7991 matches found
RHEL 7 : ceph-iscsi-cli (RHSA-2018:2837)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2018:2837 advisory. ceph-iscsi-cli provides a CLI interface similar to the targetcli tool used to interact with the kernel LIO subsystem. Security Fixes: It was found th...
ceph-iscsi-cli: rbd-target-api service runs in debug mode allowing for remote command execution
It was found that rbd-target-api service provided by ceph-iscsi-cli was running in debug mode. An unauthenticated attacker could use this to remotely execute arbitrary code and escalate privileges...
Critical: Red Hat Security Advisory: ceph-iscsi-cli security update
An update for ceph-iscsi-cli is now available for Red Hat Ceph Storage 2.5 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
ceph-iscsi-cli: rbd-target-api service runs in debug mode allowing for remote command execution
It was found that rbd-target-api service provided by ceph-iscsi-cli was running in debug mode. An unauthenticated attacker could use this to remotely execute arbitrary code and escalate privileges...
Critical: Red Hat Security Advisory: ceph-iscsi-cli security update
An update for ceph-iscsi-cli is now available for Red Hat Ceph Storage 3.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Cross-site Scripting (XSS)
yapi-cli is vulnerable to a cross-site scripting XSS attack. The library does not sanitize or validate the projectName variable, allowing a malicious user to inject and execute arbitrary Javascript...
hideNsneak - A CLI For Ephemeral Penetration Testing
This application assists in managing attack infrastructure for penetration testers by providing an interface to rapidly deploy, manage, and take down various cloud services. These include VMs, domain fronting, Cobalt Strike servers, API gateways, and firewalls. Black Hat Arsenal Video Demo Video ...
CVE-2016-7066
It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations...
CVE-2016-7066
The body of evidence links CVE-2016-7066 to Red Hat JBoss EAP 7.x before 7.1.0, where improper default permissions on /tmp/auth enable any local user to connect to the CLI and perform arbitrary operations. The issue stems from insecure /tmp/auth permissions, allowing local privilege escalation vi...
CLI for Ephemeral Penetration Testing: hideNsneak
This application assists in managing attack infrastructure for penetration testers by providing an interface to rapidly deploy, manage, and take down various cloud services. These include VMs, domain fronting, Cobalt Strike servers, API gateways, and firewalls. hideNsneak provides a simple...
@atlauncher/atlauncher-scripts (>=0.1.0-18 <=0.1.0-19), @atomist/sample-sdm (>=0.5.1-atomist-update-latest-1540938130032.20181101043939 <=0.5.1-master.20181101044648) +415 more potentially affected by CVE-2018-16487 +1 more via lodash.merge (>=4.0.1 <=4.6.1)
lodash.merge NPM version =4.0.1, =0.1.0-18, =0.5.1-atomist-update-latest-1540938130032.20181101043939, =5.3.8, =3.1.0, =5.0.0, =5.2.7, =5.2.8, =6.1.1, =5.0.0, =5.0.0, =5.2.8, =5.1.1, =0.1.3, =6.2.6, =6.3.3 and more Source cves: CVE-2018-16487, CVE-2018-3721 Source advisory:...
conference-scheduler-cli Command Execution Vulnerability
conference-scheduler-cli is a command line tool for managing conference schedules. A security vulnerability exists in the importscheduledefinition method of the io.py file in conference-scheduler-cli. A remote attacker can exploit this vulnerability to execute arbitrary python commands with the...
RHEL 6 / 7 : eap7-jboss-ec2-eap (RHSA-2017:0173)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:0173 advisory. The eap7-jboss-ec2-eap package provides scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services AWS...
CVE-2018-14572
In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...
CVE-2018-14572
In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...
PYSEC-2018-64
In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...
Design/Logic Flaw
In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...
PYSEC-2018-64
In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...
CVE-2018-14572
In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...
CVE-2018-14572
CVE-2018-14572 affects the conference-scheduler-cli package, where a pickle.load on imported data enables an attacker to execute arbitrary code via a crafted .pickle file that contains an os.system call. The underlying vulnerability is unsafe Python object deserialization in conference-scheduler-...