CVE-2018-0182

Cisco IOS XE Software CLI Command Injection vulnerabilities (CVE-2018-0182) arise from insufficient sanitization of CLI arguments before passing them to the Linux shell. An authenticated, local attacker can exploit this via the CLI to gain access to the underlying Linux shell with root privileges...

CVE-2018-0176

Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerabilities are due to the affected softwa...

CVE-2018-0185

CVE-2018-0185 relates to multiple vulnerabilities in the Cisco IOS XE Software CLI parser . The issues arise because the affected CLI parser does not sufficiently sanitize command arguments before passing them to the Linux shell, allowing an authenticated, local attacker to submit a malicious CLI...

CVE-2018-0185

Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute comman...

CVE-2018-0176

Summary: CVE-2018-0176 describes multiple vulnerabilities in the CLI parser of Cisco IOS XE Software that can allow an authenticated, local attacker with user EXEC privileges to gain access to the device’s underlying Linux shell and execute arbitrary commands with root privileges. The root cause ...

CVE-2018-0183

Cisco IOS XE Software for Cisco 4000 Series routers contains a local privilege-escalation (CVE-2018-0183) in the CLI parser. An authenticated attacker with privileged EXEC (level 15) can exploit crafted CLI arguments to gain access to the device’s underlying Linux shell and execute commands as ro...

CVE-2018-0183

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperl...

CVE-2018-0176

Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerabilities are due to the affected softwa...

Cisco IOS XE Software User EXEC Mode Root Shell Access Vulnerabilities

Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerabilities are due to the affected softwa...

Cisco IOS XE Software CLI Command Injection Vulnerabilities

Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute comman...

Cisco IOS XE Software Privileged EXEC Mode Root Shell Access Vulnerability

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperl...

Incorrect Access Controls

github.com/cloudfoundry/bosh-cli uses incorrect access controls. If a user has access to an instance, they can use the contents of the BOSH CLI configuration file to perform authenticated requests to BOSH...

CVE-2018-1231

Cloud Foundry BOSH CLI, versions prior to v3.0.1, contains an improper access control vulnerability. A user with access to an instance using the BOSH CLI can access the BOSH CLI configuration file and use its contents to perform authenticated requests to BOSH...

CVE-2018-1231

Cloud Foundry BOSH CLI, versions prior to v3.0.1, contains an improper access control vulnerability. A user with access to an instance using the BOSH CLI can access the BOSH CLI configuration file and use its contents to perform authenticated requests to BOSH...

CVE-2018-1231

CVE-2018-1231 affects Cloud Foundry BOSH CLI prior to v3.0.1. The issue is improper access control: a user with access to an instance can read the BOSH CLI configuration file and use its contents to perform authenticated requests to BOSH. Impact is described in sources as enabling authenticated a...

CVE-2018-1231

Cloud Foundry BOSH CLI, versions prior to v3.0.1, contains an improper access control vulnerability. A user with access to an instance using the BOSH CLI can access the BOSH CLI configuration file and use its contents to perform authenticated requests to BOSH...

CVE-2018-1231: BOSH CLI does not restrict access to configuration file | Cloud Foundry

Severity Medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions You are using BOSH CLI version prior to v3.0.1 Description Cloud Foundry BOSH CLI, versions prior to v3.0.1, contains an improper access control vulnerability. A user with access to an instance using the...

S3Scanner - Scan For Open S3 Buckets And Dump

A quick and dirty script to find unsecured S3 buckets and dump their contents. Using The tool has 2 parts: 1 - s3finder.py This script takes a list of domain names and checks if they're hosted on Amazon S3. Found S3 domains are output to file with their corresponding region in format...

EulerOS 2.0 SP2 : quagga (EulerOS-SA-2018-1065)

According to the versions of the quagga package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A double-free vulnerability was found in Quagga. A BGP peer could send a specially crafted UPDATE message which would cause allocated blocks of...

Fast CLI DNS Lookup Tool: ZDNS

ZDNS is a command-line utility that provides high-speed DNS lookups. For example, the following will perform MX lookups and a secondary A lookup for the IPs of MX servers for the domains in the Alexa Top Million: cat top-1m.csv | zdns MX --ipv4-lookup --alexa ZDNS is written in golang and is...