Jenkins CLI - HTTP Java Deserialization (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule Msf::Exploit::Remote Rank = ExcellentRanking STAGE1 =...

Cisco Enterprise NFV Infrastructure Software Local Command Injection Vulnerability

Cisco Enterprise NFV Infrastructure Software NFVIS is a suite of NVF infrastructure software platforms from Cisco. The platform enables full lifecycle management of virtualized services through a central orchestrator and controller.CLI is one of the command line tools. A command injection...

Cisco Enterprise NFV Infrastructure Software CLI Command Injection Vulnerability

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, high-privileged, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command parameters in the CLI parser. An attacker coul...

D-Link DSL-2750B OS Command Injection

This module exploits a remote command injection vulnerability in D-Link DSL-2750B devices. Vulnerability can be exploited through "cli" parameter that is directly used to invoke "ayecli" binary. Vulnerable firmwares are from 1.01 up to 1.03. This module requires Metasploit:...

EMC RecoverPoint 4.3 Admin CLI Command Injection

Exploit Title: EMC RecoverPoint 4.3 - Admin CLI Command Injection Version: RecoverPoint prior to 5.1.1 RecoverPoint for VMs prior to 5.0.1.3 Date: 2018-05-11 Exploit Author: Paul Taylor Github: https://github.com/bao7uo Tested on: RecoverPoint for VMs 4.3, RecoverPoint 4.4.SP1.P1 CVE: CVE-2018-11...

Design/Logic Flaw

admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough...

CVE-2016-8627

admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough...

CVE-2016-8627

admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough...

CVE-2016-8627

admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough...

CVE-2016-8627

Technical details are not publicly available in the provided connected documents. Monitor for updates.

EMC RecoverPoint 4.3 - Admin CLI Command Injection

EMC RecoverPoint 4.3 - Admin CLI Command Injection Exploit Title: EMC RecoverPoint 4.3 - Admin CLI Command Injection Version: RecoverPoint prior to 5.1.1 RecoverPoint for VMs prior to 5.0.1.3 Date: 2018-05-11 Exploit Author: Paul Taylor Github: https://github.com/bao7uo Tested on: RecoverPoint fo...

The vulnerability of the CLI analyzer in the Cisco IOS XE operating system allows a hacker to execute arbitrary commands.

The vulnerability of the Cisco IOS XE operating system’s CLI analyzer is related to deficiencies in access control. Exploiting this vulnerability allows a person with privileges at the EXEC mode level to gain access to the device’s Linux shell and execute arbitrary commands with root privileges...

Multiple vulnerabilities in the CLI analyzer of the Cisco IOS XE operating system, allowing attackers to execute arbitrary commands

The multiple vulnerabilities of the Cisco IOS XE operating system’s CLI analyzer are related to the failure to take measures to neutralize special elements used in the operating system’s commands. Exploiting these vulnerabilities can allow attackers to gain access to the device’s Linux shell and...

Astra - Automated Security Testing For REST API's

REST API penetration testing is complex due to continuous changes in existing APIs and newly added APIs. Astra can be used by security engineers or developers as an integral part of their process, so they can detect and patch vulnerabilities early during development cycle. Astra can automatically...

Command injection

Katello allows remote authenticated users to call the "system removedeletion" CLI command via vectors related to "remove system" permissions...

CVE-2013-4201

Katello allows remote authenticated users to call the "system removedeletion" CLI command via vectors related to "remove system" permissions...

CVE-2013-4201

Katello allows remote authenticated users to call the "system removedeletion" CLI command via vectors related to "remove system" permissions...

CVE-2013-4201

CVE-2013-4201 affects Red Hat Katello. Connected CNVD-2018-10937 indicates Katello vulnerability allowing remote authenticated users to invoke the system remove_deletion CLI command via vectors tied to remove system permissions. The NVD entry describes remote authentication with system removal ca...

Jenkins Multiple Vulnerabilities (Apr 2018) - Windows

Jenkins is prone to multiple vulnerabilities. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2018-1000169

An exposure of sensitive information vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in CLICommand.java and ViewOptionHandler.java that allows unauthorized attackers to confirm the existence of agents or views with an attacker-specified name by sending a CLI command to...