S3Scanner - Scan For Open S3 Buckets And Dump

A quick and dirty script to find unsecured S3 buckets and dump their contents. Using The tool has 2 parts: 1 - s3finder.py This script takes a list of domain names and checks if they're hosted on Amazon S3. Found S3 domains are output to file with their corresponding region in format...

EulerOS 2.0 SP2 : quagga (EulerOS-SA-2018-1065)

According to the versions of the quagga package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A double-free vulnerability was found in Quagga. A BGP peer could send a specially crafted UPDATE message which would cause allocated blocks of...

Fast CLI DNS Lookup Tool: ZDNS

ZDNS is a command-line utility that provides high-speed DNS lookups. For example, the following will perform MX lookups and a secondary A lookup for the IPs of MX servers for the domains in the Alexa Top Million: cat top-1m.csv | zdns MX --ipv4-lookup --alexa ZDNS is written in golang and is...

Integrate Security Checks with RIPS CLI

Getting started Installation The installation of rips-cli is described in detail in our documentation. You can download the PHAR build of our CLI tool into your bin directory and make it executable with the following commands: 1 2 sudo wget...

CVE-2017-2667

Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verifyssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks...

Default configuration

Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verifyssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks...

CVE-2017-2667

Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verifyssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks...

CVE-2017-2667

Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verifyssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks...

CVE-2017-2667

CVE-2017-2667 details (Mode C): Hammer CLI (Foreman) before version 0.10.0 does not explicitly enable SSL certificate verification for apipie-bindings, which disables verify_ssl by default. This can cause server certificates to be unchecked and enable MITM attacks. Affected component: Hammer CLI ...

Cisco Identity Services Engine Command Injection Vulnerability

Cisco Identity Services Engine ISE is an identity-based environment awareness platform ISE Identity Services Engine from Cisco. The platform collects real-time information from the network, users and devices, and develops and enforces policies to regulate the network. A command injection...

PT-2018-7170 · Red Hat · Hammer Cli

Name of the Vulnerable Software and Affected Versions: Hammer CLI versions prior to 0.10.0 Description: The issue concerns a problem where server certificates are not checked, making connections susceptible to man-in-the-middle attacks due to the lack of explicit verification of SSL certificates...

CVE-2018-0221

A vulnerability in specific CLI commands for the Cisco Identity Services Engine ISE could allow an authenticated, local attacker to perform command injection to the underlying operating system or cause a hang or disconnect of the user session. The attacker needs valid administrator credentials fo...

CVE-2018-0224

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected operating system. The vulnerability is due to insufficient validati...

Input validation

A vulnerability in specific CLI commands for the Cisco Identity Services Engine could allow an authenticated, local attacker to cause a denial of service DoS condition. The device may need to be manually rebooted to recover. The vulnerability is due to lack of proper input validation of the CLI...

CVE-2018-0217

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to perform a command injection attack on an affected system. The vulnerability is due to insufficient validation of commands that are...

CVE-2018-0217

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to perform a command injection attack on an affected system. The vulnerability is due to insufficient validation of commands that are...

CVE-2018-0214

The CVE-2018-0214 entry concerns Cisco Identity Services Engine (ISE) with a Local Command Injection vulnerability in certain CLI commands caused by insufficient input validation. An authenticated, local attacker with valid device credentials could issue crafted CLI input to execute arbitrary com...

CVE-2018-0224

CVE-2018-0224 concerns a vulnerability in the Cisco StarOS CLI for Cisco ASR 5000 Series Aggregation Services Routers. The flaw stems from insufficient validation of user-supplied input in the StarOS operating system, allowing an authenticated, local attacker to inject malicious arguments into a ...

CVE-2018-0211

CVE-2018-0211 affects Cisco Identity Services Engine (ISE). The issue is improper input validation in specific CLI commands, enabling an authenticated, local attacker with valid admin privileges to cause a denial-of-service on the device, which may require manual reboot to recover. The vulnerabil...

CVE-2018-0221

CVE-2018-0221 describes a local command-injection vulnerability in the Cisco Identity Services Engine (ISE) CLI. The issue arises from inadequate input validation of CLI ISE configuration commands, allowing an authenticated administrator to inject commands into the underlying Linux OS or cause th...