7.5
CVSSv2

CVE-2014-7910

Published: 19/11/2014 Updated: 05/10/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 820
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Multiple unspecified vulnerabilities in Google Chrome prior to 39.0.2171.65 allow malicious users to cause a denial of service or possibly have other impact via unknown vectors.

Vulnerable Product Search on Vulmon Subscribe to Product

google chrome

Vendor Advisories

Multiple unspecified vulnerabilities in Google Chrome before 390217165 allow attackers to cause a denial of service or possibly have other impact via unknown vectors ...
Several security issues were fixed in Oxide ...

Exploits

<?php /* Title: Bash Specially-crafted Environment Variables Code Injection Vulnerability CVE: 2014-6271 Vendor Homepage: wwwgnuorg/software/bash/ Author: Prakhar Prasad && Subho Halder Author Homepage: prakharprasadcom && appknoxcom Date: September 25th 2014 Tested on: Mac OS X 1094/1095 with Apac ...
# Exploit Title: QNAP admin shell via Bash Environment Variable Code Injection # Date: 7 February 2015 # Exploit Author: Patrick Pellegrino | 0x700x700x650x6c0x6c0x650x670x720x690x6e0x6f@securegroupit [work] / 0x640x330x760x620x700x70@gmailcom [other] # Employer homepage: wwwsecuregroupit # Vendor homepage: wwwqnapcom # Version: ...
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit4 < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'CUPS Fi ...
## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit4 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Ftp include Msf::Exploit::CmdStager def initialize(info = {}) super(update_info(i ...
Exploit Database Note: The following is an excerpt from: securityblogredhatcom/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ Like “real” programming languages, Bash has functions, though in a somewhat limited implementation, and it is possible to put these bash functions into environment variables Th ...
#!/usr/bin/env python # # Exploit Title : IPFire <= 215 core 82 Authenticated cgi Remote Command Injection (ShellShock) # # Exploit Author : Claudio Viviani # # Vendor Homepage : wwwipfireorg # # Software Link: downloadsipfireorg/releases/ipfire-2x/215-core82/ipfire-215i586-full-core82iso # # Date : 2014-09-29 # # Fixed v ...
#!/bin/python # Exploit Title: Shellshock SMTP Exploit # Date: 10/3/2014 # Exploit Author: fattymcwopr # Vendor Homepage: gnuorg # Software Link: ftpgnuorg/gnu/bash/ # Version: 42x < 4248 # Tested on: Debian 7 (postfix smtp server w/procmail) # CVE : 2014-6271 from socket import * import sys def usage(): print "shellshock_sm ...
# Exploit Title: ShellShock OpenVPN Exploit # Date: Fri Oct 3 15:48:08 EDT 2014 # Exploit Author: hobbily AKA @fj33r # Version: 2229 # Tested on: Debian Linux # CVE : CVE-2014-6271 #Probably should of submitted this the day I tweeted it ### serverconf port 1194 proto udp dev tun client-cert-not-required auth-user-pass-verify /etc/openvpn ...
# Exploit Title: PHP 5x Shellshock Exploit (bypass disable_functions) # Google Dork: none # Date: 10/31/2014 # Exploit Author: Ryan King (Starfall) # Vendor Homepage: phpnet # Software Link: phpnet/get/php-562tarbz2/from/a/mirror # Version: 5* (tested on 562) # Tested on: Debian 7 and CentOS 5 and 6 # CVE: CVE-2014-6271 < ...
require 'msf/core' class Metasploit3 < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'bashedCgi', 'Description' => %q{ Quick & dirty module to send the BASH ex ...
# Exploit Title: QNAP Web server remote code execution via Bash Environment Variable Code Injection # Date: 7 February 2015 # Exploit Author: Patrick Pellegrino | 0x700x700x650x6c0x6c0x650x670x720x690x6e0x6f@securegroupit [work] / 0x640x330x760x620x700x70@gmailcom [other] # Employer homepage: wwwsecuregroupit # Vendor homepage: ww ...
## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::EXE def initialize(info = {}) super(update_info ...
# Exploit Title: Kemp Load Master - Multiple Vulnerabilities (RCE, CSRF, XSS, DoS) # Date: 01 April 2015 # Author: Roberto Suggi Liverani # Software Link: kemptechnologiescom/load-balancer/ # Version: 7116 and previous versions # Tested on: Kemp Load Master 71-16 # CVE : CVE-2014-5287/5288 Link: blogmalerischnet/2015/04/playing ...
#!/usr/bin/python # Exploit Title: dhclient shellshocker # Google Dork: n/a # Date: 10/1/14 # Exploit Author: @0x00string # Vendor Homepage: gnuorg # Software Link: ftpgnuorg/gnu/bash/bash-43targz # Version: 4311 # Tested on: Ubuntu 14041 # CVE : CVE-2014-6277,CVE-2014-6278,CVE-2014-7169,CVE-2014-7186,CVE-2014-7187 # ______ ...

References

NVD-CWE-noinfohttp://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1894.htmlhttp://secunia.com/advisories/60194http://secunia.com/advisories/62608http://www.securityfocus.com/bid/71161http://www.securitytracker.com/id/1031241https://code.google.com/p/chromium/issues/detail?id=337071https://code.google.com/p/chromium/issues/detail?id=340387https://code.google.com/p/chromium/issues/detail?id=389451https://code.google.com/p/chromium/issues/detail?id=391001https://code.google.com/p/chromium/issues/detail?id=397396https://code.google.com/p/chromium/issues/detail?id=408426https://code.google.com/p/chromium/issues/detail?id=409454https://code.google.com/p/chromium/issues/detail?id=409508https://code.google.com/p/chromium/issues/detail?id=411159https://code.google.com/p/chromium/issues/detail?id=411162https://code.google.com/p/chromium/issues/detail?id=411165https://code.google.com/p/chromium/issues/detail?id=413743https://code.google.com/p/chromium/issues/detail?id=413744https://code.google.com/p/chromium/issues/detail?id=414134https://code.google.com/p/chromium/issues/detail?id=415407https://code.google.com/p/chromium/issues/detail?id=417210https://code.google.com/p/chromium/issues/detail?id=417329https://code.google.com/p/chromium/issues/detail?id=421090https://code.google.com/p/chromium/issues/detail?id=421321https://code.google.com/p/chromium/issues/detail?id=421504https://code.google.com/p/chromium/issues/detail?id=421720https://code.google.com/p/chromium/issues/detail?id=421981https://code.google.com/p/chromium/issues/detail?id=422482https://code.google.com/p/chromium/issues/detail?id=423030https://code.google.com/p/chromium/issues/detail?id=423891https://code.google.com/p/chromium/issues/detail?id=424215https://code.google.com/p/chromium/issues/detail?id=424999https://code.google.com/p/chromium/issues/detail?id=425151https://code.google.com/p/chromium/issues/detail?id=425152https://code.google.com/p/chromium/issues/detail?id=433500https://exchange.xforce.ibmcloud.com/vulnerabilities/98798https://www.exploit-db.com/exploits/34879/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2014-7910https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2014-7910https://usn.ubuntu.com/2410-1/https://www.exploit-db.com/exploits/34766/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2014-1894