Vulnerability & Exploit Database

Displaying entries 1 - 10 of 37 in total

Results for: CVE-2014-6271 Back to search

Advantech Switch Bash Environment Variable Code Injection (Shellshock) Exploit

Disclosed: December 01, 2015

This module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets the 'ping.sh' CGI script, acessible through the Boa web server on Advantech switches. This module was tested against firmware version 1322_D1.98.

IPFire Bash Environment Variable Injection (Shellshock) Exploit

Disclosed: September 29, 2014

IPFire, a free linux based open source firewall distribution, version <= 2.15 Update Core 82 contains an authenticated remote command execution vulnerability via shellshock in the request headers.

Vulnerability in Bash on AIX with Toolbox Vulnerability

  • Severity: 10
  • Published: September 28, 2014

Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue.

GNU Bash Environment Variable Command Injection Vulnerability Vulnerability

  • Severity: 10
  • Published: September 27, 2014

Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue.

Sun Patch: SunOS 5.8: bash patch Vulnerability

  • Severity: 10
  • Published: September 27, 2014

Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue.

RHSA-2014:1354: rhev-hypervisor6 security update Vulnerability

  • Severity: 10
  • Published: September 27, 2014

An updated rhev-hypervisor6 package that fixes several security issues is now available. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the Reference...

Sun Patch: SunOS 5.8_x86: bash patch Vulnerability

  • Severity: 10
  • Published: September 27, 2014

Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue.

GNU Bash Environment Variable Command Injection Vulnerability Vulnerability

  • Severity: 8
  • Published: September 25, 2014

On September 24, 2014, a vulnerability in the Bash shell was publicly announced. The vulnerability is related to the way in which shell functions are passed though environment variables. The vulnerability may allow an attacker to inject commands into a Bash shell, depending on how the shell is invoked. The Bash shell may be invoked by a ...

Sun Patch: SunOS 5.9_x86: bash patch Vulnerability

  • Severity: 10
  • Published: September 25, 2014

Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue.

Sun Patch: SunOS 5.9: bash patch Vulnerability

  • Severity: 10
  • Published: September 25, 2014

Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue.