PT-2026-28264

Ruckus Access Point products contain an arbitrary file read vulnerability in the command-line interface that allows authenticated remote attackers with administrative privileges to read arbitrary files from the underlying filesystem. Attackers can exploit this vulnerability to access sensitive...

EFM iptime A6004MX 代码问题漏洞

EFM iptime A6004MX is a wireless router produced by the South Korean company EFM. The EFM iptime A6004MX version 14.18.2 has a code vulnerability. This vulnerability stems from an unlimited upload function in the commitvpnclifile Upload function located in the cgi/timepro.cgi file, which could le...

Hewlett Packard Enterprise EdgeConnect SD-WAN 安全漏洞

Hewlett Packard Enterprise EdgeConnect SD-WAN is Hewlett Packard Enterprise's secure network foundation for Zero Trust and SASE. It includes best-in-class SD-WAN and next-generation firewalls that deliver unrivaled quality of experience and advanced security. A security vulnerability exists in...

Linux Distros Unpatched Vulnerability : CVE-2024-54132

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The GitHub CLI is GitHub's official command line tool. A security vulnerability has been identified in GitHub CLI that could create or overwrite files in...

PT-2024-33200 · Unknown · Alist-Tvbox

Name of the Vulnerable Software and Affected Versions: alist-tvbox version 1.7.1 Description: The issue allows a remote attacker to execute arbitrary code via the "/atv-cli" file. This enables the attacker to potentially gain control over the system, allowing for unauthorized actions...

CVE-2024-48747

An issue in alist-tvbox v1.7.1 allows a remote attacker to execute arbitrary code via the /atv-cli file...

alist-tvbox 安全漏洞

alist-tvbox is an AList TvBox proxy server by Harold Personal Developer. A security vulnerability exists in alist-tvbox version v1.7.1, which stems from a vulnerability that allows remote attackers to execute arbitrary code via the /atv-cli file...

Hewlett Packard Enterprise ArubaOS 安全漏洞

Hewlett Packard Enterprise ArubaOS HPE ArubaOS is a networked wireless operating system from Hewlett Packard Enterprise. A security vulnerability exists in Hewlett Packard Enterprise ArubaOS, which stems from an authenticated path traversal vulnerability that could allow an attacker to remotely...

CVE-2024-45401 stripe-cli Path Traversal vulnerability

stripe-cli is a command-line tool for the payment processor Stripe. A vulnerability exists in stripe-cli starting in version 1.11.1 and prior to version 1.21.3 where a plugin package containing a manifest with a malformed plugin shortname installed using the --archive-url or --archive-path flags...

Varnish Cache CLI File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/tcp/client' require 'metasploit/framework/varnish/client' class MetasploitModule 'Varnish Cache CLI File Read', 'Description' = 'This modul...

CVE-2024-28423

Airflow-Diagrams v2.1.0 was discovered to contain an arbitrary file upload vulnerability in the unsafeload function at cli.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted YML file...

PYSEC-2024-270

Airflow-Diagrams v2.1.0 was discovered to contain an arbitrary file upload vulnerability in the unsafeload function at cli.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted YML file...

PT-2023-21409 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.393 and earlier Jenkins LTS versions 2.375.3 and earlier Description: The issue arises when uploading a file parameter through the CLI, as Jenkins creates a temporary file in the default temporary directory with default...

CVE-2017-7307

Riverbed RiOS before 9.0.1 does not properly restrict shell access in single-user mode, which makes it easier for physically proximate attackers to obtain root privileges and access decrypted data by replacing the /opt/tms/bin/cli file...