CVE-2017-2808

An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger this...

CVE-2017-2808

CVE-2017-2808 affects Ledger-CLI 3.1.1, with a use-after-free in the account parsing component triggered by loading a specially crafted journal file, enabling arbitrary code execution. Multiple connected advisories cite this CVE and note remediation by upgrading Ledger to newer releases (e.g., Le...

ledger -- multiple vulnerabilities

Talos reports: An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. An attacker can construct a malicious journal file to trigger this vulnerability. A...

Ledger CLI Account Directive Use-After-Free Vulnerability

Summary An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger th...

BinaryAlert - Serverless, Real-time & Retroactive Malware Detection

BinaryAlert is an open-source serverless AWS pipeline where any file uploaded to an S3 bucket is immediately scanned with a configurable set of YARA rules. An alert will fire as soon as any match is found, giving an incident response team the ability to quickly contain the threat before it spread...

iWant - CLI Based Decentralized Peer To Peer File Sharing

A commandline tool for searching and downloading files in LAN network, without any central server. Features Decentralized : There is no central server hosting files. Therefore, no central point of failure Easydiscovery of files: As easy as searching for something in Google. File download from...

Cisco Meeting Server Command Injection and Privilege Escalation Vulnerability

A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and escalate their privileges to root. The attacker must first authenticate to the application with valid administrator credentials. The vulnerability ...

CVE-2017-12785

The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the "show log cli" command. This could be used by a read-only user monitor role to gain privileged root code execution on the...

CVE-2017-12785

The CVE-2017-12785 issue affects NoviFlow NoviWare NW400.2.6 and earlier on NoviSwitch devices. A vulnerability in the novish command-line interface allows a buffer overflow in the show log cli command, enabling a read-only (monitor) user to inject commands and gain privileged (root) code executi...

CVE-2017-12785

The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the "show log cli" command. This could be used by a read-only user monitor role to gain privileged root code execution on the...

CVE-2015-3617

Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands...

NoviFlow NoviWare <= NW400.2.6 - Multiple Vulnerabilities

Exploit for hardware platform in category dos / poc NoviFlow NoviWare = NW400.2.6 multiple vulnerabilities Introduction ========== NoviWare is a high-performance OpenFlow 1.3, 1.4 and 1.5 compliant switch software developed by NoviFlow and available for license to network equipment manufacturers...

NoviFlow NoviWare NW400.2.6 - Multiple Vulnerabilities

NoviFlow NoviWare NW400.2.6 - Multiple Vulnerabilities NoviFlow NoviWare = NW400.2.6 multiple vulnerabilities Introduction ========== NoviWare is a high-performance OpenFlow 1.3, 1.4 and 1.5 compliant switch software developed by NoviFlow and available for license to network equipment...

NoviFlow NoviWare &lt; NW400.2.6 - Multiple Vulnerabilities

NoviFlow NoviWare = NW400.2.6 multiple vulnerabilities Introduction ========== NoviWare is a high-performance OpenFlow 1.3, 1.4 and 1.5 compliant switch software developed by NoviFlow and available for license to network equipment manufacturers. Multiple vulnerabilities were identified in the...

NoviFlow NoviWare NW400.2.6 Code Execution

NoviFlow NoviWare = NW400.2.6 multiple vulnerabilities Introduction ========== NoviWare is a high-performance OpenFlow 1.3, 1.4 and 1.5 compliant switch software developed by NoviFlow and available for license to network equipment manufacturers. Multiple vulnerabilities were identified in the...

Input validation

A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to bypass the CLI restrictions and execute commands on the underlying operating system. The vulnerability is due to insufficient...

Code injection

A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to elevate their privileges to admin-level privileges. The vulnerability is due to incorrect permissions that are given to a set o...

Design/Logic Flaw

A vulnerability in the management of shell user accounts for Cisco Policy Suite CPS Software for CPS appliances could allow an authenticated, local attacker to gain elevated privileges on an affected system. The affected privilege level is not at the root level. The vulnerability is due to...

CVE-2017-6773

A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to bypass the CLI restrictions and execute commands on the underlying operating system. The vulnerability is due to insufficient...

Design/Logic Flaw

A vulnerability in Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, remote attacker to gain higher privileges than the account is assigned. The attacker will be granted the privileges of the last user to log in, regardless of whether those privileges are highe...