Cisco NX-OS Software Role-Based Access Arbitrary Command Execution Vulnerability

A vulnerability in the role-based access-checking mechanisms of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on an affected device. The vulnerability exists because the affected software lacks proper input and validation checks for certain file...

Cisco NX-OS Software CLI Arbitrary Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting...

Cisco FXOS and NX-OS Software Unauthorized Administrator Account Vulnerability

A vulnerability in the write-erase feature of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to configure an unauthorized administrator account for an affected device. The vulnerability exists because the affected software does not properly delete...

Cisco NX-OS Software CLI Arbitrary Command Execution Vulnerability

A vulnerability in the CLI parser of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by...

Cisco Nexus 3000 and 9000 Series CLI and Simple Network Management Protocol Polling Denial of Service Vulnerability

A vulnerability in the implementation of a specific CLI command and the associated Simple Network Management Protocol SNMP MIB for Cisco Nexus 3000 and 9000 Series Switches could allow an authenticated, remote attacker to exhaust system memory on an affected device, resulting in a denial of servi...

Format string

Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an...

CVE-2018-12591

Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an improperly neutralized element in an OS command due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an admi...

CVE-2018-12590

Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an...

CVE-2018-12591

Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an improperly neutralized element in an OS command due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an admi...

CVE-2018-12590

Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an...

Security Bulletin: CLI access security issue on IBM System Storage Storwize V7000 Unified (CVE-2014-0880)

Summary CLI security issue. Vulnerability Details CVEID: CVE-2014-0880 DESCRIPTION: An unauthorized user with network access to a system's administrative IP Internet Protocol address may be able to gain access to the block CLI Command Line Interface of the system, allowing the user to issue all...

Redis-cli 5.0 - Buffer Overflow (PoC)

Redis-cli 5.0 - Buffer Overflow PoC Exploit Title: Redis-cli 5.0 - Buffer Overflow PoC Date: 2018-06-13 Exploit Author: Fakhri Zulkifli Vendor Homepage: https://redis.io/ Software Link: https://redis.io/download Version: 5.0, 4.0, 3.2 Fixed on: 5.0, 4.0, 3.2 CVE : CVE-2018-12326 Buffer overflow i...

Redis-cli Buffer Overflow

Exploit Title: Redis-cli 5.0 - Buffer Overflow PoC Date: 2018-06-13 Exploit Author: Fakhri Zulkifli Vendor Homepage: https://redis.io/ Software Link: https://redis.io/download Version: 5.0, 4.0, 3.2 Fixed on: 5.0, 4.0, 3.2 CVE : CVE-2018-12326 Buffer overflow in redis-cli of Redis version 3.2, 4....

Security Bulletin: API and CLI getResource expose secured role properties (CVE-2016-6068)

Summary IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties. Vulnerability Details CVEID: CVE-2016-6068 DESCRIPTION: IBM UrbanCode Deploy could allow an authenticated user with access to the REST...

UBUNTU-CVE-2018-12326

Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h aka...

DEBIAN-CVE-2018-12326

Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h aka...

CVE-2018-12326

Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h aka...

Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by a User Enumeration - CLI vulnerability (CVE-2017-1601)

Summary IBM Security Guardium Database Activity Monitor has addressed the following vulnerability Vulnerability Details CVEID: CVE-2017-1601 DESCRIPTION: IBM Security Guardium Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for...

Security Bulletin: Privilege escalation vulnerability affects IBM Security Guardium (CVE-2017-1122)

Summary IBM Security Guardium contains a vulnerability that could allow a local attacker with CLI access to inject arbitrary commands which would be executed as root. IBM Security Guardium has addressed this issue Vulnerability Details CVEID: CVE-2017-1122 DESCRIPTION: IBM Security Guardium...

Security Bulletin: Vulnerabilities in open source zlib library affect IBM Data Server Driver Package and IBM Data Server Driver for ODBC and CLI

Summary Vulnerabilities have been addressed in the open source zlib library component of IBM Data Server Driver Package and IBM Data Server Driver for ODBC and CLI. Vulnerability Details CVEID: CVE-2016-9840 DESCRIPTION: zlib is vulnerable to a denial of service, caused by an out-of-bounds pointe...