Bacula-web version 5.2.10 suffers from a remote SQL injection vulnerability.
8521ccbd84f8d2b97a8e8662f43056c2baefd4521bdf1a0434f2258ddfd95c17This Metasploit module exploits a file upload vulnerability in ManageEngine OpManager and Social IT. The vulnerability exists in the FileCollector servlet which accepts unauthenticated file uploads. This Metasploit module has been tested successfully on OpManager v8.8 - v11.3 and on version 11.0 of SocialIT for Windows and Linux.
e9c53edc4a81c1f18958ddfa8f5eddf60866488e72784884428750e9a058b73bManageEngine OpManager, Social IT Plus, and IT360 suffer from remote code execution via upload and arbitrary file deletion vulnerabilities.
375e267357239b52901647072b3a0b930fa59bec9185067e661bf2bcb84fcf70AllMyGuests version 0.4.1 suffers from bypass via malformed cookies, remote SQL injection, and cross site scripting vulnerabilities.
f47761659053ee4c4dd3cdb085e36ec23e26920bfc02e9ec2dd44de4b627b3c5WordPress Users Ultra plugin version 1.3.37 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
83da12e41fe8a52bf90f4d659a6a4eb3c4147e951cc5121e09d3c3df702d14eaInternet Explorer 8 fixed col span ID full ASLR, DEP, and EMET 5.0 bypass exploit that leverages the issue outlined in MS12-037.
876b8cd7e67c79c669947885b557203c13c38a1e58f07a2be3d86ba1ee061f95ExploitPack GNU Bash versions 4.3 and below command injection exploit that leverages the User-Agent header against a given website.
142c835b75cbe04a6ca350ec7bb8fea228669c18def84dd5d24a93513e005852This Metasploit module tests vulnerable IIS HTTP header file paths on Microsoft Exchange OWA 2003, CAS 2007, 2010, 2013 servers.
9b7a26362762262f505e7f02227cb75f7b373f2560a109697a283d98dbb104e4Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.
116e5409b054024e15eec983d4518800aee09f04dde73b19d06540244da6f545When bash is started with an environment variable that begins with the string "() {", that variable is treated as a function definition and parsed as code. If extra commands are added after the function definition, they will be executed immediately. When dhclient receives an ACK that contains a domain name or hostname, they are passed to configuration scripts as environment variables, allowing us to trigger the bash bug. Because of the length restrictions and unusual networking scenario at time of exploitation, this Metasploit module achieves code execution by echoing our payload into /etc/crontab and cleans it up when we get a shell.
5d7d7b3c51f3ee9f6de8df21a01a41ce128a74b5cdd4be3f7d65a7357f36ed1eExinda WAN Optimization Suite version 7.0.0 (2160) suffers from cross site request forgery and cross site scripting vulnerabilities.
83a1c7b092131f1cef204e879001c5cba65704e647207c15e65081dd1833f4a3Ubuntu Security Notice 2364-1 - Florian Weimer and Todd Sabin discovered that the Bash parser incorrectly handled memory. An attacker could possibly use this issue to bypass certain environment restrictions and execute arbitrary code. In addition, this update introduces a hardening measure which adds prefixes and suffixes around environment variable names which contain shell functions. Various other issues were also addressed.
ae34017a4da371e3957cf29ab3e4223ae8d46bc125d31af4b5a3d909728c3d3fRed Hat Security Advisory 2014-1312-01 - The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell. Bash is the default shell for Red Hat Enterprise Linux. Shift_JIS, also known as "SJIS", is a character encoding for the Japanese language. This package provides bash support for the Shift_JIS encoding. It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.
5a5179213e1d426ae806025b6835b14b2c5fc4fe0f9d07f38418998fd760d0e6Red Hat Security Advisory 2014-1311-01 - The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell. Bash is the default shell for Red Hat Enterprise Linux. It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.
2e88505af0a92784844daf9fe3c6fa50a2e04ca48111c2400b827bb859d59a0aOpenfiler version 2.99.1 suffers from a denial of service vulnerability.
77276520dc721a9252188a8e714c3de354590e5c280083c46c4ff2b5c0c6fc20Comersus Sophisticated Cart suffers from a database disclosure vulnerability.
25c2756e45e2fc406368fc0f33725428c30b6538434bd0559dfd5ca5cbeddc61Oscommerce version 2.3.4 suffers from cross site scripting, HTTP parameter pollution, and local file inclusion vulnerabilities.
8d1dd2e6442e15ac36b712ca7250cbff8a6c970b84e1efbe78af8cdac497642aNDBLOG version 0.1 suffers from cross site scripting and remote SQL injection vulnerabilities.
dd65952f3824e00cc2a80344ad64d4d621e1ec5e3aa4745efa0abfdc2cc09023Get Simple CMS version 3.3.3 suffers from information disclosure, upload, and cross site scripting vulnerabilities.
cbbfcd1ffbd19b40f68a09bc3831b08a98ed0e3a45c608112c9f9cce82a3a2efPayPal Community Web Portal suffered from cross site scripting vulnerabilities.
66eac32c73b32b474e784bbd86e55d93ac7e0620b25e7cf309f01b0e26ef0773Malicious script code could be inserted into PayPal's mail encoding functionality.
ed363ae648c831c78fce7311c71efe723fd447f58dd5e7d30215423e85dfa3a5POSNIC version 1.02 suffers from directory listing and file upload exposure vulnerabilities.
ca1313a59105d7e4fb14cfff488765f623bb0fbcd07ff8b06039cfb663615a8dThis Metasploit module exploits a code injection in specially crafted environment variables in Bash, specifically targeting Apache mod_cgi scripts through the HTTP_USER_AGENT variable.
bddccc35d3cda611c86307a7ce0074fc7d74f100f9a6dea0b6e39a478138e054Cisco Security Advisory - On September 24, 2014, a vulnerability in the Bash shell was publicly announced. The vulnerability is related to the way in which shell functions are passed though environment variables. The vulnerability may allow an attacker to inject commands into a Bash shell, depending on how the shell is invoked. The Bash shell may be invoked by a number of processes including, but not limited to, telnet, SSH, DHCP, and scripts hosted on web servers. All versions of GNU Bash starting with version 1.14 are affected by this vulnerability and the specific impact is determined by the characteristics of the process using the Bash shell. In the worst case, an unauthenticated remote attacker would be able to execute commands on an affected server. However, in most cases involving Cisco products, exploitation of the vulnerability results in an authenticated attacker having the ability to execute commands for which they are not authorized. A number of Cisco products ship with or leverage an affected version of the Bash shell. This advisory will be updated as additional information becomes available. Cisco may release free software updates that address this vulnerability if a product is determined to be affected by this vulnerability.
67983763ce5d1b5e462159463c83b03085fadbe2fc6b45584c12b6e1e3959da5This Metasploit module exploits a code injection in specially crafted environment variables in Bash, specifically targeting dhclient network configuration scripts through the HOSTNAME, DOMAINNAME, and URL DHCP options.
79d7a8dc657f6596bbdf6d89daca73b5c6faa99cc6ea47bed9be15fb8d04a23a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed