CVE-2014-6271

This Metasploit module exploits CVE-2014-6271 (Shellshock) in Qmail by injecting malicious environment variables via the SMTP MAIL FROM field, leading to remote code execution if /bin/sh is linked to Bash.

This exploit leverages CVE-2014-6271 (Shellshock) to achieve remote code execution on RedStar OS 3.0 Server's BEAM and RSSMON services. It sends a maliciously crafted User-Agent header to trigger the vulnerability, resulting in a reverse shell or command execution as root.

This Metasploit module exploits CVE-2014-6271 (Shellshock) in IPFire's web interface by injecting a malicious environment variable via HTTP headers, leading to remote command execution. It includes authentication handling and version checking for IPFire <= 2.15 Update Core 82.

This Metasploit module exploits CVE-2014-6271 (Shellshock) by injecting malicious environment variables via the User-Agent header in HTTP requests to the 'ping.sh' CGI script on Advantech switches running Boa web server. It achieves remote command execution by leveraging the Bash vulnerability.

This exploit leverages CVE-2014-6271 (Shellshock) to achieve remote code execution on TrendMicro InterScan Web Security Virtual Appliance by sending a maliciously crafted User-Agent header to the vulnerable CGI script `/cgi-bin/cgiCmdNotify`. It requires prior authentication to the admin interface and spawns a reverse shell to a specified IP and port.

This advisory details multiple vulnerabilities in Cisco Unified Communications Manager, including Shellshock command injection, Local File Inclusion, unauthenticated ping access, and a magic session ID bypass. It provides technical descriptions and example commands but does not include functional exploit code.

This exploit leverages the ShellShock vulnerability (CVE-2014-6271) in OpenVPN's authentication script to execute arbitrary commands via environment variables, resulting in a reverse shell. The PoC demonstrates how a malicious client can exploit the vulnerability by injecting a payload into the username and password fields during authentication.

This repository contains a functional exploit for CVE-2014-6271 (Shellshock), including a Docker-based vulnerable environment and scripts to demonstrate remote code execution via crafted HTTP headers targeting CGI-based web servers.

This repository contains a Python scanner for detecting CVE-2014-6271 (ShellShock) vulnerabilities. It sends crafted HTTP requests with malicious User-Agent headers to target IPs and listens for callbacks to confirm vulnerability.

This repository provides a Docker container with a vulnerable version of Bash (CVE-2014-6271, Shellshock) and a web application to demonstrate the exploit. The PoC includes a CGI script that can be triggered via a maliciously crafted User-Agent header to achieve remote command execution.

This repository contains a Python-based exploit for CVE-2014-6271 (Shellshock), which targets vulnerable Bash versions (< 4.3) via HTTP headers in CGI scripts. The exploit sends a reverse shell payload through multiple headers (User-Agent, Cookie, Referer) and supports both HTTP and HTTPS with various TLS versions.

This repository contains a Python-based exploit for CVE-2014-6271 (Shellshock), which leverages the vulnerability in Bash via CGI scripts to achieve remote command execution. The PoC provides an interactive shell-like interface to execute commands on the target system.

This Python script tests for CVE-2014-6271 (Shellshock) by sending a maliciously crafted User-Agent header to CGI scripts on a target server. It listens for UDP callbacks to confirm vulnerability.

This is an Android app designed to scan for the Shellshock vulnerability (CVE-2014-6271) by executing a command that checks if the system's bash is vulnerable. It does not exploit the vulnerability but merely detects its presence.

This repository contains a C-based scanner for CVE-2014-6271 (ShellShock), which checks if CGI scripts are vulnerable by sending a crafted User-Agent header and listening for responses on a specified port. It includes a bind server to capture responses from vulnerable systems.

This repository provides an Ansible playbook to patch systems against CVE-2014-6271 (Shellshock), a critical remote code execution vulnerability in Bash. It does not contain exploit code but rather a remediation script.

This repository contains a Python script that exploits CVE-2014-6271 (Shellshock), a remote command execution vulnerability in Bash. The script sends a malicious User-Agent header to a target URL, triggering the vulnerability to spawn a reverse shell.

This exploit leverages CVE-2014-6271 (Shellshock) by injecting a malicious User-Agent header to execute arbitrary commands on a vulnerable Bash shell via a CGI script. It provides an interactive shell-like interface to send commands and display responses.

This PoC exploits CVE-2014-6271 (Shellshock) by sending a maliciously crafted HTTP request with a reverse shell payload in the headers to a vulnerable CGI script. The payload leverages the Bash environment variable injection flaw to execute arbitrary commands.

This is a functional PoC exploit for CVE-2014-6271 (ShellShock), targeting vulnerable CGI scripts via HTTP headers. It checks for vulnerability by injecting a sleep command and exploits it by triggering a reverse shell via netcat.

This repository contains a Python script that exploits CVE-2014-6271 (Shellshock) to upload and execute arbitrary payloads on a vulnerable server. It supports chunked uploads and base64 encoding to bypass size limitations.

This is a Python-based exploit for CVE-2014-6271 (Shellshock), designed to test and exploit vulnerable systems by sending crafted HTTP requests to execute arbitrary commands via Bash environment variables.

This is a functional exploit for CVE-2014-6271 (Shellshock), which leverages a vulnerability in Bash to achieve remote command execution via crafted HTTP headers. The script establishes an interactive shell by injecting commands into vulnerable CGI scripts.

This is a functional exploit for CVE-2014-6271 (Shellshock), which leverages the Bash vulnerability to execute arbitrary commands via crafted HTTP headers. It includes both scanning and exploitation capabilities, with support for reverse shell payloads.

This repository contains a Python-based exploit for CVE-2014-6271 (Shellshock), which allows remote command execution via crafted HTTP headers targeting vulnerable Bash versions. It includes functions to test vulnerability, execute commands, and spawn reverse shells.

This is a functional exploit PoC for CVE-2014-6271 (Shellshock), which checks for vulnerability by injecting a sleep command via the User-Agent header and exploits it to spawn a reverse shell using netcat.

This repository contains a functional Python exploit for CVE-2014-6271 (Shellshock), which leverages HTTP environment variable injection to execute arbitrary commands on vulnerable Bash-based CGI scripts. The exploit uses a crafted User-Agent header to inject a payload that spawns a shell and executes user-provided commands.

This repository contains a functional PoC for CVE-2014-6271 (Shellshock), demonstrating remote code execution via maliciously crafted environment variables in Bash. It includes a Dockerized vulnerable environment and scripts to exploit the vulnerability for defacement or arbitrary command execution.

This exploit abuses the Shellshock vulnerability (CVE-2014-6271) in Bash versions 1.14 to 4.3 by injecting a malicious User-Agent header to execute a reverse shell. It requires a listener on the attacker's machine to receive the shell.

This is a Python script that exploits CVE-2014-6271 (Shellshock) by sending a crafted User-Agent header to execute arbitrary commands on a vulnerable system. The script uses the requests library to send an HTTP GET request with the malicious payload.

This repository contains a PoC for CVE-2014-6271 (Shellshock), providing both Python and Bash scripts to exploit the vulnerability via crafted User-Agent headers. It supports RCE and reverse shell functionality.

This repository provides a Docker-based PoC environment for CVE-2014-6271 (Shellshock), demonstrating remote code execution via a maliciously crafted User-Agent header in a CGI script. The exploit triggers a reverse shell to an attacker-controlled host.

This repository contains a README.md file describing the Shell Shock vulnerability (CVE-2014-6271), including exploitation vectors and payload examples. It does not include actual exploit code but provides technical details for privilege escalation and remote code execution via Bash shell vulnerabilities.

This Go-based PoC exploits CVE-2014-6271 (Shellshock) by sending a maliciously crafted HTTP request with a User-Agent header containing a Bash function definition followed by arbitrary command execution. The exploit targets vulnerable CGI scripts and executes the command provided as an argument.

This PoC exploits CVE-2014-6271 (Shellshock) by sending a maliciously crafted HTTP request with a reverse shell payload in the headers. It leverages the vulnerability in Bash to execute arbitrary commands, resulting in remote code execution.

This is an Android application designed to test for the Shellshock vulnerability (CVE-2014-6271) by sending a crafted User-Agent header to a target server. It allows users to input a target URL and a command to test for vulnerability.

This repository contains a Python script to test for CVE-2014-6271 (Shellshock) by sending crafted HTTP requests to CGI-enabled servers and checking for vulnerability indicators in responses. It includes functionality to collect URLs from Google search results or a file, and test them for the vulnerability.

This repository contains a Python script to check for CVE-2014-6271 (Shellshock) by sending a crafted User-Agent header with a sleep command and measuring the response time delay. It includes a sample vulnerable CGI script for testing purposes.

This repository contains a C-based scanner for CVE-2014-6271 (ShellShock), which checks if CGI scripts are vulnerable by sending a crafted User-Agent header and listening for responses on a specified port. It does not execute a reverse shell but instead exfiltrates system information via a TCP connection.

This repository contains a Python script that monitors DHCP frames for potentially malicious characters associated with the Shellshock vulnerability (CVE-2014-6271). It logs offending frames to a PCAP file and highlights them in the output.

This repository provides a SaltStack formula to mitigate CVE-2014-6271 (Shellshock) by upgrading Bash via OS packages or compiling a patched version. It includes a script to download, patch, and install Bash 4.3 with all available patches.

This repository contains a scanner for CVE-2014-6271 (Shellshock) that checks for vulnerable CGI directories and allows running commands on found URLs. It includes proxy support and directory scanning capabilities.

This repository provides a detailed technical analysis of CVE-2014-6271 (Shellshock), including root cause, exploitation vectors, and mitigation steps. It includes PoC commands and reverse shell payloads but does not contain functional exploit code.

This repository contains a detailed technical writeup and lab documentation for CVE-2014-6271 (Shellshock), including network infrastructure analysis, exploitation evidence, and remediation steps. It provides a comprehensive walkthrough of the vulnerability's impact and mitigation in an enterprise LAN environment.

The repository contains a functional Python-based exploit for CVE-2014-6271 (Shellshock), which leverages a flaw in GNU Bash's environment variable parsing to achieve remote code execution. The exploit sends a crafted payload via HTTP headers (e.g., User-Agent) to trigger command execution on vulnerable systems.

This repository contains a functional Python-based exploit for CVE-2014-6271 (Shellshock), demonstrating remote code execution via crafted environment variables in GNU Bash. The PoC includes a detailed technical breakdown and a working script to test and exploit the vulnerability.

This repository contains a functional exploit for CVE-2014-6271 (Shellshock), which leverages a vulnerability in Bash to execute arbitrary commands via crafted HTTP headers. The script uses `curl` to send a malicious `user-agent` header to a target CGI script, triggering remote code execution.

This repository contains a functional exploit for CVE-2014-6271 (Shellshock), a critical RCE vulnerability in Bash. The exploit leverages environment variable manipulation via HTTP headers to execute arbitrary commands on vulnerable systems.

This repository provides a comprehensive guide and proof-of-concept for exploiting CVE-2014-6271 (Shellshock), a critical remote code execution vulnerability in Bash. It includes detailed steps for setting up a vulnerable environment, executing arbitrary commands via crafted HTTP headers, and obtaining a reverse shell.

This repository provides a detailed technical analysis and reproduction steps for CVE-2014-6271 (Shellshock), including a Docker-based test environment, exploit examples, and mitigation strategies. It demonstrates the vulnerability through crafted environment variables and HTTP headers in a CGI context.

This repository is a writeup documenting the exploitation and analysis of the Shellshock vulnerability (CVE-2014-6271) using Metasploit and Nmap in a controlled lab environment. It includes steps for scanning, exploiting, and post-exploitation commands.

This Python script exploits CVE-2014-6271 (ShellShock) by injecting malicious environment variables via HTTP headers (User-Agent, Referer, Cookie) to achieve remote command execution on vulnerable systems. It includes both a vulnerability check and an interactive shell for command execution.

This is a functional Python exploit for CVE-2014-6271 (Shellshock), which leverages environment variable injection in GNU Bash to achieve remote code execution via crafted HTTP headers targeting CGI scripts. It includes a reverse shell handler and supports HTTP/HTTPS, custom CGI paths, and proxy usage.

This is a Python-based scanner for CVE-2014-6271 (Shellshock) that checks for vulnerability by sending a crafted User-Agent header to common CGI paths. It does not execute a reverse shell or other offensive payloads, only checks for the presence of the vulnerability.

This Python script exploits CVE-2014-6271 (Shellshock) to execute arbitrary commands or establish a reverse shell on vulnerable systems via crafted HTTP headers. It uses curl to send malicious payloads to a target CGI script.

This repository contains a Python-based exploit for CVE-2014-6271 (Shellshock), which targets vulnerable Unix-based systems via maliciously crafted HTTP headers to achieve remote code execution. The exploit establishes a reverse shell by leveraging the Bash vulnerability in CGI scripts.

This repository contains a Bash script scanner for detecting Shellshock vulnerabilities (CVE-2014-6271 and CVE-2014-7169) by sending crafted HTTP headers to a target URL and analyzing the response.

This repository contains a working PoC for CVE-2014-6271 (Shellshock), demonstrating how environment variables can be manipulated to execute arbitrary commands in Bash. The provided C code elevates privileges and triggers the vulnerability by invoking Bash with a crafted environment variable.

This repository contains a Bash script that checks for the Shellshock vulnerability (CVE-2014-6271) by sending a crafted HTTP request with a malicious User-Agent header to a target site and analyzing the response for signs of vulnerability.

This PoC exploits CVE-2014-6271 (ShellShock) by sending a maliciously crafted User-Agent header to a vulnerable CGI endpoint, allowing remote command execution via Bash environment variable manipulation.

This repository contains a Python3 script that exploits CVE-2014-6271 (Shellshock) to achieve remote code execution via a reverse shell or a pseudo-interactive shell using mkfifo for firewall evasion. The exploit leverages the vulnerability in Bash through crafted HTTP headers.

This is a functional Python exploit for CVE-2014-6271 (Shellshock), which leverages the Bash environment variable injection vulnerability to achieve remote command execution via crafted HTTP headers. It supports both reverse shell and arbitrary command execution payloads.

This repository provides a Docker container designed to be vulnerable to Shellshock (CVE-2014-6271). It includes a vulnerable CGI endpoint for testing exploits and a safe endpoint for comparison.

This repository is a README file referencing CVE-2014-6271 (Shellshock) and provides links to related tools and vulnerable Docker containers. It does not contain exploit code but serves as documentation for managing vulnerable environments.

This is a Python-based exploit for CVE-2014-6271 (ShellShock) targeting IPFire systems <= 2.15. It leverages the vulnerability in Bash via HTTP headers to achieve remote code execution, including a pseudo-shell and reverse shell functionality.

This repository provides a Docker-based vulnerable environment to demonstrate CVE-2014-6271 (Shellshock), a remote command injection vulnerability in Bash. It includes a vulnerable CGI script (victim.cgi) and a safe one (safe.cgi) to compare behavior when exploiting the vulnerability via the User-Agent header.

The repository contains only a README.md file with a CVE identifier and no functional exploit code or technical details. It appears to be a placeholder or stub.

This repository contains only a README file with no exploit code or technical details, indicating it is likely a placeholder or writeup for an assignment related to CVE-2014-6271 (Shellshock).

This repository contains a functional exploit for CVE-2014-6271 (Shellshock), leveraging a vulnerable CGI entry point to achieve remote command execution via crafted HTTP headers. The scripts demonstrate both arbitrary command execution and a defacement scenario.

This repository contains two Python scripts demonstrating CVE-2014-6271 (Shellshock), a remote code execution vulnerability in Bash via malformed environment variables. The scripts exploit vulnerable CGI endpoints to execute arbitrary commands or spawn reverse shells.

This is a functional exploit for CVE-2014-6271 (Shellshock), which leverages a vulnerability in Bash to execute arbitrary commands via crafted HTTP headers. The PoC sends a malicious User-Agent header to a target CGI script, triggering remote code execution.

This repository contains a working proof-of-concept for CVE-2014-6271 (Shellshock), demonstrating the vulnerability in GNU Bash through 4.3. It includes a setup script that installs vulnerable versions of Bash, Apache, and PHP CGI, then exploits the vulnerability to leak /etc/passwd.

This repository contains a Nessus .audit file designed to check for the presence of CVE-2014-6271 (Shellshock) vulnerability in Bash. It is a detection tool rather than an exploit, aiming to identify vulnerable systems.

This repository provides a Dockerized environment to exploit CVE-2014-6271 (Shellshock), demonstrating remote code execution via a maliciously crafted HTTP User-Agent header. The PoC includes a Dockerfile and a script to run Apache, with a curl command to trigger the vulnerability.

The repository contains only a README.md file with minimal content, providing no functional exploit code or technical details for CVE-2014-6271. It appears to be a placeholder or stub.

This is a functional Python-based exploit for CVE-2014-6271 (Shellshock), which injects malicious commands via HTTP headers (User-Agent, Cookie, or Referer) to achieve remote code execution on vulnerable systems. It provides an interactive shell-like interface for executing commands on the target.

This repository provides an Ansible role to check for the presence of CVE-2014-6271 (Shellshock) vulnerability in bash and optionally apply patches on RedHat-based systems. It does not contain exploit code but serves as a detection and remediation tool.

This Puppet module scans for Shellshock vulnerability (CVE-2014-6271) by testing the bash environment variable injection. It provides a Facter fact to determine if the system is vulnerable.

This repository contains source code and documentation for a patched version of Bash 4.3 addressing CVE-2014-6271 (Shellshock). It includes utility scripts and miscellaneous tools but no exploit PoC.

This repository contains source code and documentation for a patched version of Bash 4.2 addressing CVE-2014-6271 (Shellshock). It includes utility scripts and miscellaneous tools but no functional exploit code.

This repository appears to be a partial or incomplete snapshot of Bash source code, specifically targeting CVE-2014-6271 (Shellshock). However, it lacks exploit code or a clear proof-of-concept, containing only miscellaneous utility files and a README.

This repository contains a Python script that scans for CVE-2014-6271 (Shellshock) by leveraging Google search to find vulnerable CGI scripts and testing them with a crafted User-Agent header to trigger the vulnerability and retrieve /etc/passwd.

This repository provides a patched version of Bash 4.3 to mitigate CVE-2014-6271 (Shellshock). It includes source code patches and build instructions for applying the fix, particularly targeting SmartOS environments.

This repository provides patched Debian Lenny Bash packages for CVE-2014-6271 (Shellshock) and includes a test command to verify vulnerability. It does not contain exploit code but serves as a reference for testing and mitigation.

This is a simple Bash script that exploits CVE-2014-6271 (Shellshock) by injecting a malicious environment variable into a Bash process. The script demonstrates the vulnerability by executing arbitrary commands via a crafted function definition in an environment variable.

This repository contains a Node.js-based scanner for CVE-2014-6271 (Shellshock). It checks for vulnerable CGI scripts by injecting a crafted User-Agent header and verifying the response for a marker indicating command execution.

This is a Chef cookbook that scans for the presence of bash installations vulnerable to CVE-2014-6271 (Shellshock). It tests specified bash executables and fails the Chef run if a vulnerable version is detected.

This repository provides a script to test for and patch CVE-2014-6271 (Shellshock), a critical remote code execution vulnerability in Bash. The script automates the process of downloading, patching, and compiling a fixed version of Bash for macOS.

This repository contains only a README file describing a script to fix CVE-2014-6271 (Shellshock) but does not include any actual exploit or PoC code. It appears to be a placeholder or incomplete project.

This repository contains a Serverspec test to detect CVE-2014-6271 (Shellshock) by checking the Bash version and testing for vulnerability via an environment variable injection. It does not exploit the vulnerability but verifies its presence.

This repository provides patches for CVE-2014-6271 (Shellshock) in Bash, including upstream and Debian-specific fixes. It includes SHA256 checksums for verification but does not contain exploit code.

This Metasploit module scans for the Shellshock vulnerability (CVE-2014-6271) by injecting malicious environment variables via HTTP headers to CGI scripts. It checks for vulnerability by comparing responses to injected and normal requests.

This repository contains a functional Python exploit for CVE-2014-6271 (Shellshock), which targets vulnerable Bash environments via HTTP headers. The exploit sends a crafted User-Agent header to execute arbitrary commands, including a reverse shell payload.

This repository contains functional exploit code for CVE-2014-6271 (Shellshock) and CVE-2014-0160 (Heartbleed). The Shellshock PoC demonstrates remote command injection via a maliciously crafted User-Agent header, while the Heartbleed PoC includes a Python script to extract sensitive data from vulnerable OpenSSL servers.

The repository claims to be a reverse shell generator but lacks actual exploit code for CVE-2014-6271. It contains a web-based tool for generating reverse shells and includes Docker setup, but no PoC for the specified CVE.

This repository contains a functional exploit for CVE-2014-6271 (Shellshock) targeting SonicWall SSL-VPN appliances. The exploit leverages the vulnerability in the cgi-bin/jarrewrite.sh script to achieve unauthenticated remote command execution as the 'nobody' user, with a reverse shell payload delivered via /dev/tcp.

RouterSploit is an exploitation framework for embedded devices, containing modules for exploits, credential testing, scanners, and payloads. The repository includes functional exploit code for various vulnerabilities, including CVE-2014-6271 (Shellshock), with a structured development and testing environment.

This exploit leverages the Shellshock vulnerability (CVE-2014-6271) in Bash to bypass PHP's disable_functions restriction and execute arbitrary commands. It uses the mail() function with a crafted environment variable to trigger the vulnerability.

This is a detailed technical analysis of multiple vulnerabilities in Kemp Load Master, including RCE via command injection in CGI scripts, CSRF, XSS, and DoS. The writeup provides root cause analysis, affected endpoints, and exploitation techniques.

This Metasploit module exploits CVE-2014-6271 (Shellshock) by injecting malicious environment variables via Pure-FTPd's external authentication mechanism, achieving remote code execution. It leverages the bash vulnerability to execute arbitrary commands by manipulating the FTP login process.

This exploit leverages CVE-2014-6271 (Shellshock) to achieve remote code execution via SMTP headers. It sends a crafted email with malicious headers containing the payload to a vulnerable SMTP server, exploiting the bash environment variable injection flaw.

This exploit leverages the Shellshock vulnerability (CVE-2014-6271) in Bash by crafting malicious DHCP packets. It listens for DHCP DISCOVER broadcasts, extracts client details, and responds with an OFFER and ACK containing a malicious payload in the URL option (114), triggering remote code execution via the vulnerable Bash environment variable parsing.

This is a technical writeup explaining the Bash Shellshock vulnerability (CVE-2014-6271), detailing how specially crafted environment variables can inject and execute arbitrary code. It includes examples of vulnerable and patched behavior, along with an explanation of the root cause.

This Metasploit module exploits CVE-2014-6271 (Shellshock) by injecting malicious environment variables into CUPS filter configurations, achieving remote code execution. It supports both CVE-2014-6271 and CVE-2014-6278 payloads and includes authentication handling.

This PHP script exploits CVE-2014-6271 (Shellshock) by sending a crafted HTTP request with a malicious User-Agent header to a vulnerable CGI script, triggering remote code execution via Bash environment variable injection.

This is a functional exploit for CVE-2014-6271 (Shellshock) that leverages the vulnerability in Bash via HTTP headers to execute arbitrary commands. It supports both reverse and bind shell payloads, targeting vulnerable CGI scripts on Apache servers.

This Metasploit module exploits CVE-2014-6271 (ShellShock) to achieve remote code execution on QNAP Turbo NAS devices by injecting malicious environment variables via the User-Agent header in HTTP requests to a CGI script.

This Metasploit module exploits CVE-2014-6271 (ShellShock) to spawn a remote admin shell on QNAP Turbo NAS devices by injecting malicious environment variables via HTTP User-Agent header, triggering a vulnerable Bash instance to execute arbitrary commands.

This Python script exploits CVE-2014-6271 (ShellShock) in IPFire <= 2.15 core 82 by injecting malicious environment variables into a CGI script via HTTP headers, allowing authenticated remote command execution.

This Metasploit module exploits CVE-2014-6271 (Shellshock) by sending a maliciously crafted HTTP request to a vulnerable CGI script, injecting a bash command that writes and executes a payload. The exploit leverages the environment variable injection flaw in GNU Bash.

This Metasploit module exploits CVE-2014-6271 (Shellshock) by sending a crafted HTTP request with a malicious User-Agent header to a BASH-based CGI script, allowing arbitrary command execution. The exploit leverages the vulnerability in BASH's environment variable parsing to inject and execute commands.

This Metasploit module exploits the Shellshock vulnerability (CVE-2014-6271) by acting as a malicious DHCP server that injects crafted environment variables into dhclient requests, leading to remote code execution.

This Metasploit module exploits the Shellshock vulnerability (CVE-2014-6271) in Qmail by injecting malicious environment variables via the SMTP MAIL FROM field, leading to remote command execution if /bin/sh is linked to Bash.

This Metasploit module exploits the Shellshock vulnerability (CVE-2014-6271) by injecting malicious environment variables via DHCP responses to achieve remote code execution. It writes the payload into /etc/crontab and cleans up after establishing a session.

This Metasploit module exploits the Shellshock vulnerability (CVE-2014-6271) in Pure-FTPd when configured with external Bash authentication. It injects malicious environment variables to achieve remote code execution via a crafted FTP login.

This Metasploit module exploits CVE-2014-6271 (Shellshock) in IPFire firewall systems by injecting a malicious environment variable via HTTP headers, leading to remote command execution. It includes authentication handling and version checking to confirm vulnerability.

This Metasploit module exploits CVE-2014-6271 (Shellshock) by injecting malicious environment variables via the User-Agent header in a GET request to the 'ping.sh' CGI script on Advantech switches running Boa web server. It achieves remote command execution by leveraging the Bash vulnerability.

This Metasploit module exploits the Shellshock vulnerability (CVE-2014-6271) in Bash to achieve local privilege escalation on macOS by targeting VMWare Fusion's SUID binary `vmware-vmx-stats`. It uploads a payload to a writable directory and executes it via environment variable injection.