CVE-2019-15277 Cisco TelePresence Collaboration Endpoint Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to execute code with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating as the...

CVE-2019-15275 Cisco TelePresence Collaboration Endpoint Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by...

CVE-2019-15275

CVE-2019-15275 affects Cisco TelePresence Collaboration Endpoint (CE) Software. The issue is a local privilege-escalation due to insufficient input validation in the CLI, allowing an authenticated remote-support user to submit malicious input and execute commands with root privileges on the under...

CVE-2019-15273 Cisco TelePresence Collaboration Endpoint Software Arbitrary File Overwrite Vulnerabilities

Multiple vulnerabilities in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to overwrite arbitrary files. The vulnerabilities are due to insufficient permission enforcement. An attacker could exploit these vulnerabilities by...

CVE-2019-15273

CVE-2019-15273 concerns Cisco TelePresence Collaboration Endpoint (CE) Software. The issue is in the CLI and stems from insufficient permission enforcement, allowing an authenticated local attacker (via a remote support user submitting malicious input) to overwrite arbitrary files on the underlyi...

CVE-2019-15273 Cisco TelePresence Collaboration Endpoint Software Arbitrary File Overwrite Vulnerabilities

Multiple vulnerabilities in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to overwrite arbitrary files. The vulnerabilities are due to insufficient permission enforcement. An attacker could exploit these vulnerabilities by...

CVE-2019-15266 Cisco Wireless LAN Controller Path Traversal Vulnerability

A vulnerability in the CLI of Cisco Wireless LAN Controller WLC Software could allow an authenticated, local attacker to view system files that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in command-line parameters that describe filenames. An...

CVE-2019-15266

Cisco WLC Path Traversal (CVE-2019-15266) is a local directory-traversal vulnerability in the CLI that could let an authenticated, local attacker view restricted system files by exploiting improper sanitization of filenames in command-line parameters. Connected sources confirm the issue affects C...

CVE-2019-15266 Cisco Wireless LAN Controller Path Traversal Vulnerability

A vulnerability in the CLI of Cisco Wireless LAN Controller WLC Software could allow an authenticated, local attacker to view system files that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in command-line parameters that describe filenames. An...

Cisco Wireless LAN Controller Path Traversal Vulnerability

A vulnerability in the CLI of Cisco Wireless LAN Controller WLC Software could allow an authenticated, local attacker to view system files that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in command-line parameters that describe filenames. An...

Cisco TelePresence Collaboration Endpoint Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to execute code with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating as the...

Gobuster v3.0 - Directory/File, DNS And VHost Busting Tool Written In Go

Gobuster is a tool used to brute-force: URIs directories and files in web sites. DNS subdomains with wildcard support. Virtual Host names on target web servers. Oh dear God.. WHY!? Because I wanted: 1. ... something that didn't have a fat Java GUI console FTW. 2. ... to build something that just...

Cisco FXOS Software Command Injection Vulnerabilities (cisco-sa-20190515-fxos-nxos-cmdinj-1781-1782)

According to its self-reported version, Cisco FXOS Software is affected by vulnerabilities in the CLI that could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of...

Cisco NX-OS Software Command Injection Vulnerabilities (cisco-sa-20190515-fxos-nxos-cmdinj-1781-1782)

According to its self-reported version, Cisco NX-OS Software is affected by vulnerabilities in the CLI that could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of...

Information Disclosure

ansible is vulnerable to information disclosure. The attack is possible due to an incomplete fix of CVE-2019-10206 which does not perform safe type conversions using AnsibleUnsafeBytes and AnsibleUnsafeBytes classes, allowing CLI provided passwords being incorrectly templated when using totext,...

CVE-2019-15014

A command injection vulnerability exists in the Zingbox Inspector versions 1.286 and earlier, that allows for an authenticated user to execute arbitrary system commands in the CLI...

Command injection

A command injection vulnerability exists in the Zingbox Inspector versions 1.286 and earlier, that allows for an authenticated user to execute arbitrary system commands in the CLI...

CVE-2019-15014

CVE-2019-15014 affects Palo Alto Networks Zingbox Inspector 1.286 and earlier. The vulnerability is a command injection in the Inspector CLI that allows an authenticated user to run arbitrary system commands. Exploitation details are not provided in the documents, but the impact is high (CLI-leve...

CVE-2018-14649

It was found that rbd-target-api service provided by ceph-iscsi-cli was running in debug mode. An unauthenticated attacker could use this to remotely execute arbitrary code and escalate privileges. Mitigation To stop werkzeug debug mode started by rbd-target-api which is provided by ceph-iscsi-cl...

D-Link DBA-1510P OS Command Injection Vulnerability (CNVD-2019-36969)

The D-Link DBA-1510P is a wireless access point device from Taiwan, China-based AUO D-Link. An operating system command injection vulnerability exists in the CLI of D-Link DBA-1510P versions using firmware version 1.70b009 and earlier, which can be exploited by an attacker to execute illegal...