CVE-2018-0115

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of...

CVE-2018-0095

A vulnerability in the administrative shell of Cisco AsyncOS on Cisco Email Security Appliance ESA and Content Security Management Appliance SMA could allow an authenticated, local attacker to escalate their privilege level and gain root access. The attacker has to have a valid user credential wi...

Design/Logic Flaw

A vulnerability in the administrative shell of Cisco AsyncOS on Cisco Email Security Appliance ESA and Content Security Management Appliance SMA could allow an authenticated, local attacker to escalate their privilege level and gain root access. The attacker has to have a valid user credential wi...

Design/Logic Flaw

A vulnerability in one of the diagnostic test CLI commands on Cisco Industrial Ethernet 4010 Series Switches running Cisco IOS Software could allow an authenticated, local attacker to impact the stability of the device. This could result in arbitrary code execution or a denial of service DoS...

Input validation

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of...

CVE-2018-0088

A vulnerability in one of the diagnostic test CLI commands on Cisco Industrial Ethernet 4010 Series Switches running Cisco IOS Software could allow an authenticated, local attacker to impact the stability of the device. This could result in arbitrary code execution or a denial of service DoS...

CVE-2018-0088

The CVE-2018-0088 issue affects Cisco Industrial Ethernet 4010 Series Switches running Cisco IOS Software. It stems from a diagnostic test CLI command that allows writing to device memory, enabling an authenticated local attacker (privilege level 15) to cause arbitrary code execution or a denial ...

CVE-2018-0115

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of...

CVE-2018-0115

Cisco StarOS CLI Command Injection (CVE-2018-0115) affects Cisco ASR 5000 Series routers. A vulnerability in the StarOS CLI allows an authenticated local attacker to inject commands and execute arbitrary commands with root privileges due to insufficient input validation. Exploitation requires val...

CVE-2018-0115

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of...

Cisco StarOS CLI Command Injection Vulnerability

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of...

Fedora 26 : php (2018-c4e9207c31)

PHP version 7.1.13 04 Jan 2018 Core: - Fixed bug php75573 Segmentation fault in 7.1.12 and 7.0.26. Laruence - Fixed bug php75384 PHP seems incompatible with OneDrive files on demand. Anatol - Fixed bug php74862 Unable to clone instance when private clone defined. Daniel Ciochiu - Fixed bug php750...

[ASA-201801-13] transmission-cli: arbitrary command execution

Arch Linux Security Advisory ASA-201801-13 ========================================== Severity: High Date : 2018-01-17 CVE-ID : CVE-2018-5702 Package : transmission-cli Type : arbitrary command execution Remote : Yes Link : https://security.archlinux.org/AVG-588 Summary ======= The package...

Fedora 27 : fedpkg / rpkg (2017-9cac2b8b4a)

Update - Fixed chain-build - Remove hard dependency of bash-completion from fedpkg rpkg - Ignore TestModulesCli if openidc-client is unavailable cqi - Port mbs-build to rpkg mprahl - Add .vscode to .gitignore mprahl - Fix TestPatch.testrediff in order to run with old version of mock cqi - Allow t...

Authentication flaw

An unauthenticated root login may allow upon reboot when a commit script is used. A commit script allows a device administrator to execute certain instructions during commit, which is configured under the system scripts commit stanza. Certain commit scripts that work without a problem during norm...

CVE-2018-0008

The CVE-2018-0008 entry describes an authentication bypass in Junos OS where an unauthenticated root login can occur after a reboot when a commit script is used. During normal commit, certain scripts may trigger a mode change on reboot that leaves the system in a safe-mode authentication state, a...

Command injection

lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process...

CVE-2014-4997

lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process...

CVE-2014-4997

lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process...

shimit - A tool that implements the Golden SAML attack

shimit is a python tool that implements the Golden SAML attack. More informations on this can be found in the following article on our blog. python .\shimit.py -h usage: shimit.py -h -pk KEY -c CERT -sp SP -idp IDP -u USER -reg REGION --SessionValidity SESSIONVALIDITY --SamlValidity SAMLVALIDITY ...