CVE-2016-10538

The package node-cli before 1.0.0 insecurely uses the lockfile and logfile. Both of these are temporary, but it allows the starting user to overwrite any file they have access to...

Remote code execution

galenframework-cli is the node wrapper for the Galen Framework. galenframework-cli below 2.3.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled...

CVE-2016-10538

The package node-cli before 1.0.0 insecurely uses the lockfile and logfile. Both of these are temporary, but it allows the starting user to overwrite any file they have access to...

Design/Logic Flaw

The package node-cli before 1.0.0 insecurely uses the lockfile and logfile. Both of these are temporary, but it allows the starting user to overwrite any file they have access to...

UBUNTU-CVE-2016-10538

The package node-cli before 1.0.0 insecurely uses the lockfile and logfile. Both of these are temporary, but it allows the starting user to overwrite any file they have access to...

CVE-2016-10560

galenframework-cli is the node wrapper for the Galen Framework. galenframework-cli below 2.3.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled...

CVE-2016-10538

CVE-2016-10538 affects node-cli prior to 1.0.0, where the process insecurely uses temporary files (lock_file and log_file). This design flaw enables the starting user to overwrite arbitrary files they have access to, due to predictable temporary file names. The core issue is the ability to create...

CVE-2016-10538

The package node-cli before 1.0.0 insecurely uses the lockfile and logfile. Both of these are temporary, but it allows the starting user to overwrite any file they have access to...

Sharesniffer - Network Share Sniffer And Auto-Mounter For Crawling Remote File Systems

sharesniffer is a network analysis tool for finding open and closed file shares on your local network. It includes auto-network discovery and auto-mounting of any open cifs and nfs shares. How to use Example to find all hosts in 192.168.56.0/24 network and auto-mount at /mnt: python sniffshares.p...

[SECURITY] Fedora 28 Update: wireshark-2.6.1-1.fc28

Metapackage with installs wireshark-cli and wireshark-qt...

CVE-2018-1242

Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contains a command injection vulnerability in the Boxmgmt CLI. An authenticated malicious user with boxmgmt privileges may potentially exploit this vulnerability to read RPA files. Note that files th...

CVE-2018-1242

Dell EMC RecoverPoint suffers a command injection vulnerability in the Boxmgmt CLI affecting RecoverPoint versions before 5.1.2 and RecoverPoint for VM versions before 5.1.1.3. An authenticated user with boxmgmt privileges can potentially exploit this to read RPA files, with root-required files r...

Node.js third-party modules: Privilage escalation with malicious .npmrc

Hello. I'm forwarding to you my conversation with npm staff regarding security issue. It allows to escalate to root privilages of victim using either: a basic social engineering - convincing victim to run npm in attacker-controlled folder eg. repository, including such innocent ones like "npm hel...

[ASA-201805-25] wireshark-cli: multiple issues

Arch Linux Security Advisory ASA-201805-25 ========================================== Severity: Critical Date : 2018-05-25 CVE-ID : CVE-2018-11354 CVE-2018-11355 CVE-2018-11356 CVE-2018-11357 CVE-2018-11358 CVE-2018-11359 CVE-2018-11360 CVE-2018-11361 CVE-2018-11362 Package : wireshark-cli Type :...

Dell EMC RecoverPoint boxmgmt CLI 5.1.2 - Arbitrary File Read

Dell EMC RecoverPoint boxmgmt CLI 5.1.2 - Arbitrary File Read Exploit Title: Dell EMC RecoverPoint boxmgmt CLI /etc/passwd: terminating, 34 bad configuration options Command "ssh...

Jenkins CLI - HTTP Java Deserialization Exploit

Exploit for linux platform in category remote exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule Msf::Exploit::Remote Rank = ExcellentRanking STAGE1 =...

FortiOS local privilege escalation via malicious use of USB storage devices

An admin user with superadmin privileges can execute an arbitrary binary contained on an USB drive plugged to a FortiGate, via linking the aforementioned binary to a command that is allowed to be run by the fnsysctl CLI command...

CVE-2018-0324

Summary: CVE-2018-0324 is a local command-injection vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) CLI due to insufficient input validation in the CLI parser. An authenticated, high-privilege, local attacker could trigger a vulnerable CLI command with crafted parameters to ...

CVE-2018-0324

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, high-privileged, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command parameters in the CLI parser. An attacker coul...

Jenkins CLI - HTTP Java Deserialization (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule Msf::Exploit::Remote Rank = ExcellentRanking STAGE1 =...