7912 matches found
CVE-2016-6068
IBM UrbanCode Deploy is affected by CVE-2016-6068. The IBM Security Bulletin confirms that an authenticated user with REST endpoint access could access API and CLI getResource secured role properties. Affected versions include 6.0.x through 6.2.x series listed in the bulletin, with remediation vi...
[SECURITY] Fedora 24 Update: fedmsg-0.18.2-1.fc24
Python API used around Fedora Infrastructure to send and receive messages w ith zeromq. Includes some CLI tools...
[SECURITY] Fedora 25 Update: fedmsg-0.18.2-1.fc25
Python API used around Fedora Infrastructure to send and receive messages w ith zeromq. Includes some CLI tools...
CVE-2017-5495
All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI enabled, anyone who can connect to the TCP port...
Input validation
All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI enabled, anyone who can connect to the TCP port...
CVE-2017-5495
CVE-2017-5495 affects Quagga 0.93–1.1.0, where the telnet vty CLI input buffer can grow without bound when no newline is entered. This unbounded memory allocation allows a remote attacker who can connect to the Quagga telnet ports (often exposed locally) to cause Denial-of-Service to Quagga daemo...
CVE-2017-5495
All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI enabled, anyone who can connect to the TCP port...
admin-cli: Potential EAP resource starvation DOS attack via GET requests for server log files
An EAP feature to download server log files allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired...
admin-cli: Potential EAP resource starvation DOS attack via GET requests for server log files
An EAP feature to download server log files allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired...
Generating SSH Keys is broken (using Bitbucket Server) -- ui and config file
Please watch my short video illustrating the experience. https://www.youtube.com/watch?v=wPUAkG78BFE&feature=youtu.be Scenario 1: On MacOS X Sierra when setting up SourceTree for first time and choosing "SSH" as the authentication method, SourceTree: Should not have a URL for the Bitbucket...
Microsoft Windows Kernel - win32k.sys NtSetWindowLongPtr Privilege Escalation (MS16-135) (2)
Exploit for windows platform in category local exploits / Source: https://ricklarabee.blogspot.com/2017/01/virtual-memory-page-tables-and-one-bit.html Binary: https://github.com/rlarabee/exploits/raw/8b9eb646516d7f022a010f28018209f331c28975/cve-2016-7255/compiled/cve-2016-7255.exe Mirror:...
How to reboot or shutdown NetScaler MAS using CLI
Citrix ADM, formerly NetScaler MAS There is an option on MAS GUI to reboot it but what is the equivalent CLI command for it. Do not use the REBOOT command as it is not a clean reboot and will need a Database recovery...
CVE-2015-3441
The Parental Control panel in Genexis devices with DRGOS before 1.14.1 allows remote authenticated users to execute arbitrary CLI commands via the 1 starthour, 2 startminute, 3 endhour, 4 endminute, or 5 hostname parameter...
Code injection
The Parental Control panel in Genexis devices with DRGOS before 1.14.1 allows remote authenticated users to execute arbitrary CLI commands via the 1 starthour, 2 startminute, 3 endhour, 4 endminute, or 5 hostname parameter...
CVE-2015-3441
The Parental Control panel in Genexis devices with DRGOS before 1.14.1 allows remote authenticated users to execute arbitrary CLI commands via the 1 starthour, 2 startminute, 3 endhour, 4 endminute, or 5 hostname parameter...
CVE-2015-3441
Genexis DRGOS devices prior to version 1.14.1 are affected by a remote code execution flaw in the Parental Control panel. An authenticated remote attacker can exploit this by supplying values to (start_hour, start_minute, end_hour, end_minute, or hostname) to execute arbitrary CLI commands. The v...
Generating SSH Keys is broken (using Bitbucket Server) -- ui and config file
Please watch my short video illustrating the experience. https://www.youtube.com/watch?v=wPUAkG78BFE&feature=youtu.be Scenario 1: On MacOS X Sierra when setting up SourceTree for first time and choosing "SSH" as the authentication method, SourceTree: Should not have a URL for the Bitbucket...
Man In The Middle (MitM)
co-cli-installer is vulnerable to man-in-the-middle MitM attacks because it downloads the co-cli module as part of the install process over HTTP. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on th...
Hakku Framework - Simple Penetration Testing Framework
Hakku is simple framework that has been made for penetration testing tools. Hakku framework offers simple structure, basic CLI, and useful features for penetration testing tools developing. Hakku is on early stages and may be unstable, so please download the released versions from github or...
Python JSON Fuzzer: PyJFuzz
Python JSON Fuzzer PyJFuzz is a small, extensible and ready-to-use framework used to fuzz JSON inputs , such as mobile endpoint REST API, JSON implementation, Browsers, cli executable and much more. Dependencies In order to work PyJFuzz need a single dependency, bottle , you can install it from...