Bacula-web version 5.2.10 suffers from a remote SQL injection vulnerability.
8521ccbd84f8d2b97a8e8662f43056c2baefd4521bdf1a0434f2258ddfd95c17
This Metasploit module exploits a file upload vulnerability in ManageEngine OpManager and Social IT. The vulnerability exists in the FileCollector servlet which accepts unauthenticated file uploads. This Metasploit module has been tested successfully on OpManager v8.8 - v11.3 and on version 11.0 of SocialIT for Windows and Linux.
e9c53edc4a81c1f18958ddfa8f5eddf60866488e72784884428750e9a058b73b
ManageEngine OpManager, Social IT Plus, and IT360 suffer from remote code execution via upload and arbitrary file deletion vulnerabilities.
375e267357239b52901647072b3a0b930fa59bec9185067e661bf2bcb84fcf70
AllMyGuests version 0.4.1 suffers from bypass via malformed cookies, remote SQL injection, and cross site scripting vulnerabilities.
f47761659053ee4c4dd3cdb085e36ec23e26920bfc02e9ec2dd44de4b627b3c5
WordPress Users Ultra plugin version 1.3.37 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
83da12e41fe8a52bf90f4d659a6a4eb3c4147e951cc5121e09d3c3df702d14ea
Internet Explorer 8 fixed col span ID full ASLR, DEP, and EMET 5.0 bypass exploit that leverages the issue outlined in MS12-037.
876b8cd7e67c79c669947885b557203c13c38a1e58f07a2be3d86ba1ee061f95
ExploitPack GNU Bash versions 4.3 and below command injection exploit that leverages the User-Agent header against a given website.
142c835b75cbe04a6ca350ec7bb8fea228669c18def84dd5d24a93513e005852
This Metasploit module tests vulnerable IIS HTTP header file paths on Microsoft Exchange OWA 2003, CAS 2007, 2010, 2013 servers.
9b7a26362762262f505e7f02227cb75f7b373f2560a109697a283d98dbb104e4
Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.
116e5409b054024e15eec983d4518800aee09f04dde73b19d06540244da6f545
When bash is started with an environment variable that begins with the string "() {", that variable is treated as a function definition and parsed as code. If extra commands are added after the function definition, they will be executed immediately. When dhclient receives an ACK that contains a domain name or hostname, they are passed to configuration scripts as environment variables, allowing us to trigger the bash bug. Because of the length restrictions and unusual networking scenario at time of exploitation, this Metasploit module achieves code execution by echoing our payload into /etc/crontab and cleans it up when we get a shell.
5d7d7b3c51f3ee9f6de8df21a01a41ce128a74b5cdd4be3f7d65a7357f36ed1e
Exinda WAN Optimization Suite version 7.0.0 (2160) suffers from cross site request forgery and cross site scripting vulnerabilities.
83a1c7b092131f1cef204e879001c5cba65704e647207c15e65081dd1833f4a3
Ubuntu Security Notice 2364-1 - Florian Weimer and Todd Sabin discovered that the Bash parser incorrectly handled memory. An attacker could possibly use this issue to bypass certain environment restrictions and execute arbitrary code. In addition, this update introduces a hardening measure which adds prefixes and suffixes around environment variable names which contain shell functions. Various other issues were also addressed.
ae34017a4da371e3957cf29ab3e4223ae8d46bc125d31af4b5a3d909728c3d3f
Red Hat Security Advisory 2014-1312-01 - The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell. Bash is the default shell for Red Hat Enterprise Linux. Shift_JIS, also known as "SJIS", is a character encoding for the Japanese language. This package provides bash support for the Shift_JIS encoding. It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.
5a5179213e1d426ae806025b6835b14b2c5fc4fe0f9d07f38418998fd760d0e6
Red Hat Security Advisory 2014-1311-01 - The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell. Bash is the default shell for Red Hat Enterprise Linux. It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.
2e88505af0a92784844daf9fe3c6fa50a2e04ca48111c2400b827bb859d59a0a
Openfiler version 2.99.1 suffers from a denial of service vulnerability.
77276520dc721a9252188a8e714c3de354590e5c280083c46c4ff2b5c0c6fc20
Comersus Sophisticated Cart suffers from a database disclosure vulnerability.
25c2756e45e2fc406368fc0f33725428c30b6538434bd0559dfd5ca5cbeddc61
Oscommerce version 2.3.4 suffers from cross site scripting, HTTP parameter pollution, and local file inclusion vulnerabilities.
8d1dd2e6442e15ac36b712ca7250cbff8a6c970b84e1efbe78af8cdac497642a
NDBLOG version 0.1 suffers from cross site scripting and remote SQL injection vulnerabilities.
dd65952f3824e00cc2a80344ad64d4d621e1ec5e3aa4745efa0abfdc2cc09023
Get Simple CMS version 3.3.3 suffers from information disclosure, upload, and cross site scripting vulnerabilities.
cbbfcd1ffbd19b40f68a09bc3831b08a98ed0e3a45c608112c9f9cce82a3a2ef
PayPal Community Web Portal suffered from cross site scripting vulnerabilities.
66eac32c73b32b474e784bbd86e55d93ac7e0620b25e7cf309f01b0e26ef0773
Malicious script code could be inserted into PayPal's mail encoding functionality.
ed363ae648c831c78fce7311c71efe723fd447f58dd5e7d30215423e85dfa3a5
POSNIC version 1.02 suffers from directory listing and file upload exposure vulnerabilities.
ca1313a59105d7e4fb14cfff488765f623bb0fbcd07ff8b06039cfb663615a8d
This Metasploit module exploits a code injection in specially crafted environment variables in Bash, specifically targeting Apache mod_cgi scripts through the HTTP_USER_AGENT variable.
bddccc35d3cda611c86307a7ce0074fc7d74f100f9a6dea0b6e39a478138e054
Cisco Security Advisory - On September 24, 2014, a vulnerability in the Bash shell was publicly announced. The vulnerability is related to the way in which shell functions are passed though environment variables. The vulnerability may allow an attacker to inject commands into a Bash shell, depending on how the shell is invoked. The Bash shell may be invoked by a number of processes including, but not limited to, telnet, SSH, DHCP, and scripts hosted on web servers. All versions of GNU Bash starting with version 1.14 are affected by this vulnerability and the specific impact is determined by the characteristics of the process using the Bash shell. In the worst case, an unauthenticated remote attacker would be able to execute commands on an affected server. However, in most cases involving Cisco products, exploitation of the vulnerability results in an authenticated attacker having the ability to execute commands for which they are not authorized. A number of Cisco products ship with or leverage an affected version of the Bash shell. This advisory will be updated as additional information becomes available. Cisco may release free software updates that address this vulnerability if a product is determined to be affected by this vulnerability.
67983763ce5d1b5e462159463c83b03085fadbe2fc6b45584c12b6e1e3959da5
This Metasploit module exploits a code injection in specially crafted environment variables in Bash, specifically targeting dhclient network configuration scripts through the HOSTNAME, DOMAINNAME, and URL DHCP options.
79d7a8dc657f6596bbdf6d89daca73b5c6faa99cc6ea47bed9be15fb8d04a23a