Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Shell Escape Vulnerability

A vulnerability in a specific CLI command implementation of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escape a restricted shell on an affected device. The vulnerability is due to insufficient sanitization of user-supplied input when issuing a...

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1613)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker coul...

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1610)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker coul...

Cisco NX-OS Software Privilege Escalation Vulnerability

A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive data that could be used to elevate their privileges to administrator. The vulnerability is due to improper implementation of filesystem permissions. An attacker...

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1609)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker coul...

Cisco NX-OS Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to escalate lower-level privileges to the administrator level. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by authenticating to the...

Imperva SecureSphere 13.x PWS Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Imperva SecureSphere PWS Command Injection', 'Description' = %q This module exploits a command injection vulnerability in Imperva SecureSphere...

Imperva SecureSphere 13.x PWS Command Injection Exploit

This Metasploit module exploits a command injection vulnerability in Imperva SecureSphere version 13.x. The vulnerability exists in the PWS service, where Python CGIs did not properly sanitize user supplied command parameters and directly passes them to corresponding CLI utility, leading to comma...

Product update: Virtuozzo Infrastructure Platform 2.5 Update 3 (2.5.0-1605)

This update provides stability and usability fixes. Vulnerability id: VSTOR-19098 With erasure coding, write operations are blocked after two or more nodes fail, even if the cluster has enough disks available. Vulnerability id: VSTOR-19326 Unable to list buckets via CLI after bucket removal via...

CVE-2019-3781: CF CLI does not sanitize user's password in verbose/trace/debug | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions Severity is high unless otherwise noted. CF CLI All versions prior to v6.43.0 CF CLI Release All versions prior to v1.13.0 CF Networking Release All versions Prior to v2.23.0 CF Routing Release All versions...

The vulnerability of the CLI component of Cisco Enterprise Network Function Virtualization Infrastructure (NFVIZ) software allows a attacker to access system configuration files.

The vulnerability of the CLI component of Cisco Enterprise Network Function Virtualization Infrastructure NFVIZ software lies in insufficient validation of input data. Exploiting this vulnerability can allow attackers to access system configuration files through a specially crafted request...

WordPress WooCommerce GloBee Payment Gateway 1.1.1 Bypass / Spoofing

?php Exploit Title: WordPress WooCommerce - GloBee cryptocurrency Payment Gateway Plugin Payment Bypass / Unauthorized Order Status Spoofing Discovery Date: 14.12.2018 Public Disclosure Date: 14.02.2019 Exploit Author: GeekHack Contact: https://t.me/GeekHack Vendor Homepage: https://globee.com/...

GHSA-X5PH-4FR4-G7FW Downloads Resources over HTTP in galenframework-cli

Affected versions of galenframework-cli insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on...

h5-test (>=0.1.1 <=0.2.0) potentially affected by CVE-2016-10560 via galenframework-cli (=1.6.4)

galenframework-cli NPM version =1.6.4 is affected by a known vulnerability. The following packages have a transitive dependency on galenframework-cli and may be impacted: - h5-test =0.1.1, =0.2.0 Source cves: CVE-2016-10560 Source advisory: OSV:GHSA-X5PH-4FR4-G7FW...

Downloads Resources over HTTP in galenframework-cli

Affected versions of galenframework-cli insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on...

GHSA-5RM3-QHXF-RH3R Downloads Resources over HTTP in co-cli-installer

Affected versions of co-cli-installer insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on t...

Downloads Resources over HTTP in co-cli-installer

Affected versions of co-cli-installer insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on t...

0x00-pl--avg-pack-to-ttf (>=0.0.2 <=0.0.6), 0x00-pl--svg-pack-to-ttf (>=0.0.7 <=0.0.15) +3411 more potentially affected by CVE-2016-10538 via cli (>=0.10.0 <=0.9.0)

cli NPM version =0.10.0, =0.0.2, =0.0.7, =1.2.0, =2.2.4, =2.11.4, =2.0.0, =2.11.4, =3.0.0, =0.1.4, =1.1.0, =0.1.0, =1.0.0, =1.1.0, =1.1.0, =1.1.5 and more Source cves: CVE-2016-10538 Source advisory: OSV:GHSA-6CPC-MJ5C-M9RQ...

GHSA-6CPC-MJ5C-M9RQ Arbitrary File Write in cli

Affected versions of cli use predictable temporary file names. If an attacker can create a symbolic link at the location of one of these temporarly file names, the attacker can arbitrarily write to any file that the user which owns the cli process has permission to write to. Proof of Concept By...

Downloads Resources over HTTP in cobalt-cli

Affected versions of cobalt-cli insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...