admin-cli: Potential EAP resource starvation DOS attack via GET requests for server log files

An EAP feature to download server log files allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired...

admin-cli: Potential EAP resource starvation DOS attack via GET requests for server log files

An EAP feature to download server log files allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired...

CVE-2017-13664

Password file exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to execute arbitrary commands with administrative privileges by retrieving credentials from this file...

Juniper SSG Series device ScreenOS cross-site scripting vulnerability (CNVD-2017-23955)

The Juniper SSG Series is a family of firewall appliances from Juniper Networks.ScreenOS is one of the operating systems. A cross-site scripting vulnerability exists in Firewall+VPN in ScreenOS on Juniper SSG Series devices. A remote attacker can exploit this vulnerability to inject HTML/JavaScri...

CVE-2017-11193

Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the diag.cgi file is responsible for running commands such as ping, ping6, traceroute, traceroute6, nslookup, arp, and Portprobe. These functions do not have any protections against CSRF. That can allow an attacker to run these comman...

admin-cli: Potential EAP resource starvation DOS attack via GET requests for server log files

An EAP feature to download server log files allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired...

IBM Tivoli NetView Access Services Privilege Gain Vulnerability

IBM Tivoli NetView Access Services NVAS is a suite of session management tools from IBM USA that supports simultaneous access to multiple applications from a single endpoint. A security vulnerability exists in IBM Tivoli NVAS. A remote attacker can exploit the vulnerability to gain privileges by...

ceph-deploy admin command copies keyring file to /etc/ceph which is world readable

It was discovered that ceph-deploy, a utility for deploying Red Hat Ceph Storage, would create the keyring file with world readable permissions, which could possibly allow a local user to obtain authentication credentials from the keyring file...

Command injection

The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file...

PYSEC-2015-3

The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file...

CVE-2015-4053

The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file...

CVE-2015-4053

The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file...

PHP-Nuke 6.x/7.0/7.1 Image Tag Admin Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9895/info It has been reported that PHP-Nuke is prone to a remote admin command execution vulnerability. This issue is due to a design error that allows an attacker to specify arbitrary URI values in bbCode tags contained...

NetWin SurgeFTP Authenticated Admin Command Injection

No description provided by source. require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initializeinfo = superupdateinfoinfo, 'Name' = 'SurgeFTP Remote Command Execution', 'Description' = %q This module exploits a flaw in t...

CVE-2013-0083

Cross-site scripting XSS vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka "SharePoint XSS Vulnerability."...

NetWin SurgeFTP - (Authenticated) Admin Command Injection (Metasploit)

NetWin SurgeFTP - Authenticated Admin Command Injection Metasploit require 'msf/core' class Metasploit3 'SurgeFTP Remote Command Execution', 'Description' = %q This module exploits a flaw in the SurgeFTP server's web-based administrative console to execute arbitary commands. , 'Author' = 'Spencer...

CVE-2009-1178

Unspecified vulnerability in the server in IBM Tivoli Storage Manager TSM 5.3.x before 5.3.2 and 6.x before 6.1 has unknown impact and attack vectors related to the "admin command line."...

Design/Logic Flaw

Unspecified vulnerability in the server in IBM Tivoli Storage Manager TSM 5.3.x before 5.3.2 and 6.x before 6.1 has unknown impact and attack vectors related to the "admin command line."...

CVE-2009-1178

Technical details about CVE-2009-1178 are not publicly provided in the supplied sources; no concrete impact, vector, or remediation is documented here. Monitor for updates.

CVE-2009-1178

Unspecified vulnerability in the server in IBM Tivoli Storage Manager TSM 5.3.x before 5.3.2 and 6.x before 6.1 has unknown impact and attack vectors related to the "admin command line."...