This Metasploit module scans for the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This Metasploit module targets CGI scripts in the Apache web server by setting the HTTP_USER_AGENT environment variable to a malicious function definition. PROTIP: Use exploit/multi/handler with a PAYLOAD appropriate to your CMD, set ExitOnSession false, run -j, and then run this module to create sessions on vulnerable hosts. Note that this is not the recommended method for obtaining shells. If you require sessions, please use the apache_mod_cgi_bash_env_exec exploit module instead.
87c833264ee49ea156b8462740c64928a943a3c37c5f3d9c388659dfaa1d03a0
SonicWall SSL-VPN Exploit shellshock unauthenticated remote code execution exploit that provides a shell as uid nobody.
c1b90a4a590243020b1b96651958bc1a3a893b68aa5d573032e7b1ac65f2b015
FutureNet NXR-G240 Series remote shellshock command injection exploit.
f78dbb3e60f1c9d3724509318e7a6186453a1ba3aa5bffb1f8e6b9d5aa925d7b
Staubli Jacquard Industrial System JC6 suffers from a bash environment variable handling code injection vulnerability.
298aac6aa0537ef624d332e5623f63e990ee12f9376d9baef4524a5f870ca6cb
This Metasploit module exploits a shellshock vulnerability on Qmail, a public domain MTA written in C that runs on Unix systems. Due to the lack of validation on the MAIL FROM field, it is possible to execute shell code on a system with a vulnerable BASH (Shellshock). This flaw works on the latest Qmail versions (qmail-1.03 and netqmail-1.06). However, in order to execute code, /bin/sh has to be linked to bash (usually default configuration) and a valid recipient must be set on the RCPT TO field (usually admin@exampledomain.com). The exploit does not work on the "qmailrocks" community version as it ensures the MAILFROM field is well-formed.
312980cfe01d6ece2e6c4f8b4625555a7173a1cdd391e9346ac2f685ab5d2b6a
TrendMicro InterScan Web Security Virtual Appliance remote code execution exploit that leverages the shellshock vulnerability to spawn a connect-back shell. TrendMicro has contacted Packet Storm and provided the following link with patch information: <a href="https://success.trendmicro.com/solution/1105233">https://success.trendmicro.com/solution/1105233</a>
7eefbb330b7be36adf17cb7725410f679d2aeac775a9e31cf85234029e4b66cc
IPFire, a free linux based open source firewall distribution, versions 2.15 Update Core 82 and below contain an authenticated remote command execution vulnerability via shellshock in the request headers.
72f8b0873dc11b2d3d2949fc7e34c4a2aa14b2eba24cd506e1e1251f6aec3dd2
This Metasploit module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This Metasploit module targets the 'ping.sh' CGI script, accessible through the Boa web server on Advantech switches. This Metasploit module was tested against firmware version 1322_D1.98.
2d07c4e5c3e954a7d9efc2a4e7d397f7e69058ab0c07cd400854d45c65db2f07
Cisco Unified Communications Manager versions prior to 11.0.1, 10.5.2, and 9.2 suffer from multiple command execution vulnerabilities.
2657de5609ab33edc3daabf9e0594e967f1578315006fc819d72a4d7f3cd226d
PHP script that leverages user agents to scan for the shellshock vulnerability.
c3fb3a101c43ddb2ec35601038641d0e74080bb19c7ab688fea8961529e512d4
HP Security Bulletin HPSBST03195 1 - Potential security vulnerabilities have been identified with HP 3PAR Service Processor (SP) running OpenSSL and Bash. The OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely resulting in disclosure of information. The Bash Shell vulnerability known as "Shellshock" which could be exploited remotely resulting in execution of code. Revision 1 of this advisory.
6a809ea757ff22870a3e4f96354ac184c8c6886fa4f952676c8a777eb3d928e2
This Metasploit module allows you to inject unix command with the same user who runs the http service - admin - directly on the QNAP system. Affected products: All Turbo NAS models except TS-100, TS-101, TS-200
79dd95bcb902cad5bd13f3008b386fe5dca9f4ee0630d82cdc725d1c103118d0
HP Security Bulletin HPSBST03196 1 - A potential security vulnerability has been identified with HP StoreEver MSL6480 Tape Library running Bash. This is the Bash Shell vulnerability known as "Shellshock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.
4be7a57fc9d180a0c2da2e754c8f966e45742fb56c2315e518187bf758764467
HP Security Bulletin HPSBMU03220 1 - Potential security vulnerabilities have been identified with HP Shunra Network Appliance / HP Shunra Wildcat Appliance running Bash Shell. The vulnerabilities, known as "Shellshock", could be exploited remotely to allow execution of code. Revision 1 of this advisory.
a6123d5b851b138a543e987a040efe52fa0e792954adbdefa8c34b543cc021b7
HP Security Bulletin HPSBST03265 - Potential security vulnerabilities have been identified with the HP VMA SAN Gateway running OpenSSL and Bash Shell. These vulnerabilities ("Padding Oracle on Downgraded Legacy Encryption" or "POODLE", Heartbleed, and Shellshock) could be exploited remotely to create a Denial of Service (DoS), allow unauthorized access, or disclose information. Revision 1 of this advisory.
92118da9cc0dbaddd32d8fde76690a96c700f87356ab76b9c4e352f73d6ee51a
HP Security Bulletin HPSBMU03246 1 - Potential security vulnerabilities have been identified with HP Insight Control for Linux Central Management Server Pre-boot Execution Environment that could be exploited remotely resulting in Denial of Service (DoS), disclosure of information, and other vulnerabilities. Revision 1 of this advisory.
3bc364eb213e9861d4e21588302ac46a9d28eaf2ef45b15cfb72ed924b71144e
HP Security Bulletin HPSBMU03245 1 - Potential security vulnerabilities have been identified with HP Insight Control server deployment Linux Preboot Execution Environment that could be exploited remotely resulting in Denial of Service (DoS), disclosure of information, and other vulnerabilities. Revision 1 of this advisory.
547a09874ba71ce03f8459976cd14cc2cb14970581a4d419a52cee64bf714d9e
HP Security Bulletin HPSBGN03233 1 - Potential security vulnerabilities have been identified with HP OneView running OpenSSL and Bash Shell. These vulnerabilities (POODLE and Shellshock) could be exploited remotely to create a Denial of Service (DoS), allow unauthorized access, or disclose information. Revision 1 of this advisory.
4b877dbe7e357236881b287abc3a3f36c78913bccdc7212120a575f1c5a5650e
HP Security Bulletin HPSBOV03228 1 - A potential security vulnerability has been identified with HP OpenVMS running Bash Shell. This is the Bash Shell vulnerability known as "Shellshock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.
54602e8de35c6c47fc8c1b533278a3d28121a1b297a194088df4d09262b8ccc0
HP Security Bulletin HPSBMU03217 1 - A potential security vulnerability has been identified with HP Vertica. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.
bba781db0ea6237d24c41632509ea14fbeb0e32ee6e7ac09ab25b8319078c862
HP Security Bulletin HPSBST03154 2 - A potential security vulnerability has been identified with HP StoreFabric C-series MDS switches and HP C-series Nexus 5K switches running Bash Shell. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. Revision 2 of this advisory.
1fd37f9427784b3b37be04b743ed2eb89dd0ff93ce83329650327ceec8f74b04
HP Security Bulletin HPSBST03148 1 - A potential security vulnerability has been identified with certain HP StoreOnce Gen 2 Backup systems running Bash Shell. This is the Bash Shell vulnerability known as "Shellshock" which could be exploited remotely to allow execution of code. NOTE: Versions of HP StoreOnce Gen 2 Backup software prior to 2.3.02 contain the vulnerable version of Bash. However, HP is unaware of any method that would allow this vulnerability to be exploited on HP StoreOnce Gen 2 Backup systems but is providing an updated version of Bash Shell as a precaution. Revision 1 of this advisory.
004f0402a1b18363987419f90e5d1da127d2865f9f82eb63474f13b373a541c3
HP Security Bulletin HPSBMU03182 1 - A potential security vulnerability has been identified with HP Server Automation. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.
2c7547ad37486e13bbfb803f26b54786b2666a0d9a0dc7130cbe590247c0434c
HP Security Bulletin HPSBGN03117 2 - A potential security vulnerability has been identified with HP Remote Device Access: Virtual Customer Access System (vCAS) running Bash Shell. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. NOTE: The vCAS product is vulnerable only if DHCP is enabled. Revision 2 of this advisory.
e1b44829e163823ba39cf92638eaac5e9924d468dee54cd584402a7214c8137b
HP Security Bulletin HPSBST03155 1 - A potential security vulnerability has been identified with HP StoreFabric H-series switches running Bash Shell. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.
f3dcc135fd2c1cf8a1c5df3a69efd02a182cdabdb8e9370883499a6a98eeecfc