CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 1CVE-1999-0491 – GNU GNU bash 1.14 - Path Embedded Code Execution
https://notcve.org/view.php?id=CVE-1999-0491
20 Apr 1999 — The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute. • https://www.exploit-db.com/exploits/19095 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-1999-1383
https://notcve.org/view.php?id=CVE-1999-1383
13 Sep 1996 — (1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain privileges via directory names that contain shell metacharacters (` back-tick), which can cause the commands enclosed in the directory name to be executed when the shell expands filenames using the \w option in the PS1 variable. • http://marc.info/?l=bugtraq&m=87602167419868&w=2 • CWE-264: Permissions, Privileges, and Access Controls •