Bash Exploits
459 exploits tracked across all sources.
Dasan GPON - Auth Bypass
An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device.
by vpnmentor
CVSS 9.8
Dasan GPON - Command Injection
An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output.
by vpnmentor
CVSS 9.8
Secutech RiS-11, RiS-22, RiS-33 <5.07.52_es_FRI01 - CSRF
Secutech RiS-11, RiS-22, and RiS-33 devices with firmware V5.07.52_es_FRI01 allow DNS settings changes via a goform/AdvSetDns?GO=wan_dns.asp request in conjunction with a crafted admin cookie.
by Todor Donev
CVSS 8.6
Tenda N11 Wireless Router 5.07.43_en_NEX01 - Remote DNS Change
by Todor Donev
Arq <5.10 - Privilege Escalation
The standardrestorer binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted restore path.
by Mark Wadham
CVSS 7.8
Ignitum Sera - Insufficiently Protected Credentials
Sera 1.2 stores the user's login password in plain text in their home directory. This makes privilege escalation trivial and also exposes the user and system keychains to local attacks.
by Mark Wadham
CVSS 7.8
Proxifier for Mac <2.19.2 - Privilege Escalation
Proxifier for Mac before 2.19.2, when first run, allows local users to gain privileges by replacing the KLoader binary with a Trojan horse program.
by Mark Wadham
CVSS 7.8
HashiCorp Vagrant VMware Fusion <5.0.3 - Privilege Escalation
If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root.
by Mark Wadham
CVSS 7.8
Hashicorp Vagrant - Race Condition
In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.
by Mark Wadham
CVSS 7.8
Hashicorp Vagrant Vmware Fusion - Race Condition
In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.
by Mark Wadham
CVSS 7.0
Hashicorp Vagrant Vmware Fusion < 4.0.24 - Uncontrolled Search Path
An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 4.0.24 and earlier allows a non-root user to obtain a root shell.
by Mark Wadham
CVSS 7.8
HashiCorp Vagrant VMware Fusion <4.0.24 - Privilege Escalation
HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts.
by Mark Wadham
CVSS 8.8
Arq < 5.9.7 - Race Condition
The setpermissions function in the auto-updater in Arq before 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself.
by Mark Wadham
CVSS 7.4
D-Link DIR-605L <2.08UIBetaB01.bin - DoS
On D-Link DIR-605L devices, firmware before 2.08UIBetaB01.bin allows an unauthenticated GET request to trigger a reboot.
by Enrique Castillo
CVSS 7.5
Cisco Prime Collaboration Provisioning - Missing Authorization
A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. The vulnerability is due to missing security constraints in certain HTTP request methods, which could allow access to files via the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases prior to 12.1. Cisco Bug IDs: CSCvc98724.
by Adam Brown
CVSS 9.8
FLIR Thermal Camera PT-Series <8.0.0.64 - Command Injection
FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote command injection vulnerabilities in the controllerFlirSystem.php script. Attackers can execute arbitrary system commands as root by exploiting unsanitized POST parameters in the execFlirSystem() function through shell_exec() calls. Exploitation evidence was observed by the Shadowserver Foundation on 2026-01-06 (UTC).
by LiquidWorm
CVSS 9.8
D-Link DSL-2640B ADSL Router - 'dnscfg' Remote DNS Change
by Todor Donev
Apple Mac OS X < 10.12.4 - Race Condition
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "DiskArbitration" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
by phoenhex
CVSS 7.0
PHPMailer Sendmail Argument Injection
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
by Dawid Golunski
CVSS 9.8
By Source