Exploit the possiblities
Showing 1 - 25 of 71 RSS Feed

CVE-2014-6271

Status Candidate

Overview

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.

Related Files

Qmail SMTP Bash Environment Variable Injection (Shellshock)
Posted Sep 29, 2017
Authored by Kyle George, Gabriel Follon, Mario Ledo | Site metasploit.com

This Metasploit module exploits a shellshock vulnerability on Qmail, a public domain MTA written in C that runs on Unix systems. Due to the lack of validation on the MAIL FROM field, it is possible to execute shell code on a system with a vulnerable BASH (Shellshock). This flaw works on the latest Qmail versions (qmail-1.03 and netqmail-1.06). However, in order to execute code, /bin/sh has to be linked to bash (usually default configuration) and a valid recipient must be set on the RCPT TO field (usually admin@exampledomain.com). The exploit does not work on the "qmailrocks" community version as it ensures the MAILFROM field is well-formed.

tags | exploit, shell, bash
systems | unix
advisories | CVE-2014-6271
MD5 | e886215786e8070f396bf10bc995a777
TrendMicro InterScan Web Security Virtual Appliance Shellshock
Posted Oct 22, 2016
Authored by Hacker Fantastic

TrendMicro InterScan Web Security Virtual Appliance remote code execution exploit that leverages the shellshock vulnerability to spawn a connect-back shell. TrendMicro has contacted Packet Storm and provided the following link with patch information: <a href="https://success.trendmicro.com/solution/1105233">https://success.trendmicro.com/solution/1105233</a>

tags | exploit, remote, web, shell, code execution
advisories | CVE-2014-6271
MD5 | 024456ad9c32bbf192f9b2a8604a853e
IPFire Bash Environment Variable Injection (Shellshock)
Posted Jun 9, 2016
Authored by h00die, Claudio Viviani | Site metasploit.com

IPFire, a free linux based open source firewall distribution, versions 2.15 Update Core 82 and below contain an authenticated remote command execution vulnerability via shellshock in the request headers.

tags | exploit, remote
systems | linux
advisories | CVE-2014-6271
MD5 | 346568e36e1b3865af232e9ca23aee0a
Advantech Switch Bash Environment Variable Code Injection
Posted Dec 2, 2015
Authored by H D Moore | Site metasploit.com

This Metasploit module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This Metasploit module targets the 'ping.sh' CGI script, accessible through the Boa web server on Advantech switches. This Metasploit module was tested against firmware version 1322_D1.98.

tags | exploit, web, shell, cgi, bash
advisories | CVE-2014-6271
MD5 | 3f75e0684f5d9400f0db116618cf437e
Cisco Unified Communications Manager Command Execution
Posted Aug 13, 2015
Authored by Bernhard Mueller

Cisco Unified Communications Manager versions prior to 11.0.1, 10.5.2, and 9.2 suffer from multiple command execution vulnerabilities.

tags | exploit, vulnerability, file inclusion
systems | cisco
advisories | CVE-2014-6271
MD5 | 087de88cbc5124421a285bf18e1d7595
Xpl-SHELLSHOCK-Ch3ck Shellshock Vulnerability Scanner
Posted May 3, 2015
Authored by Cleiton Pinheiro

PHP script that leverages user agents to scan for the shellshock vulnerability.

tags | tool, scanner, php
systems | unix
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
MD5 | ea20de95fd9f1afc3959e00818888910
HP Security Bulletin HPSBST03195 1
Posted Apr 3, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03195 1 - Potential security vulnerabilities have been identified with HP 3PAR Service Processor (SP) running OpenSSL and Bash. The OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely resulting in disclosure of information. The Bash Shell vulnerability known as "Shellshock" which could be exploited remotely resulting in execution of code. Revision 1 of this advisory.

tags | advisory, shell, vulnerability, bash
advisories | CVE-2014-0224, CVE-2014-3566, CVE-2014-6271, CVE-2014-7169
MD5 | a3597b64c42716642c509ae51cfced26
QNAP Web Server Remote Code Execution
Posted Mar 27, 2015
Authored by Patrick Pellegrino | Site metasploit.com

This Metasploit module allows you to inject unix command with the same user who runs the http service - admin - directly on the QNAP system. Affected products: All Turbo NAS models except TS-100, TS-101, TS-200

tags | exploit, web
systems | unix
advisories | CVE-2014-6271
MD5 | 176fa413cbfeb1764219cadbe5ef12b5
HP Security Bulletin HPSBST03196 1
Posted Mar 24, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03196 1 - A potential security vulnerability has been identified with HP StoreEver MSL6480 Tape Library running Bash. This is the Bash Shell vulnerability known as "Shellshock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-6271
MD5 | 155179048fef5f06ffff87f381b7d674
HP Security Bulletin HPSBMU03220 1
Posted Mar 24, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03220 1 - Potential security vulnerabilities have been identified with HP Shunra Network Appliance / HP Shunra Wildcat Appliance running Bash Shell. The vulnerabilities, known as "Shellshock", could be exploited remotely to allow execution of code. Revision 1 of this advisory.

tags | advisory, shell, vulnerability, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2104-6277, CVE-2104-6278
MD5 | 45b387b5df583f081be056617de348e8
HP Security Bulletin HPSBST03265
Posted Mar 5, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03265 - Potential security vulnerabilities have been identified with the HP VMA SAN Gateway running OpenSSL and Bash Shell. These vulnerabilities ("Padding Oracle on Downgraded Legacy Encryption" or "POODLE", Heartbleed, and Shellshock) could be exploited remotely to create a Denial of Service (DoS), allow unauthorized access, or disclose information. Revision 1 of this advisory.

tags | advisory, denial of service, shell, vulnerability, bash
advisories | CVE-2014-0224, CVE-2014-3566, CVE-2014-6271
MD5 | b756d240bc0672bd429e2cbbf578a649
HP Security Bulletin HPSBMU03246 1
Posted Feb 10, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03246 1 - Potential security vulnerabilities have been identified with HP Insight Control for Linux Central Management Server Pre-boot Execution Environment that could be exploited remotely resulting in Denial of Service (DoS), disclosure of information, and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | linux
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-7196
MD5 | 9ff3aef951a93cf095f88f94f47b951a
HP Security Bulletin HPSBMU03245 1
Posted Feb 10, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03245 1 - Potential security vulnerabilities have been identified with HP Insight Control server deployment Linux Preboot Execution Environment that could be exploited remotely resulting in Denial of Service (DoS), disclosure of information, and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | linux
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
MD5 | 77f708697e8d950ace5bdd1b02d84713
HP Security Bulletin HPSBGN03233 1
Posted Jan 14, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03233 1 - Potential security vulnerabilities have been identified with HP OneView running OpenSSL and Bash Shell. These vulnerabilities (POODLE and Shellshock) could be exploited remotely to create a Denial of Service (DoS), allow unauthorized access, or disclose information. Revision 1 of this advisory.

tags | advisory, denial of service, shell, vulnerability, bash
advisories | CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
MD5 | e0ad1d05802cfd5a9626a34c8b1e2bf6
HP Security Bulletin HPSBOV03228 1
Posted Jan 13, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV03228 1 - A potential security vulnerability has been identified with HP OpenVMS running Bash Shell. This is the Bash Shell vulnerability known as "Shellshock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-6271, CVE-2014-7169, CVE-2014-7186
MD5 | 8c3fe2ec10e72150d0bb898a23963d2b
HP Security Bulletin HPSBMU03217 1
Posted Dec 17, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03217 1 - A potential security vulnerability has been identified with HP Vertica. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2104-6277, CVE-2104-6278
MD5 | 3f5913c1d1e47345d54f58954e797e3d
HP Security Bulletin HPSBST03154 2
Posted Dec 9, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03154 2 - A potential security vulnerability has been identified with HP StoreFabric C-series MDS switches and HP C-series Nexus 5K switches running Bash Shell. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. Revision 2 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
MD5 | bbd9e2fc809b953e88cd667e06716816
HP Security Bulletin HPSBST03148 1
Posted Nov 26, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03148 1 - A potential security vulnerability has been identified with certain HP StoreOnce Gen 2 Backup systems running Bash Shell. This is the Bash Shell vulnerability known as "Shellshock" which could be exploited remotely to allow execution of code. NOTE: Versions of HP StoreOnce Gen 2 Backup software prior to 2.3.02 contain the vulnerable version of Bash. However, HP is unaware of any method that would allow this vulnerability to be exploited on HP StoreOnce Gen 2 Backup systems but is providing an updated version of Bash Shell as a precaution. Revision 1 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
MD5 | fe5f6090052de76ea683bf6bb6bf4ff4
HP Security Bulletin HPSBMU03182 1
Posted Nov 13, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03182 1 - A potential security vulnerability has been identified with HP Server Automation. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2104-6277, CVE-2104-6278
MD5 | b47a36f683bf491830911d855c6f1a38
HP Security Bulletin HPSBGN03117 2
Posted Nov 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03117 2 - A potential security vulnerability has been identified with HP Remote Device Access: Virtual Customer Access System (vCAS) running Bash Shell. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. NOTE: The vCAS product is vulnerable only if DHCP is enabled. Revision 2 of this advisory.

tags | advisory, remote, shell, bash
advisories | CVE-2014-6271, CVE-2014-7169
MD5 | 8cd197ae0bc08b73f1a3d28afc1e8b48
HP Security Bulletin HPSBST03155 1
Posted Nov 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03155 1 - A potential security vulnerability has been identified with HP StoreFabric H-series switches running Bash Shell. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
MD5 | cee9e866dfa14f72f35220bfb59dc115
HP Security Bulletin HPSBST03154 1
Posted Nov 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03154 1 - A potential security vulnerability has been identified with HP StoreFabric C-series MDS switches and HP C-series Nexus 5K switches running Bash Shell. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
MD5 | 391ed1bc0adafb58425b1de7b062ea2c
HP Security Bulletin HPSBST03181 1
Posted Nov 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03181 1 - A potential security vulnerability has been identified with HP StoreEver ESL G3 Tape Library. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
MD5 | 6fde430e8bafb4371955f484d34826e0
HP Security Bulletin HPSBHF03124 2
Posted Nov 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03124 2 - Potential security vulnerabilities have been identified with certain HP Thin Clients running Bash Shell. The vulnerabilities, known as "Shellshock", could be exploited remotely to allow execution of code. Revision 2 of this advisory.

tags | advisory, shell, vulnerability, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2104-6277, CVE-2104-6278
MD5 | ec6d6034152d962e6ffbdc9d84e140a5
HP Security Bulletin HPSBMU03165 1
Posted Nov 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03165 1 - A potential security vulnerability has been identified with HP Propel. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2104-6277, CVE-2104-6278
MD5 | fcec6b2014de89d2c078219011a562a0
Page 1 of 3
Back123Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    4 Files
  • 19
    Nov 19th
    2 Files
  • 20
    Nov 20th
    9 Files
  • 21
    Nov 21st
    15 Files
  • 22
    Nov 22nd
    23 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close