored by Ehsan Vahab, Vulnerability Laboratory | Site vulnerability-lab.com

SmarterTools Smarter Track versions 6 through 10 suffer from an information disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | b41e89efc3bbbdee6f8f96f9d1f50dd467ded58b5ee3d8c3c7c09b0cfc00832f
GS Foto Uebertraege 3.0 Local File Inclusion
Posted Sep 26, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

GS Foto Uebertraege version 3.0 suffers from a local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, file inclusion
SHA-256 | 94fa4864b4a48c57985de0ba4158bbfed8cf5005eedcc0ac60d2c0633d2247ec
Red Hat Security Advisory 2014-1307-01
Posted Sep 26, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1307-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS parsed ASN.1 input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2014-1568
SHA-256 | 08a1d6314655253f277428022a1688098423cb33c9f35cce58d396cb4045d729
Ubuntu Security Notice USN-2363-2
Posted Sep 26, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2363-2 - USN-2363-1 fixed a vulnerability in Bash. Due to a build issue, the patch for CVE-2014-7169 didn't get properly applied in the Ubuntu 14.04 LTS package. This update fixes the problem. Tavis Ormandy discovered that the security fix for Bash included in USN-2362-1 was incomplete. An attacker could use this issue to bypass certain environment restrictions. Various other issues were also addressed.

tags | advisory, bash
systems | linux, ubuntu
advisories | CVE-2014-7169
SHA-256 | 3e18a143d3f887e0e17c89d032327a608ab2beec642f3e1e91e5bfef9721dfcc
Red Hat Security Advisory 2014-1306-01
Posted Sep 26, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1306-01 - The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell. Bash is the default shell for Red Hat Enterprise Linux. It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.

tags | advisory, remote, shell, bash
systems | linux, redhat
advisories | CVE-2014-7169
SHA-256 | 88d35c967bdafa1462b50e6b3d195bb62db44e287d9df7085810180afa4b143f
Ubuntu Security Notice USN-2363-1
Posted Sep 26, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2363-1 - Tavis Ormandy discovered that the security fix for Bash included in USN-2362-1 was incomplete. An attacker could use this issue to bypass certain environment restrictions.

tags | advisory, bash
systems | linux, ubuntu
advisories | CVE-2014-7169
SHA-256 | f5f456c7e48c7214e00ff053cd9387307f5241a9d083c936d0541e007cdceb1a
Mandriva Linux Security Advisory 2014-190
Posted Sep 26, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-190 - It was found that the fix for was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue. Additionally bash has been updated from patch level 37 to 48 using the upstream patches at ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/ which resolves various bugs.

tags | advisory, remote, shell, bash
systems | linux, mandriva
advisories | CVE-2014-7169
SHA-256 | ae4a2ddbddcc61c6966f4694c639082e3489b84bee7732ae063725dab98b2b3c
Slackware Security Advisory - bash Updates
Posted Sep 26, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New bash packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.

tags | advisory, bash
systems | linux, slackware
advisories | CVE-2014-7169
SHA-256 | ef15a9f5d74abb68daa1dd4cfbf2c7875ecd047088315d90b16cfabda7880efd
Debian Security Advisory 3036-1
Posted Sep 26, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3036-1 - It was discovered that MediaWiki, a wiki engine, did not sufficiently filter CSS in uploaded SVG files, allowing for cross site scripting.

tags | advisory, xss
systems | linux, debian
SHA-256 | 031db5fef5a40b83c3d7dbe498d63b05566f4feaddd502aa306ab324b04e7cc6
Debian Security Advisory 3035-1
Posted Sep 26, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3035-1 - Tavis Ormandy discovered that the patch applied to fix CVE-2014-6271 released in DSA-3032-1 for bash, the GNU Bourne-Again Shell, was incomplete and could still allow some characters to be injected into another environment (CVE-2014-7169). With this update prefix and suffix for environment variable names which contain shell functions are added as hardening measure.

tags | advisory, shell, bash
systems | linux, debian
advisories | CVE-2014-7169
SHA-256 | c9152f57044050f4b25ba7c86fda6196e8a06bf2e8ec64116ec765e8c2243201
Slackware Security Advisory - bash Updates
Posted Sep 26, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New bash packages are available for Slackware 13.0 to fix a security issue.

tags | advisory, bash
systems | linux, slackware
advisories | CVE-2014-7169
SHA-256 | c5aa03ec719896cf77ac684a412556993a10649e75080a6763d5b213ed7066da
Hakabana 0.2.1
Posted Sep 26, 2014
Authored by Mehdi Talbi | Site haka-security.org

Hakabana is an open source monitoring tool that helps you visualize network traffic using Haka and Kibana.

tags | tool
systems | unix
SHA-256 | ce0904f3c36adae66096e0a19b14753576c6466069d78f567e1e4ea1600594eb
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close