SQL Injection

kylin-server-base is vulnerable to SQL injection. SQL statements are concatenated and executed in the CLI or beeline when building new segments, allowing an attacker to inject and execute arbitrary SQL statements if system configurations are overwritten via rest APIs...

PT-2020-18974 · Silverstripe · Silverstripe

Name of the Vulnerable Software and Affected Versions: SilverStripe versions through 4.5.0 Description: A specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a SilverStripe application, without revealing the...

CVE-2020-15095

Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "://:@::/". The password value is not redacted and is printed to stdout and also to any generated log files. Mitigation Do not provide a password to npm vi...

CVE-2020-13926

Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when building a new segment; some part of the HQL is from system configurations, while the configuration can be overwritten by certain rest api, which makes SQL injection attack is possible. Users of all previous versions after 2.0...

CVE-2020-11952

An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices. Attackers can bypass the CLI menu...

Code injection

An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices. Attackers can bypass the CLI menu...

Sql injection

Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when building a new segment; some part of the HQL is from system configurations, while the configuration can be overwritten by certain rest api, which makes SQL injection attack is possible. Users of all previous versions after 2.0...

CVE-2020-11952

CVE-2020-11952 affects Rittal PDU-3C002DEC (≤5.17.10) and CMCIII-PU-9333E0FB (≤3.17.10): vulnerability lets attackers bypass the CLI menu. Root cause and concrete exploit details are described in SEC Consult advisories; fixed versions are listed variably per product in the advisories. Remediation...

CVE-2020-11952

An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices. Attackers can bypass the CLI menu...

Cisco NX-OS Software CLI Arbitrary Command Injection (cisco-sa-20180620-nx-os-cli-injection)

A command injection vulnerability exists in the CLI of Cisco NX-OS Software due to insufficient input validation of command arguments. An authenticated, local attacker can exploit this, via a vulnerable CLI command to execute arbitrary commands. Cisco BIDs and Cisco Security Advisory for more...

Cisco NX-OS Software Unauthorized Administrator Account (cisco-sa-20180620-nxosadmin)

According to its self-reported version, a improper file handling vulnerability exists in Cisco NX-OS Software. Therefore, an authenticated, local attacker can exploit this via CLI commands to create a unathorized account with administrator privilages that does not require a password for...

Padding-Oracle-Attacker - CLI Tool And Library To Execute Padding Oracle Attacks Easily

CLI tool and library to execute padding oracle attacks easily, with support for concurrent network requests and an elegant UI. Install Make sure Node.js is installed, then run $ npm install --global padding-oracle-attacker or $ yarn global add padding-oracle-attacker CLI Usage Usage $...

npm CLI Log Message Disclosure Vulnerability

The npm CLI is a package manager. Versions of the npm CLI prior to 6.14.6 are prone to information exposure vulnerabilities via log files. the CLI supports URLs such as ":/:@::/" and such URLs. the password value is not edited and is printed to stdout and any generated log files. No detailed...

CVE-2020-15095

Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "://:@::/". The password value is not redacted and is printed to stdout and also to any generated log files...

CVE-2020-15095

Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "://:@::/". The password value is not redacted and is printed to stdout and also to any generated log files...

CVE-2020-15095

Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "://:@::/". The password value is not redacted and is printed to stdout and also to any generated log files...

Information disclosure

Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "://:@::/". The password value is not redacted and is printed to stdout and also to any generated log files...

Sensitive Data Exposure

Overview Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like ://:@::/. The password value is not redacted and is printed to stdout and also to any generated log files. Recommendation Upgrade to version 6.14....

npm CLI exposing sensitive information through logs

Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like ://:@::/. The password value is not redacted and is printed to stdout and also to any generated log files...

CVE-2020-15095

CVE-2020-15095: npm CLI prior to 6.14.6 is vulnerable to information exposure through log files where credentials in URLs are printed to stdout and logs. The impact is exposure of user credentials via logs/logs-generated files. Affected: npm CLI (versions