B2R2 - Collection Of Useful Algorithms, Functions, And Tools For Binary Analysis

B2R2 is a collection of useful algorithms, functions, and tools for binary analysis , written purely in F in .NET lingo, it is purely managed code. B2R2 has been named after R2-D2, a famous fictional robot appeared in the Star Wars. In fact, B2R2's original name was B2-R2 , but we decided to use...

Cisco IOS XE Software Consent Token Bypass Vulnerability (cisco-sa-20190925-iosxe-ctbypass)

According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability it the CLI. The source of the vulnerability is insufficient enforcement of the consent token in authorizing shell access. By authenticating to the CLI and requesting shell access, an attacker could use th...

Cisco IOS XE Software ASIC Register Write Vulnerability

According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability. The vulnerability allows an authenticated, local attacker to write values to the underlying memory of an affected device. The vulnerability is due to improper input validation and authorization of specif...

CVE-2019-12699

Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute commands on the underlying operating system OS with root privileges. These vulnerabilities are due to insufficient input validation. A...

Input validation

A vulnerability in the command line interface CLI of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker with administrative privileges to execute commands on the underlying operating system with root privileges. The vulnerability is due to insufficient input...

Input validation

Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute commands on the underlying operating system OS with root privileges. These vulnerabilities are due to insufficient input validation. A...

CVE-2019-12699

CVE-2019-12699 concerns Cisco FXOS Software and Firepower Threat Defense (FTD) CLI command injection vulnerabilities due to insufficient input validation. An authenticated, local attacker could exploit crafted arguments to specific CLI commands to execute arbitrary OS commands with root privilege...

CVE-2019-12699 Cisco FXOS Software and Firepower Threat Defense Software Command Injection Vulnerabilities

Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute commands on the underlying operating system OS with root privileges. These vulnerabilities are due to insufficient input validation. A...

CVE-2019-12694

Cisco Firepower Threat Defense (FTD) Software has a local command-injection vulnerability in the CLI. An authenticated, local attacker with administrative privileges can exploit insufficient input validation to execute commands on the underlying OS with root privileges. The issue affects multiple...

Cisco Firepower Threat Defense Software Command Injection Vulnerability

A vulnerability in the command line interface CLI of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker with administrative privileges to execute commands on the underlying operating system with root privileges. The vulnerability is due to insufficient input...

Denial Of Service (DoS)

github.com/docker/cli is vulnerable to denial of service. The vulnerability exists as it was possible to cause the billion laughs attack through parsing a malicious yaml file causing an application crash...

Tenant authentication bypass in Zingbox Inspector

A security vulnerability exists in the Zingbox Inspector where authentication is not required when binding the Inspector instance to a different customer tenant. Ref: CVE-2019-15018 The vulnerability allows a user to bind the Zingbox Inspector to another tenant, which can impact the functionality...

Command Injection in Zingbox Inspector

A command injection vulnerability exists in the Zingbox Inspector CLI that allows for an authenticated user to execute arbitrary system commands. Ref: CVE-2019-15014 The vulnerability allows for authenticated users to execute arbitrary commands within the product CLI console. This issue affects...

Cisco Small Business 220 Series - Multiple Vulnerabilities

!/usr/bin/python2.7 """ Subject Realtek Managed Switch Controller RTL83xx PoC 2019 bashis https://www.realtek.com/en/products/communications-network-ics/category/managed-switch-controller Brief description 1. Boa/Hydra suffer of exploitable stack overflow with a 'one byte read-write loop' w/o...

Cisco IOS XE ASIC Register Write Vulnerability

Cisco IOS XE is a set of operating systems developed by Cisco for its network devices. An ASIC register write vulnerability exists in the CLI of Cisco IOS XE. The vulnerability stems from improper input validation and authorization of specific commands that a user can execute in the CLI. An...

Cisco ASR 9000 Series Cisco IOS XR Command Injection Vulnerability

The Cisco ASR 9000 Series is a 9000 series enterprise router from Cisco, Inc.Cisco IOS XR is an operating system developed by Cisco for its network devices. A command injection vulnerability exists in Cisco IOS XR 5.1.0 and later in the Cisco ASR 9000 Series, which stems from a program that does...

CVE-2019-12717

A vulnerability in a CLI command related to the virtualization manager VMAN in Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. The vulnerability is due to insufficient validation of...

CVE-2019-12709

A vulnerability in a CLI command related to the virtualization manager VMAN in Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. The...

CVE-2019-12709

A vulnerability in a CLI command related to the virtualization manager VMAN in Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. The...

Input validation

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to write values to the underlying memory of an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An...