All Hot News World. Public world blog, journal online reviewed.

Bash File, PacketStorm Security

RSS feed: Bash File, PacketStorm Security
Thu, 14 Feb 2019 15:04:16 GMT
Bash Files ≈ Packet Storm
Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers [ + ]
Tue, 12 Feb 2019 18:41:58 GMT
IPSet List 3.7.2
ipset_list is a wrapper script written in bash for listing sets of the netfilter ipset program. It allows you to match and display sets, headers, and elements in various ways. The output can optionally be colorized. An interactive mode allows to select the query options in a wizard based manner. [ + ]
Wed, 12 Dec 2018 04:56:48 GMT
IPSet List 3.7.1
ipset_list is a wrapper script written in bash for listing sets of the netfilter ipset program. It allows you to match and display sets, headers, and elements in various ways. The output can optionally be colorized. An interactive mode allows to select the query options in a wizard based manner. [ + ]
Sat, 01 Dec 2018 15:00:40 GMT
Linux/x86 execve(/usr/bin/ncat -lvp 1337 -e /bin/bash) Shellcode
95 bytes small Linux/x86 execve(/usr/bin/ncat -lvp 1337 -e /bin/bash) null-free shellcode. [ + ]
Tue, 13 Nov 2018 10:11:11 GMT
TestSSL 3.0rc3
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets. [ + ]
Wed, 10 Oct 2018 12:12:12 GMT
Linux/x86 Bind (99999/TCP) NetCat Traditional (/bin/nc) Shell (/bin/bash) Shellcode
58 bytes small Linux/x86 bind (99999/TCP) netcat traditional (/bin/nc) shell (/bin/bash) shellcode. [ + ]
Fri, 21 Sep 2018 19:17:14 GMT
TestSSL 3.0rc2
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets. [ + ]
Fri, 07 Sep 2018 10:32:22 GMT
Staubli Jacquard Industrial System JC6 Shellshock
Staubli Jacquard Industrial System JC6 suffers from a bash environment variable handling code injection vulnerability. [ + ]
Wed, 05 Sep 2018 18:02:54 GMT
TestSSL 2.9.5-7
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets. [ + ]
Mon, 16 Apr 2018 13:33:33 GMT
TestSSL 2.9.5
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets. [ + ]
Mon, 09 Apr 2018 10:11:11 GMT
TestSSL 2.9.5-5
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets. [ + ]
Mon, 26 Mar 2018 08:33:33 GMT
TestSSL 2.9.5-4
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets. [ + ]
Sat, 10 Mar 2018 12:12:00 GMT
TestSSL 2.9.5
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets. [ + ]
Sun, 25 Feb 2018 03:02:22 GMT
Debian Security Advisory 4134-1
Debian Linux Security Advisory 4134-1 - Bjorn Bosselmann discovered that the umount bash completion from util-linux does not properly handle embedded shell commands in a mountpoint name. An attacker with rights to mount filesystems can take advantage of this flaw for privilege escalation if a user (in particular root) is tricked into using the umount completion while a specially crafted mount is present. [ + ]
Sun, 05 Nov 2017 15:52:40 GMT
TestSSL 2.9.5-2
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets. [ + ]
Fri, 29 Sep 2017 22:10:47 GMT
IPSet List 3.7
ipset_list is a wrapper script written in bash for listing sets of the netfilter ipset program. It allows you to match and display sets, headers, and elements in various ways. The output can optionally be colorized. An interactive mode allows to select the query options in a wizard based manner. [ + ]
Thu, 21 Sep 2017 03:33:33 GMT
Qmail SMTP Bash Environment Variable Injection (Shellshock)
This Metasploit module exploits a shellshock vulnerability on Qmail, a public domain MTA written in C that runs on Unix systems. Due to the lack of validation on the MAIL FROM field, it is possible to execute shell code on a system with a vulnerable BASH (Shellshock). This flaw works on the latest Qmail versions (qmail-1.03 and netqmail-1.06). However, in order to execute code, /bin/sh has to be linked to bash (usually default configuration) and a valid recipient must be set on the RCPT TO field (usually admin@exampledomain.com). The exploit does not work on the "qmailrocks" community version as it ensures the MAILFROM field is well-formed. [ + ]
Tue, 12 Sep 2017 05:02:51 GMT
TestSSL 2.9.5
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets. [ + ]
Tue, 08 Aug 2017 15:55:55 GMT
Slackware Security Advisory - bash Updates
Slackware Security Advisory - New bash packages are available for Slackware 13.1, 13.37, 14.0, 14.1, and 14.2 to fix security issues. [ + ]
Wed, 02 Aug 2017 00:23:20 GMT
Swap Digger 1.0
swap_digger is a bash script used to automate Linux swap analysis for post-exploitation or forensics purpose. It automates swap extraction and searches for Linux user credentials, Web form credentials, Web form emails, HTTP basic authentication, WiFi SSID and keys, etc. [ + ]
Tue, 01 Aug 2017 14:25:33 GMT
Red Hat Security Advisory 2017-1931-01
Red Hat Security Advisory 2017-1931-01 - The bash packages provide Bash, which is the default shell for Red Hat Enterprise Linux. Security Fix: An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines running bash under specific circumstances. An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written setuid programs to elevate their privileges under certain circumstances. [ + ]
Wed, 05 Jul 2017 14:57:28 GMT
Ubuntu Security Notice USN-3294-2
Ubuntu Security Notice 3294-2 - USN-3294-1 fixed a vulnerability in Bash. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Bash incorrectly handled the SHELLOPTS and PS4 environment variables. A local attacker could use this issue to execute arbitrary code with root privileges. Various other issues were also addressed. [ + ]
Sat, 20 May 2017 11:11:11 GMT
GoAutoDial 3.3 Authentication Bypass / Command Injection
This Metasploit module exploits a SQL injection flaw in the login functionality for GoAutoDial version 3.3-1406088000 and below, and attempts to perform command injection. This also attempts to retrieve the admin user details, including the cleartext password stored in the underlying database. Command injection will be performed with root privileges. The default pre-packaged ISO builds are available from goautodial.org. Currently, the hardcoded command injection payload is an encoded reverse-tcp bash one-liner and the handler should be setup to receive it appropriately. [ + ]
Thu, 18 May 2017 04:18:26 GMT
TestSSL 2.8
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets. [ + ]
Sat, 25 Mar 2017 03:33:33 GMT
Ubuntu Security Notice USN-3294-1
Ubuntu Security Notice 3294-1 - Bernd Dietzel discovered that Bash incorrectly expanded the hostname when displaying the prompt. If a remote attacker were able to modify a hostname, this flaw could be exploited to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. It was discovered that Bash incorrectly handled the SHELLOPTS and PS4 environment variables. A local attacker could use this issue to execute arbitrary code with root privileges. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. Various other issues were also addressed. [ + ]

Linux/x86 Reverse Shell Shellcode
110 bytes small Linux/x86 reverse /bin/bash shellcode. [ + ]
PacketStorm Security

2013 Copyright Techhap.com Mobile version 2015 | PeterLife & company
Skimlinks helps publishers monetize editorial content through automated affiliate links for products. Affiliate programm.
Link at is mandatory if site materials are using fully or particulary.
Were treated to the site administrator, a cup of coffee *https://paypal.me/peterlife
Yandex.ru