8000 matches found
Path traversal
A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to gain root shell access to the underlying operating system and overwrite or read arbitrary files. The attacker would need valid administrative credentials. This...
CVE-2020-3236
CVE-2020-3236 (Cisco NFV Infrastructure Software NFVIS) – Path Traversal Description summary: A vulnerability in the NFVIS CLI allows an authenticated, local attacker with valid admin credentials to perform path traversal via CLI command arguments, potentially gaining root shell access and overwr...
CVE-2020-3362 Cisco Network Services Orchestrator Information Disclosure Vulnerability
A vulnerability in the CLI of Cisco Network Services Orchestrator NSO could allow an authenticated, local attacker to access confidential information on an affected device. The vulnerability is due to a timing issue in the processing of CLI commands. An attacker could exploit this vulnerability b...
CVE-2020-3362 Cisco Network Services Orchestrator Information Disclosure Vulnerability
A vulnerability in the CLI of Cisco Network Services Orchestrator NSO could allow an authenticated, local attacker to access confidential information on an affected device. The vulnerability is due to a timing issue in the processing of CLI commands. An attacker could exploit this vulnerability b...
CVE-2020-3362
Cisco NSO CVE-2020-3362 is a local information-disclosure vulnerability in the CLI due to a timing issue in command processing. An authenticated, local attacker could exploit a specific CLI sequence to read configuration information normally restricted to administrators. The issue affects Cisco N...
CVE-2020-14040 vulnerabilities
Vulnerabilities for packages: vt-cli, k3d...
Cisco Enterprise NFV Infrastructure Software Path Traversal Vulnerability
A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to gain root shell access to the underlying operating system and overwrite or read arbitrary files. The attacker would need valid administrative credentials. This...
Cisco Network Services Orchestrator Information Disclosure Vulnerability
A vulnerability in the CLI of Cisco Network Services Orchestrator NSO could allow an authenticated, local attacker to access confidential information on an affected device. The vulnerability is due to a timing issue in the processing of CLI commands. An attacker could exploit this vulnerability b...
CVE-2020-9289
Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key...
Hardcoded credentials
Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key...
CVE-2020-9289
Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key...
CVE-2020-9289
Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key...
CVE-2020-9289
CVE-2020-9289 describes the use of a hard-coded cryptographic key to encrypt password data in FortiManager 6.2.3 and earlier and FortiAnalyzer 6.2.3 and earlier CLI configuration/backups. An attacker with access to the CLI configuration or CLI backup could decrypt sensitive data due to the hard-c...
wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)
It was found that the explode function of the deployment utility in jboss-cli and console that allows extraction of files from an archive does not perform necessary validation for directory traversal. This can lead to remote code execution...
Fortinet FortiManager Access Restriction Bypass Vulnerability
Fortinet FortiManager is a centralized network security management platform from Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains ADOM to further simplify the deployment and management of multi-device...
KatroLogger - KeyLogger For Linux Systems
KeyLogger for Linux Systems. Features Runs on GUI systems or CLI Sending data by email Dependencies curl libx11-dev Debian-Based libX11-devel RHEL-Based Compiling ./configure make make install Usage katrologger --output /path/file Send data by e-mail: katrologger --smtp-help Fixing problems...
docker-engine docker-cli security update
docker-engine 19.03.11-1.0.0 - update to 19.03.11 for CVE-2020-13401 19.03.1-1.0.0 - update to 19.03.1 19.03-0.0.1 - update to 19.03 18.09.1-1.0.6 - disable kmem accounting for UEKR4 18.09.1-1.0.5 - apply e4931e664feac6fa8846f3f04268a0cc98822549, fixes CVE-2019-5736 18.09.1-1.0.4 - fix...
Stegcloak - Hide Secrets With Invisible Characters In Plain Text Securely Using Passwords
StegCloak is a pure JavaScript steganography module designed in functional programming style, to hide secrets inside text by compressing and encrypting with Zero Width Characters. It can be used to safely watermark strings, invisible scripts on webpages, texts on social media or for any other...
CVE-2020-3210
A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers Industrial ISRs and Cisco 1000 Series Connected Grid Routers CGR1000 could allow an authenticated, local attacker to execute arbitrary shell commands on the Virtual Device Server...
CVE-2020-3210
A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers Industrial ISRs and Cisco 1000 Series Connected Grid Routers CGR1000 could allow an authenticated, local attacker to execute arbitrary shell commands on the Virtual Device Server...