GNU Bash versions 4.3 and below remote command injection exploit that leverages the REFERER header on vulnerable CGI scripts. Launches a connect-back shell. Written in Perl.
19dfcfb3d85be26b41d2f9316ffaebf7de4fe7c3b8fd4d6b1cf6a55a6f1ba395
Typo3 JobControl version 2.14.0 suffers from cross site scripting and remote SQL injection vulnerabilities. Typo3 no longer provides updates for this extension and it is considered unsafe to use.
fd26ba8328d734e82a7dea5f7dff200a5a1a0a8862c060bfd070948aa195c3db
Gnu Bash versions 4.3 and below remote command injection exploit that leverages the User-Agent header via vulnerable CGI scripts. Written in Python.
057996be27a48a42909a085ad63607f515c2c4f7a1da1dc7eddd802689cd126c
SmarterTools Smarter Track versions 6 through 10 suffer from an information disclosure vulnerability.
b41e89efc3bbbdee6f8f96f9d1f50dd467ded58b5ee3d8c3c7c09b0cfc00832f
GS Foto Uebertraege version 3.0 suffers from a local file inclusion vulnerabilities.
94fa4864b4a48c57985de0ba4158bbfed8cf5005eedcc0ac60d2c0633d2247ec
Red Hat Security Advisory 2014-1307-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS parsed ASN.1 input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS.
08a1d6314655253f277428022a1688098423cb33c9f35cce58d396cb4045d729
Ubuntu Security Notice 2363-2 - USN-2363-1 fixed a vulnerability in Bash. Due to a build issue, the patch for CVE-2014-7169 didn't get properly applied in the Ubuntu 14.04 LTS package. This update fixes the problem. Tavis Ormandy discovered that the security fix for Bash included in USN-2362-1 was incomplete. An attacker could use this issue to bypass certain environment restrictions. Various other issues were also addressed.
3e18a143d3f887e0e17c89d032327a608ab2beec642f3e1e91e5bfef9721dfcc
Red Hat Security Advisory 2014-1306-01 - The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell. Bash is the default shell for Red Hat Enterprise Linux. It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.
88d35c967bdafa1462b50e6b3d195bb62db44e287d9df7085810180afa4b143f
Ubuntu Security Notice 2363-1 - Tavis Ormandy discovered that the security fix for Bash included in USN-2362-1 was incomplete. An attacker could use this issue to bypass certain environment restrictions.
f5f456c7e48c7214e00ff053cd9387307f5241a9d083c936d0541e007cdceb1a
Mandriva Linux Security Advisory 2014-190 - It was found that the fix for was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue. Additionally bash has been updated from patch level 37 to 48 using the upstream patches at ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/ which resolves various bugs.
ae4a2ddbddcc61c6966f4694c639082e3489b84bee7732ae063725dab98b2b3c
Slackware Security Advisory - New bash packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
ef15a9f5d74abb68daa1dd4cfbf2c7875ecd047088315d90b16cfabda7880efd
Debian Linux Security Advisory 3036-1 - It was discovered that MediaWiki, a wiki engine, did not sufficiently filter CSS in uploaded SVG files, allowing for cross site scripting.
031db5fef5a40b83c3d7dbe498d63b05566f4feaddd502aa306ab324b04e7cc6
Debian Linux Security Advisory 3035-1 - Tavis Ormandy discovered that the patch applied to fix CVE-2014-6271 released in DSA-3032-1 for bash, the GNU Bourne-Again Shell, was incomplete and could still allow some characters to be injected into another environment (CVE-2014-7169). With this update prefix and suffix for environment variable names which contain shell functions are added as hardening measure.
c9152f57044050f4b25ba7c86fda6196e8a06bf2e8ec64116ec765e8c2243201
Slackware Security Advisory - New bash packages are available for Slackware 13.0 to fix a security issue.
c5aa03ec719896cf77ac684a412556993a10649e75080a6763d5b213ed7066da
Hakabana is an open source monitoring tool that helps you visualize network traffic using Haka and Kibana.
ce0904f3c36adae66096e0a19b14753576c6466069d78f567e1e4ea1600594eb
Nucom ADSL ADSLR5000UNv2 suffers from a remote credential disclosure vulnerability.
da83a0d2bd47f65c4b82b5e8c00ad0d11927797bb63d8dd1c8dd3f69bcaf59b1
This abuses the bug in bash environment variables (CVE-2014-6271) to get a suid binary inside of VMWare Fusion to launch our payload as root.
f04f53cef923e1ebad417dccfb1f6d01ee754b3ddac0ef16fcb609fa3f055392
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
99b15c6858c04e93a31d3ae90dd69f5021faa2237da93a24fbd246f4f1670ad1
LibVNCServer versions 0.9.9 and below suffer from memory management handling, buffer overflow, and denial of service vulnerabilities.
7119467df020792576889e8a01b9e775d65a326b0070c018b47a7524af569c5b
Cisco Security Advisory - A vulnerability in the Network Address Translation (NAT) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper translation of IP version 4 (IPv4) packets. Cisco has released free software updates that address this vulnerability.
63ec1698c6f3c1763eb3e90238c8c14bb13ab2307119a50dc21da378dde9e0b4
A stack overflow was discovered when serializing data via the Data::Dumper extension which is part of Perl-Core. By using the "Dumper" method on a large Array-Reference which recursively contains other Array-References, it is possible to cause many recursive calls to the DD_dump native function and ultimately exhaust all available stack memory.
5739d0c214a552e16df8c1827940aaed394eeceffff1b5e158eb34f54598672a
Cisco Security Advisory - A vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device. To exploit this vulnerability, affected devices must be configured to process SIP messages. Cisco has released free software updates that address this vulnerability. There are no workarounds for devices that must run SIP; however, mitigations are available to limit exposure to this vulnerability.
f38f520a86845654ee88d37dbd04daa74d66c5fde6e5c1c88e6b483ec7217fad
Cisco Security Advisory - A vulnerability in the DHCP version 6 (DHCPv6) server implementation of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper parsing of malformed DHCPv6 packets. An attacker could exploit this vulnerability by sending malformed DHCPv6 packets to be processed by an affected device. An exploit could allow the attacker to cause a memory leak and eventual reload of an affected device.
e93171093b995dcfbce411a598dfdb3fd5744117c4e5f800cdb73e8f76d5a63c
WordPress All In One WP Security plugin version 3.8.2 suffers from multiple remote SQL injection vulnerabilities.
a719c00b89342dc8c43e26900af10153fcbe37cf3ff5a29d9e9d752b29e03e85
bashedCgi is a quick and dirty Metasploit module to send the BASH exploit payload (CVE-2014-6271) to CGI scripts that are BASH-based or invoke BASH, to execute an arbitrary shell command.
917183304ff31e505f18d434fcc284d5fe270c928e0cc5e96231c14eabb1aae3