CVE-2014-7910

This Metasploit module exploits CVE-2014-6271 and CVE-2014-6278 (Shellshock) by injecting malicious environment variables into CUPS filter configurations, leading to remote code execution. It adds a printer with a crafted PPD file and triggers payload execution via a test print job.

This exploit leverages the Shellshock vulnerability (CVE-2014-6271) in Bash to execute arbitrary commands via SMTP headers. It sends a crafted email with malicious headers to a vulnerable SMTP server, triggering command execution.

This Metasploit module exploits the Shellshock vulnerability (CVE-2014-6271) in Apache CGI scripts by sending a crafted HTTP request with a malicious User-Agent header. It delivers a payload to the target system, executes it, and cleans up afterward.

This Metasploit module exploits CVE-2014-6271 (Shellshock) in Pure-FTPd when configured to use external authentication. It injects malicious environment variables via FTP commands to achieve remote code execution.

This exploit leverages ShellShock (CVE-2014-6271) to perform authenticated remote command injection on IPFire <= 2.15 core 82 via manipulated HTTP headers. It uses Basic Auth to authenticate and injects a payload into the 'VULN' header to execute arbitrary commands.

This is a writeup explaining the CVE-2014-7910 vulnerability in Bash, which allows code injection via specially crafted environment variables. It demonstrates the flaw and the expected behavior after patching.

This exploit leverages CVE-2014-6271 (Shellshock) to inject arbitrary commands via maliciously crafted HTTP headers targeting vulnerable Bash versions. It sends a GET request with a User-Agent header containing a payload that triggers the vulnerability in CGI scripts.

This Metasploit auxiliary module exploits CVE-2014-6271 (Shellshock) by sending a maliciously crafted HTTP User-Agent header to a BASH-based CGI script, allowing arbitrary command execution. The payload is injected via the 'CMD' parameter, and the exploit checks for a 200 response to confirm potential success.

This writeup details multiple vulnerabilities in Kemp Load Master, including RCE via command injection in the `fwaccess` endpoint, CSRF, XSS, and DoS. The RCE exploit leverages an `eval` statement in a bash script, allowing arbitrary command execution through crafted HTTP requests.

This Metasploit module exploits CVE-2014-6271 (ShellShock) in QNAP Turbo NAS devices by injecting malicious environment variables via the User-Agent header to achieve remote code execution. It sends a crafted HTTP request to trigger the vulnerability and execute arbitrary commands.

This Metasploit module exploits CVE-2014-6271 (ShellShock) to spawn a remote admin shell on QNAP Turbo NAS devices by injecting a malicious Bash environment variable via an HTTP request, which triggers the utelnetd service on a specified port.

This exploit leverages the Shellshock vulnerability (CVE-2014-6271) in Bash to bypass PHP's disable_functions directive and execute arbitrary commands. It uses the mail() function with a crafted environment variable to trigger the vulnerability.

This exploit leverages the ShellShock vulnerability (CVE-2014-6271) in OpenVPN's authentication script to execute arbitrary commands via environment variables, resulting in a reverse shell. The PoC demonstrates how a malicious client can exploit the vulnerability by injecting a payload into the username and password fields during authentication.

This exploit leverages the Shellshock vulnerability (CVE-2014-7910) in Bash to execute arbitrary commands via DHCP packets. It listens for DHCP DISCOVER broadcasts, crafts malicious OFFER and ACK packets with a reverse shell payload, and sends them to the target.