CVE-2016-8627

admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough...

CVE-2016-8627

admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough...

CVE-2016-8627

Technical details are not publicly available in the provided connected documents. Monitor for updates.

EMC RecoverPoint 4.3 - Admin CLI Command Injection

EMC RecoverPoint 4.3 - Admin CLI Command Injection Exploit Title: EMC RecoverPoint 4.3 - Admin CLI Command Injection Version: RecoverPoint prior to 5.1.1 RecoverPoint for VMs prior to 5.0.1.3 Date: 2018-05-11 Exploit Author: Paul Taylor Github: https://github.com/bao7uo Tested on: RecoverPoint fo...

Multiple vulnerabilities in the CLI analyzer of the Cisco IOS XE operating system, allowing attackers to execute arbitrary commands

The multiple vulnerabilities of the Cisco IOS XE operating system’s CLI analyzer are related to the failure to take measures to neutralize special elements used in the operating system’s commands. Exploiting these vulnerabilities can allow attackers to gain access to the device’s Linux shell and...

The vulnerability of the CLI analyzer in the Cisco IOS XE operating system allows a hacker to execute arbitrary commands.

The vulnerability of the Cisco IOS XE operating system’s CLI analyzer is related to deficiencies in access control. Exploiting this vulnerability allows a person with privileges at the EXEC mode level to gain access to the device’s Linux shell and execute arbitrary commands with root privileges...

Astra - Automated Security Testing For REST API's

REST API penetration testing is complex due to continuous changes in existing APIs and newly added APIs. Astra can be used by security engineers or developers as an integral part of their process, so they can detect and patch vulnerabilities early during development cycle. Astra can automatically...

Command injection

Katello allows remote authenticated users to call the "system removedeletion" CLI command via vectors related to "remove system" permissions...

CVE-2013-4201

Katello allows remote authenticated users to call the "system removedeletion" CLI command via vectors related to "remove system" permissions...

CVE-2013-4201

Katello allows remote authenticated users to call the "system removedeletion" CLI command via vectors related to "remove system" permissions...

CVE-2013-4201

CVE-2013-4201 affects Red Hat Katello. Connected CNVD-2018-10937 indicates Katello vulnerability allowing remote authenticated users to invoke the system remove_deletion CLI command via vectors tied to remove system permissions. The NVD entry describes remote authentication with system removal ca...

Jenkins Multiple Vulnerabilities (Apr 2018) - Windows

Jenkins is prone to multiple vulnerabilities. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2018-1000169

An exposure of sensitive information vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in CLICommand.java and ViewOptionHandler.java that allows unauthorized attackers to confirm the existence of agents or views with an attacker-specified name by sending a CLI command to...

CVE-2018-1000169

An exposure of sensitive information vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in CLICommand.java and ViewOptionHandler.java that allows unauthorized attackers to confirm the existence of agents or views with an attacker-specified name by sending a CLI command to...

FreeBSD : jenkins -- multiple vulnerabilities (aaba17aa-782e-4843-8a79-7756cfa2bf89)

Jenkins developers report : The Jenkins CLI sent different error responses for commands with view and agent arguments depending on the existence of the specified views or agents to unauthorized users. This allowed attackers to determine whether views or agents with specified names exist. The...

jenkins -- multiple vulnerabilities

Jenkins developers report: The Jenkins CLI sent different error responses for commands with view and agent arguments depending on the existence of the specified views or agents to unauthorized users. This allowed attackers to determine whether views or agents with specified names exist. The Jenki...

REST API Penetration Testing: Astra

REST API penetration testing is complex due to continuous changes in existing APIs and newly added APIs. Astra can be used by security engineers or developers as an integral part of their process, so they can detect and patch vulnerabilities early during development cycle. Astra can automatically...

CVE-2018-9144

An out-of-bound read has been found in Exiv2 in the way binary bytes are converted to string. An attacker could potentially use this flaw to crash the Exiv2 CLI utility program by tricking it into processing a crafted TIFF image...

Cisco IOS XE Software CLI Parser Command Injection Vulnerability (CNVD-2018-08180)

Cisco IOS XE Software is an operating system developed by Cisco for its network devices.CLI parser is one of the command line command parsers. A command injection vulnerability exists in the CLI parser in Cisco IOS XE Software, which arises from the program's failure to adequately filter command...

Cisco IOS XE Software CLI Parser Local Elevation of Privilege Vulnerability

Cisco IOS XE Software is an operating system developed by Cisco for its network devices.CLI parser is one of the command line command parsers. A local elevation of privilege vulnerability exists in the Cisco IOS XE Software CLI parser because the program fails to properly filter command parameter...