Co-cli-installer Remote Code Execution Vulnerability

The co-cli-installer is a package for installing the co-cli command line tool. A security vulnerability exists in co-cli-installer that originates when the program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerability by intercepting t...

Design/Logic Flaw

An issue was discovered on Momentum Axel 720P 5.1.8 devices. There is Authenticated Custom Firmware Upgrade via DNS Hijacking. An authenticated root user with CLI access is able to remotely upgrade firmware to a custom image due to lack of SSL validation by changing the nameservers in...

Malicious JavaScript Package Detection

Detection and reporting of known malicious JavaScript packages or package versions. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

Directory Traversal

fast-http-cli is vulnerable to directory traversal attacks. These attacks are possible by requesting a url such as /..%2f..%2fetc/passwd to get sensitive information...

Fast-http-cli Directory Traversal Vulnerability

fast-http-cli is a command-line based HTTP server. A directory traversal vulnerability exists in fast-http-cli. An attacker can exploit this vulnerability by placing a '. /' sequence in a URL to gain access to the file system...

Input validation

A vulnerability in the VPN configuration management of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass VPN security due to unintended side effects of dynamic configuration changes that could allow an attacker to bypass configured policies. The vulnerabili...

CVE-2018-0338

A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System UCS Software could allow an authenticated, local attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software lacks proper input and validation...

Input validation

A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System UCS Software could allow an authenticated, local attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software lacks proper input and validation...

CVE-2018-0333

A vulnerability in the VPN configuration management of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass VPN security due to unintended side effects of dynamic configuration changes that could allow an attacker to bypass configured policies. The vulnerabili...

CVE-2018-0333

A vulnerability in the VPN configuration management of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass VPN security due to unintended side effects of dynamic configuration changes that could allow an attacker to bypass configured policies. The vulnerabili...

Input validation

A vulnerability in the CLI parser of Cisco Network Services Orchestrator NSO could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this...

CVE-2018-0274

A vulnerability in the CLI parser of Cisco Network Services Orchestrator NSO could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this...

CVE-2018-0274

Cisco NSO contains a CLI parser input-validation vulnerability (CVE-2018-0274) that could allow an authenticated, remote attacker to run arbitrary commands with root privileges. Affected NSO releases include 4.1–4.1.6.0, 4.2–4.2.4.0, 4.3–4.3.3.0, and 4.4–4.4.2.0. The issue stems from insufficient...

CVE-2017-16155

fast-http-cli is the command line interface for fast-http, a simple web server. fast-http-cli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

CVE-2017-16155

fast-http-cli is the command line interface for fast-http, a simple web server. fast-http-cli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

Directory traversal

fast-http-cli is the command line interface for fast-http, a simple web server. fast-http-cli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

CVE-2017-16155

fast-http-cli is the command line interface for fast-http, a simple web server. fast-http-cli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

CVE-2017-16155

CVE-2017-16155 affects fast-http-cli , the command-line interface for the lightweight HTTP server fast-http . The issue is a directory traversal vulnerability triggered by placing "../" sequences in the URL, which can grant an attacker access to the server’s filesystem. Public advisories illustra...

Dell EMC RecoverPoint boxmgmt CLI Arbitrary File Read Vulnerability

The Dell EMC RecoverPoint Dell EMC RecoverPoint product provides continuous data protection for operational recovery and disaster recovery, which supports any-point-in-time recovery of diverse storage environments within and between data centers. An arbitrary file read vulnerability exists in the...

Cisco Network Services Orchestrator CLI Parser Input Validation Vulnerability

Cisco Network Services Orchestrator NSO is a set of network automation service solutions from Cisco USA.CLI parser is one of the command line command parser. An input validation vulnerability exists in the CLI parser in Cisco NSO that stems from the program failing to adequately perform input...