7991 matches found
CVE-2016-10538
The package node-cli before 1.0.0 insecurely uses the lockfile and logfile. Both of these are temporary, but it allows the starting user to overwrite any file they have access to...
CVE-2016-10560
galenframework-cli is the node wrapper for the Galen Framework. galenframework-cli below 2.3.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled...
Sharesniffer - Network Share Sniffer And Auto-Mounter For Crawling Remote File Systems
sharesniffer is a network analysis tool for finding open and closed file shares on your local network. It includes auto-network discovery and auto-mounting of any open cifs and nfs shares. How to use Example to find all hosts in 192.168.56.0/24 network and auto-mount at /mnt: python sniffshares.p...
[SECURITY] Fedora 28 Update: wireshark-2.6.1-1.fc28
Metapackage with installs wireshark-cli and wireshark-qt...
CVE-2018-1242
Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contains a command injection vulnerability in the Boxmgmt CLI. An authenticated malicious user with boxmgmt privileges may potentially exploit this vulnerability to read RPA files. Note that files th...
CVE-2018-1242
Dell EMC RecoverPoint suffers a command injection vulnerability in the Boxmgmt CLI affecting RecoverPoint versions before 5.1.2 and RecoverPoint for VM versions before 5.1.1.3. An authenticated user with boxmgmt privileges can potentially exploit this to read RPA files, with root-required files r...
Node.js third-party modules: Privilage escalation with malicious .npmrc
Hello. I'm forwarding to you my conversation with npm staff regarding security issue. It allows to escalate to root privilages of victim using either: a basic social engineering - convincing victim to run npm in attacker-controlled folder eg. repository, including such innocent ones like "npm hel...
[ASA-201805-25] wireshark-cli: multiple issues
Arch Linux Security Advisory ASA-201805-25 ========================================== Severity: Critical Date : 2018-05-25 CVE-ID : CVE-2018-11354 CVE-2018-11355 CVE-2018-11356 CVE-2018-11357 CVE-2018-11358 CVE-2018-11359 CVE-2018-11360 CVE-2018-11361 CVE-2018-11362 Package : wireshark-cli Type :...
Dell EMC RecoverPoint boxmgmt CLI 5.1.2 - Arbitrary File Read
Dell EMC RecoverPoint boxmgmt CLI 5.1.2 - Arbitrary File Read Exploit Title: Dell EMC RecoverPoint boxmgmt CLI /etc/passwd: terminating, 34 bad configuration options Command "ssh...
Jenkins CLI - HTTP Java Deserialization Exploit
Exploit for linux platform in category remote exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule Msf::Exploit::Remote Rank = ExcellentRanking STAGE1 =...
FortiOS local privilege escalation via malicious use of USB storage devices
An admin user with superadmin privileges can execute an arbitrary binary contained on an USB drive plugged to a FortiGate, via linking the aforementioned binary to a command that is allowed to be run by the fnsysctl CLI command...
CVE-2018-0324
A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, high-privileged, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command parameters in the CLI parser. An attacker coul...
CVE-2018-0324
Summary: CVE-2018-0324 is a local command-injection vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) CLI due to insufficient input validation in the CLI parser. An authenticated, high-privilege, local attacker could trigger a vulnerable CLI command with crafted parameters to ...
Cisco Enterprise NFV Infrastructure Software Local Command Injection Vulnerability
Cisco Enterprise NFV Infrastructure Software NFVIS is a suite of NVF infrastructure software platforms from Cisco. The platform enables full lifecycle management of virtualized services through a central orchestrator and controller.CLI is one of the command line tools. A command injection...
Jenkins CLI - HTTP Java Deserialization (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule Msf::Exploit::Remote Rank = ExcellentRanking STAGE1 =...
Cisco Enterprise NFV Infrastructure Software CLI Command Injection Vulnerability
A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, high-privileged, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command parameters in the CLI parser. An attacker coul...
D-Link DSL-2750B OS Command Injection
This module exploits a remote command injection vulnerability in D-Link DSL-2750B devices. Vulnerability can be exploited through "cli" parameter that is directly used to invoke "ayecli" binary. Vulnerable firmwares are from 1.01 up to 1.03. This module requires Metasploit:...
EMC RecoverPoint 4.3 Admin CLI Command Injection
Exploit Title: EMC RecoverPoint 4.3 - Admin CLI Command Injection Version: RecoverPoint prior to 5.1.1 RecoverPoint for VMs prior to 5.0.1.3 Date: 2018-05-11 Exploit Author: Paul Taylor Github: https://github.com/bao7uo Tested on: RecoverPoint for VMs 4.3, RecoverPoint 4.4.SP1.P1 CVE: CVE-2018-11...
Design/Logic Flaw
admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough...
CVE-2016-8627
admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough...