CVE-2016-4922

Certain combinations of Junos OS CLI commands and arguments have been found to be exploitable in a way that can allow unauthorized access to the operating system. This may allow any user with permissions to run these CLI commands the ability to achieve elevated privileges and gain complete contro...

Design/Logic Flaw

Certain combinations of Junos OS CLI commands and arguments have been found to be exploitable in a way that can allow unauthorized access to the operating system. This may allow any user with permissions to run these CLI commands the ability to achieve elevated privileges and gain complete contro...

CVE-2016-4922

CVE-2016-4922 — Junos OS privilege escalation . Affected: Juniper Networks Junos OS. Root cause: certain combinations of CLI commands and arguments allow a user with CLI permissions to gain elevated privileges and full control of the device. Impact: unauthorized access with complete control (conf...

CVE-2017-10613

CVE-2017-10613 affects Juniper Junos OS kernels where a loopback filter action command in a running configuration can be triggered by an attacker with CLI access and the ability to initiate remote sessions to the loopback interface, causing the kernel to hang. Affected Junos releases include 12.1...

CVE-2016-4922 Junos: Privilege escalation vulnerabilities in Junos CLI

Certain combinations of Junos OS CLI commands and arguments have been found to be exploitable in a way that can allow unauthorized access to the operating system. This may allow any user with permissions to run these CLI commands the ability to achieve elevated privileges and gain complete contro...

[ASA-201710-14] wireshark-cli: denial of service

Arch Linux Security Advisory ASA-201710-14 ========================================== Severity: Medium Date : 2017-10-12 CVE-ID : CVE-2017-15189 CVE-2017-15190 CVE-2017-15191 CVE-2017-15192 CVE-2017-15193 Package : wireshark-cli Type : denial of service Remote : Yes Link :...

QNAP HelpDesk SQL Injection(CVE-2017-13068)

Vulnerability Summary The following advisory describes a SQL injection found in QTS Helpdesk versions 1.1.12 and earlier. QNAP helpdesk: “Starting from QTS 4.2.2 you can use the built-in Helpdesk app to directly submit help requests to QNAP from your NAS. To do so, ensure your NAS can reach the...

Angular-CLI Authentication Bypass

Vulnerability summary The following advisory describes an athentication bypass vulnerability found in Angular-CLI version 1.3.2 The Angular CLI makes “it easy to create an application that already works, right out of the box. It already follows our best practices!” Credit An independent security...

WebBreaker - Dynamic Application Security Test Orchestration (DASTO)

Build functional security testing, into your software development and release cycles! WebBreaker provides the capabilities to automate and centrally manage Dynamic Application Security Testing DAST as part of your DevOps pipeline. WebBreaker truly enables all members of the Software Security...

How to disable SSL protocols on XenMobile server

XenMobile Server by default supports SSL protocols TLSv1.0, TLSv1.1, TLSv1.2. We can disable or enable the protocols from the XMS CLI console...

██████: Remote Code Execution on Proxy Service (as root)

The proxy service used to provide researchers with access to certain programs on ██████ allows access to AWS's Metadata API. This Metadata API in turn is configured to expose temporary AWS access credentials for the AWS EC2 Run Command role. When this role is assumed by an AWS client e.g. the CLI...

FreeBSD : ledger -- multiple vulnerabilities (d843a984-7f22-484f-ba81-483ddbe30dc3)

Talos reports : An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. An attacker can construct a malicious journal file to trigger this vulnerability. ...

About Redis unauthorized access flaws vulnerability bug want to do research use-vulnerability warning-the black bar safety net

redis is a high-performance in-memory database, but also support the memory data retained on the hard disk, to achieve persistent storage. Because redis does not force the visited authentication, incur not authorized to visit the hot spots of vulnerability bug-prone, the intruders take this...

CVE-2017-12255

A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The vulnerability is due to insufficient input validation of commands entered in the CLI, aka a Restricted Shell Break Vulnerability. An attacker could exploit this...

Input validation

A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The vulnerability is due to insufficient input validation of commands entered in the CLI, aka a Restricted Shell Break Vulnerability. An attacker could exploit this...

CVE-2017-12255

Cisco UCS Central Software CLI is vulnerable to a Restricted Shell Break due to insufficient input validation of CLI commands. An authenticated, local attacker can craft a command with specific arguments to gain shell access to the underlying system. Affected product: Cisco UCS Central Software (...

theZoo - A repository of LIVE malwares for your own joy and pleasure

theZoo is a project created to make the possibility of malware analysis open and available to the public. Since we have found out that almost all versions of malware are very hard to come by in a way which will allow analysis, we have decided to gather all of them for you in an accessible and saf...

Ledger CLI Account Directive Use-After-Free Vulnerability(CVE-2017-2808)

Summary An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger th...

Ledger CLI Tags Parsing Code Execution Vulnerability(CVE-2017-2807)

Summary An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause a integer underflow resulting in code execution. An attacker can construct a malicious journal file to trigger this vulnerability. Tested...

The vulnerability of the NoviWare operating system arises from buffer overflows during the execution of the “show log cli” command, allowing an attacker to gain superuser privileges.

The vulnerability of the NoviWare operating system arises due to an overflow in the buffer during the processing of the “show log cli” command. Exploiting this vulnerability allows a malicious actor, who operates remotely and has read access to data, to gain superuser privileges by using the...