CVE-2014-7196

This Metasploit module exploits CVE-2014-6271 (Shellshock) by injecting malicious environment variables via the User-Agent header in HTTP requests to the 'ping.sh' CGI script on Advantech switches running Boa web server. It achieves remote command execution by leveraging the Bash vulnerability.

This PHP script exploits CVE-2014-6271 (Shellshock) by sending a crafted HTTP request with a malicious User-Agent header to a vulnerable CGI script, triggering remote code execution via Bash environment variable injection.

This exploit leverages the ShellShock vulnerability (CVE-2014-6271) in OpenVPN's authentication script to achieve remote code execution. The attacker injects malicious environment variables via the username and password fields, triggering a reverse shell.

This Metasploit module exploits CVE-2014-6271 (ShellShock) to achieve remote code execution on QNAP Turbo NAS devices by injecting malicious environment variables via the User-Agent header in HTTP requests to a CGI script.

This Metasploit module exploits CVE-2014-7196 (Shellshock) in CUPS by injecting malicious environment variables via PRINTER_INFO and PRINTER_LOCATION fields. It supports both CVE-2014-6271 and CVE-2014-6278 payloads, targeting authenticated CUPS instances to achieve remote code execution.

This is a technical writeup explaining the Bash Shellshock vulnerability (CVE-2014-7196), detailing how specially crafted environment variables can inject and execute arbitrary code. It includes examples of vulnerable and patched behavior, demonstrating the root cause and fix.

This Metasploit module exploits CVE-2014-6271 (Shellshock) by sending a crafted HTTP request with a malicious User-Agent header to a BASH-based CGI script, allowing arbitrary command execution. The exploit leverages the vulnerability in BASH's environment variable handling to inject and execute commands.

This exploit leverages ShellShock (CVE-2014-6271) in IPFire's CGI web interface to execute arbitrary commands via crafted HTTP headers. It authenticates with the target system and injects a malicious environment variable to achieve remote code execution.

This Metasploit module exploits the Shellshock vulnerability (CVE-2014-6271) in Apache CGI scripts by sending a maliciously crafted HTTP request with a specially formatted User-Agent header. The exploit delivers a payload to the target system, executes it, and cleans up after execution.

This exploit leverages the Shellshock vulnerability (CVE-2014-6271) in Bash to achieve remote code execution via SMTP headers. It sends a crafted email with malicious headers containing the payload to a vulnerable SMTP server, triggering command execution.

This Metasploit module exploits the Shellshock vulnerability (CVE-2014-6271) in Pure-FTPd when configured to use external authentication. It injects malicious environment variables via FTP login to achieve remote code execution.

This exploit leverages the Shellshock vulnerability (CVE-2014-6271) in Bash to bypass PHP's disable_functions directive and execute arbitrary commands. It uses the mail() function with a crafted environment variable to trigger the vulnerability and capture command output.

This Metasploit module exploits CVE-2014-6271 (ShellShock) in QNAP Turbo NAS devices by injecting a malicious Bash environment variable via the User-Agent header to spawn a utelnetd backdoor service, allowing remote command execution.

This is a detailed technical analysis of multiple vulnerabilities in Kemp Load Master, including RCE via command injection in the `fwaccess` endpoint, CSRF, XSS, and DoS. The writeup includes root cause analysis, affected endpoints, and exploitation techniques.

This exploit leverages the Shellshock vulnerability (CVE-2014-7196) in Bash to execute arbitrary commands via DHCP packets. It listens for DHCP DISCOVER broadcasts, crafts malicious OFFER and ACK packets with a payload that triggers the vulnerability, and sends them to the target.