CVE-2020-3229 Cisco IOS XE Software Web UI Privilege Escalation Vulnerability

A vulnerability in Role Based Access Control RBAC functionality of Cisco IOS XE Web Management Software could allow a Read-Only authenticated, remote attacker to execute commands or configuration changes as an Admin user. The vulnerability is due to incorrect handling of RBAC for the administrati...

CVE-2020-3210 Cisco IOS Software for Cisco Industrial Routers Virtual Device Server CLI Command Injection Vulnerability

A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers Industrial ISRs and Cisco 1000 Series Connected Grid Routers CGR1000 could allow an authenticated, local attacker to execute arbitrary shell commands on the Virtual Device Server...

CVE-2020-3210

CVE-2020-3210 affects Cisco IOS Software on Cisco 809/829 Industrial ISRs and CGR1000, where the CLI parsers for VDS-related commands fail to validate input. An authenticated local attacker with privilege level 15 can inject malicious input into VDS CLI arguments, gaining arbitrary commands execu...

CVE-2019-15709

An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI...

Input validation

An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI...

CVE-2019-15709

An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI...

CVE-2019-15709

CVE-2019-15709 concerns Fortinet FortiAP-S/W2 (versions 6.2.0–6.2.2, 6.0.5 and below) and FortiAP-U (6.0.1 and below). The issue is an improper input validation in the FortiAP CLI admin console that may allow unauthorized administrators to overwrite system files using specially crafted tcpdump co...

CVE-2019-15709

An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI...

Node.js third-party modules: [wappalyzer] ReDoS allows an attacker to completely break Wappalyzer

Hello folks! please note that I'm reporting two different problematic regexes. module name: Wappalyzer version: 6.0.2 npm page: https://www.npmjs.com/package/wappalyzer Module Description Wappalyzer identifies technologies on websites. Module Stats Weekly downloads: 1,290 88 open issues 16 open...

Kubernetes: DoS for client-go jsonpath func

Summary: jsonpath recursive descent cause a DoS vul kubectl apiextensions-apiserver cli-runtime and kubernetes is depends on client-go I think evalRecursive cause of this vulnerability function pos: client-go/util/jsonpath/jsonpath.go:451 Component Version: client-go:master Steps To Reproduce: i...

FortiAP system files overwrite via the tcpdump CLI command

...

@internxt/cli (>=1.0.5 <=1.2.2), @latitude-data/cli (>=0.0.29 <=1.11.0-canary.8) +10 more potentially affected by CVE-2020-7660 via serialize-javascript (>=7.0.0 <=7.0.2)

serialize-javascript NPM version =7.0.0, =1.0.5, =0.0.29, =0.7.5, =1.3.0, =0.1.0, =1.0.7, =0.2.0, =0.7.0-alpha.6 Source cves: CVE-2020-7660 Source advisory: SNYK:JS-SERIALIZEJAVASCRIPT-570062...

US Government Exposes North Korean Malware

US Cyber Command has uploaded North Korean malware samples to the VirusTotal aggregation repository, adding to the malware samples it uploaded in February. The first of the new malware variants, COPPERHEDGE, is described as a Remote Access Tool RAT "used by advanced persistent threat APT cyber...

Cisco NX-OS Software Sensitive File Read Information Disclosure Vulnerability (cisco-sa-20190515-nxos-fxos-info)

According to its self-reported version, Cisco Firepower Extensible Operating System FXOS is affected by following vulnerability - A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX- OS Software could allow an authenticated, local attacker to view...

Shellerator - Simple CLI Tool For The Generation Of Bind And Reverse Shells In Multiple Languages

Shellerator is a simple command-line tool aimed to help pentesters quickly generate one-liner reverse/bind shells in multiple languages Bash, Powershell, Java, Python.... This project is inspired by Print-My-Shell. I just rewrote it and added some options and glitter to it. The lists ofreverse an...

Code Injection in vishwanatharondekar/gitlab-cli

Description The git-lab-cli module is vulnerable against RCE since a command is crafted using user inputs not validated and then executedading to arbitrary command injection POC 1. Check there aren't files called HACKED 2. Execute the following commands in another terminal: bash npm i git-lab-cli...

CVE-2020-12142

IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability requires administrative...

CVE-2020-12142 IPSec UDP key material can be retrieved from EdgeConnect by a user with admin credentials

IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability requires administrative...

Node.js third-party modules: [vboxmanage.js] Command Injection via insecure command concatenation

I would like to report a Command Injection issue in the vboxmanage.js module. It allows to execute arbitrary commands on the victim's PC. Module module name: vboxmanage.js version: 1.0.6 npm page: https://www.npmjs.com/package/vboxmanage.js Module Description A wrapper for VirtualBox CLI with...

CVE-2019-16011

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to...