Lucene search
K

44 matches found

Veracode
Veracode
added 2019/05/02 6:9 a.m.48 views

Information Disclosure

admin-cli in Red Hat JBoss Enterprise Application Platform is vulnerable to information disclosure. This vulnerability exists due to EAP feature to download server log files that allows logs to be available via GET requests causing cross-origin attacks. An attacker could trigger the user's browse...

6.5CVSS6.4AI score0.02693EPSS
Exploits0References20Affected Software200
Tenable Nessus
Tenable Nessus
added 2018/08/29 12:0 a.m.31 views

RHEL 6 / 7 : eap7-jboss-ec2-eap (RHSA-2017:0173)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:0173 advisory. The eap7-jboss-ec2-eap package provides scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services AWS...

6.5CVSS6.3AI score0.02693EPSS
Exploits0References9
CNVD
CNVD
added 2018/06/21 12:0 a.m.6 views

Ubiquiti Networks EdgeSwitch Code Execution Vulnerability

The Ubiquiti EdgeSwitch is a Gigabit network switch device from Ubiquiti Networks, Inc. A security vulnerability exists in Ubiquiti EdgeSwitch 1.7.3 and earlier versions, which stems from the program's lack of protection for the admin CLI. The vulnerability can be exploited by an attacker to...

9CVSS7.2AI score0.0167EPSS
Exploits0References1
OSV
OSV
added 2018/06/20 12:29 p.m.3 views

CVE-2018-12591

Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an improperly neutralized element in an OS command due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an admi...

7.2CVSS6.3AI score0.01861EPSS
Exploits0References1
NVD
NVD
added 2018/06/20 12:29 p.m.20 views

CVE-2018-12591

Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an improperly neutralized element in an OS command due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an admi...

9CVSS7.7AI score0.01861EPSS
Exploits0References1
Prion
Prion
added 2018/06/20 12:29 p.m.18 views

Format string

Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an...

9CVSS7.5AI score0.0167EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/06/20 12:29 p.m.15 views

CVE-2018-12590

Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an...

9CVSS7.6AI score0.0167EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/06/20 12:0 p.m.17 views

CVE-2018-12590

Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an...

7.6AI score0.0167EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2018/05/13 12:0 a.m.79 views

EMC RecoverPoint 4.3 Admin CLI Command Injection

Exploit Title: EMC RecoverPoint 4.3 - Admin CLI Command Injection Version: RecoverPoint prior to 5.1.1 RecoverPoint for VMs prior to 5.0.1.3 Date: 2018-05-11 Exploit Author: Paul Taylor Github: https://github.com/bao7uo Tested on: RecoverPoint for VMs 4.3, RecoverPoint 4.4.SP1.P1 CVE: CVE-2018-11...

7.2CVSS0.06308EPSS
Exploits5
Prion
Prion
added 2018/05/11 1:29 p.m.20 views

Design/Logic Flaw

admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough...

4.3CVSS6.7AI score0.02693EPSS
Exploits0References16Affected Software1
OSV
OSV
added 2018/05/11 1:29 p.m.32 views

CVE-2016-8627

admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough...

6.5CVSS6.6AI score0.02693EPSS
Exploits0References16
NVD
NVD
added 2018/05/11 1:29 p.m.34 views

CVE-2016-8627

admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough...

6.5CVSS4.8AI score0.02693EPSS
Exploits0References16
CVE
CVE
added 2018/05/11 1:0 p.m.120 views

CVE-2016-8627

Technical details are not publicly available in the provided connected documents. Monitor for updates.

6.5CVSS6.6AI score0.02693EPSS
Exploits0References16Affected Software1
Cvelist
Cvelist
added 2018/05/11 1:0 p.m.41 views

CVE-2016-8627

admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough...

4.3CVSS6.7AI score0.02693EPSS
Exploits0References16
exploitpack
exploitpack
added 2018/05/11 12:0 a.m.70 views

EMC RecoverPoint 4.3 - Admin CLI Command Injection

EMC RecoverPoint 4.3 - Admin CLI Command Injection Exploit Title: EMC RecoverPoint 4.3 - Admin CLI Command Injection Version: RecoverPoint prior to 5.1.1 RecoverPoint for VMs prior to 5.0.1.3 Date: 2018-05-11 Exploit Author: Paul Taylor Github: https://github.com/bao7uo Tested on: RecoverPoint fo...

7.2CVSS0.06308EPSS
Exploits5
Prion
Prion
added 2018/02/03 4:29 p.m.23 views

Command injection

An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Admin CLI may allow a malicious user with admin privileges to escape from the restricted...

7.2CVSS6.8AI score0.06308EPSS
Exploits5References3Affected Software2
Hacker One
Hacker One
added 2018/02/03 7:58 a.m.15 views

Ubiquiti Inc.: Format String Vulnerability in the EdgeSwitch restricted CLI

In EdgeSwitch 1.7.3 and prior, an user with admin credentials can make use of specially crafted commands to execute arbitrary shell instructions, bypassing the SSH/TELNET CLI interface. There was a format string vulnerability present in the Admin CLI for the EdgeSwitch. Exploiting this...

3.6AI score
Exploits0
CVE
CVE
added 2018/02/03 1:0 a.m.68 views

CVE-2018-1185

The CVE-2018-1185 issue affects EMC RecoverPoint for Virtual Machines and RecoverPoint, with vulnerable versions listed as prior to 5.1.1, 5.1.0.0, and prior to 5.0.1.3. The Admin CLI contains a command injection flaw that could let a user with admin privileges escape the restricted shell and exe...

7.2CVSS6.8AI score0.06308EPSS
Exploits5References3Affected Software2
Cvelist
Cvelist
added 2018/02/03 1:0 a.m.26 views

CVE-2018-1185

An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Admin CLI may allow a malicious user with admin privileges to escape from the restricted...

6.8AI score0.06308EPSS
Exploits5References3
Veracode
Veracode
added 2017/03/29 8:30 a.m.20 views

Unauthorized Domain Creation

admin-cli is vulnerable to unauthorised domain creation. The vulnerability is possible since it does not verify the validity of admin's credentials before creation of domain...

3.7CVSS6.1AI score0.00342EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder