CVE-2020-3171

The CVE-2020-3171 entry covers Cisco FXOS and Cisco UCS Manager Software Local Management CLI Command Injection caused by insufficient input validation in the local-mgmt CLI. An authenticated, local attacker can run arbitrary commands on the device’s underlying OS; on most platforms this occurs w...

CVE-2020-3173 Cisco UCS Manager Software Local Management CLI Command Injection Vulnerability

A vulnerability in the local management local-mgmt CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system OS on an affected device. The vulnerability is due to insufficient input validation of command...

CVE-2020-3173

Cisco UCS Manager Software Local Management CLI Command Injection (CVE-2020-3173) affects the local-mgmt CLI. The root cause is insufficient input validation of command arguments, allowing an authenticated, local attacker to execute arbitrary OS commands. On most platforms, such commands run with...

Cisco FXOS and UCS Manager Software CLI Command Injection Vulnerability

A vulnerability in the CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system OS. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerabilit...

Cisco UCS Manager Software Local Management CLI Command Injection Vulnerability

A vulnerability in the local management local-mgmt CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system OS on an affected device. The vulnerability is due to insufficient input validation of command...

Cisco Nexus 1000V Switch for VMware vSphere Secure Login Enhancements Denial of Service Vulnerability

A vulnerability in the Secure Login Enhancements capability of Cisco Nexus 1000V Switch for VMware vSphere could allow an unauthenticated, remote attacker to cause an affected Nexus 1000V Virtual Supervisor Module VSM to become inaccessible to users through the CLI. The vulnerability is due to...

Cisco FXOS and UCS Manager Software Local Management CLI Command Injection Vulnerability

A vulnerability in the local management local-mgmt CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system OS of an affected device. The vulnerability is due to insufficient input...

PT-2020-1990 · Cisco +1 · Cisco Fxos +1

Name of the Vulnerable Software and Affected Versions: Cisco FXOS Software affected versions not specified Description: A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a...

CVE-2019-16775

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...

Rabid - A CLI Tool And Library Allowing To Simply Decode All Kind Of BigIP Cookies

RA pid B ig I P D ecoder What it is A CLI tool and library allowing to simply decode all kind of BigIP cookies. Features Support all 4 cookie formats CLI tool & library Hackable References Homepage / Documentation: https://orange-cyberdefense.github.io/rabid/ Author Made by Alexandre ZANNI @noraj...

Default credentials

D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password...

CVE-2012-6614

CVE-2012-6614 affects the D-Link DSR-250N family, specifically firmware versions before 1.08B31. The vulnerability allows remote authenticated users to obtain persistent root access via the BusyBox CLI, demonstrated by overwriting the superuser password. Reported impact includes high confidential...

CVE-2012-6614

D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password...

PT-2020-7317 · D Link · Dsr-250N

Name of the Vulnerable Software and Affected Versions: D-Link DSR-250N versions prior to 1.08B31 Description: The issue allows remote authenticated users to obtain persistent root access via the BusyBox CLI, as demonstrated by overwriting the super user password. Recommendations: For versions pri...

Exploit for Improper Authentication in Eclipse Mosquitto

PoC exploit for CVE-2017-7650, Redis 4.x/5.x RCE. The target product/service is Redis, a key-value store, and the vulnerability class/vector is Remote Code Execution RCE. The probable entry point is the RedisModules module, and the execution context is a Python script redis-rce.py invoked via CLI...

CVE-2019-11215

In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writable, then execution of arbitrary code can be accomplished by calling ajax.dataloader with a maliciously crafted payload. Many conditions can place the configuration file into a writable state: during installation; during...

Race condition

In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writable, then execution of arbitrary code can be accomplished by calling ajax.dataloader with a maliciously crafted payload. Many conditions can place the configuration file into a writable state: during installation; during...

CVE-2019-4427

IBM Cloud CLI 0.6.0 through 0.16.1 windows installers are signed using SHA1 certificate. An attacker might be able to exploit the weak algorithm to generate a installer with malicious software inside. IBM X-Force ID: 162773...

CVE-2019-4427

CVE-2019-4427 affects IBM Cloud CLI Windows installers (versions 0.6.0–0.16.1); the installers are signed with a SHA-1 certificate. The weak signing algorithm could allow an attacker to generate a tampered installer containing malware. IBM’s advisory lists the affected range and recommends upgrad...

FortiAP system command injection through ifconfig command

A system command injection vulnerability in the FortiAP CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands...