CVE-2019-15710

FortiExtender OS command injection affects versions prior to 4.1.2. In the FortiExtender CLI admin console, authenticated administrators can execute arbitrary system commands via specially crafted “execute date” inputs, due to improper input sanitization. The vulnerability is documented in Fortin...

CVE-2019-15710

An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, 4.0.0 and below under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted "execute date" commands...

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by Kubernetes security vulnerability (CVE-2019-11247)

Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability in Kubernetes API server that allows access to custom resources via wrong scope CVE-2019-11247. Vulnerability Details CVE-ID: CVE-2019-11247 Description: Kubernetes could allow a remote authenticated attacker to gain...

CVE-2010-0737

A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configuration changes with the privileges of the administrator user...

Input validation

A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configuration changes with the privileges of the administrator user...

Security Bulletin: IBM Cloud Kubernetes Service is affected by a Python security vulnerability (CVE-2019-10160)

Summary IBM Cloud Kubernetes Service is vulnerable to CVE-2019-10160 Python security vulnerability which could allow a remote attacker to obtain sensitive information, caused by improper unicode encoding handling. Vulnerability Details CVE-ID: CVE-2019-10160 Description: Python...

UPDATE: FactionC2 2019-10-20

PenTestIT RSS Feed FactionC2 2019-10-20 was released a couple of days ago by the author. This C2 framework was briefly mentioned in my previous post titled List of Open Source C2 Post-Exploitation Frameworks. This release most importantly contains upgrades to .Net Core 3 version among additional...

Moxa EDR-810 Command Injection / Information Disclosure

During an engagement for a client, RandoriSec found 2 vulnerabilities on Moxa EDR-810 Series Secure Routers. The first one is a command injection vulnerability found on the CLI allowing an authenticated user to obtain root privileges. And the other one is an improper access control found on the w...

Moxa EDR-810 - Command Injection / Information Disclosure

During an engagement for a client, RandoriSec found 2 vulnerabilities on Moxa EDR-810 Series Secure Routers. The first one is a command injection vulnerability found on the CLI allowing an authenticated user to obtain root privileges. And the other one is an improper access control found on the w...

Moxa EDR-810 - Command Injection / Information Disclosure Vulnerabilities

During an engagement for a client, RandoriSec found 2 vulnerabilities on Moxa EDR-810 Series Secure Routers. The first one is a command injection vulnerability found on the CLI allowing an authenticated user to obtain root privileges. And the other one is an improper access control found on the w...

Cisco FXOS Software Command Injection Vulnerability (CVE-2019-1779)

According to its self-reported version, Cisco FXOS Software is affected by the vulnerability that allows an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insufficient...

CVE-2019-15273

Multiple vulnerabilities in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to overwrite arbitrary files. The vulnerabilities are due to insufficient permission enforcement. An attacker could exploit these vulnerabilities by...

Design/Logic Flaw

Multiple vulnerabilities in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to overwrite arbitrary files. The vulnerabilities are due to insufficient permission enforcement. An attacker could exploit these vulnerabilities by...

CVE-2019-15962 Cisco TelePresence Collaboration Endpoint Software Arbitrary File Write Vulnerability

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to write files to the /root directory of an affected device. The vulnerability is due to improper permission assignment. An attacker could exploit this vulnerability by...

CVE-2019-15962

CVE-2019-15962 describes a local arbitrary file write vulnerability in Cisco TelePresence Collaboration Endpoint (CE) Software. The root cause is improper permission assignment in the CLI, allowing an authenticated, local attacker to log in as the remotesupport user and write files to the /root d...

CVE-2019-15277 Cisco TelePresence Collaboration Endpoint Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to execute code with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating as the...

CVE-2019-15275 Cisco TelePresence Collaboration Endpoint Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by...

CVE-2019-15275

CVE-2019-15275 affects Cisco TelePresence Collaboration Endpoint (CE) Software. The issue is a local privilege-escalation due to insufficient input validation in the CLI, allowing an authenticated remote-support user to submit malicious input and execute commands with root privileges on the under...

CVE-2019-15273 Cisco TelePresence Collaboration Endpoint Software Arbitrary File Overwrite Vulnerabilities

Multiple vulnerabilities in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to overwrite arbitrary files. The vulnerabilities are due to insufficient permission enforcement. An attacker could exploit these vulnerabilities by...

CVE-2019-15273 Cisco TelePresence Collaboration Endpoint Software Arbitrary File Overwrite Vulnerabilities

Multiple vulnerabilities in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to overwrite arbitrary files. The vulnerabilities are due to insufficient permission enforcement. An attacker could exploit these vulnerabilities by...