How to use CLI Route Commands in NetScaler SD-WAN 10.0

NetScaler SD-WAN 10.0 is continuing to build on it's routing capabilities to enable the appliance to act as a router replacement. A number of commands are now available for viewing routing information through the CLI, mainly focused around the 'show' command...

Transmission - Integer Overflows Parsing Torrent Files

Transmission - Integer Overflows Parsing Torrent Files I took a look at torrent file parsing in libtransmission, there are a few integer overflows because the trnew/trnew0 allocation wrappers don't handle overflow. define trnewstructtype, nstructs \ structtype trmalloc sizeof structtype...

rubygem-hammer_cli: no verification of API server's SSL certificate

It was found that the hammercli command line client disables SSL/TLS certificate verification by default. A man-in-the-middle MITM attacker could use this flaw to spoof a valid certificate...

Heap overflow

The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service heap-based buffer over-read or possibly overwrite the heap via a maliciously crafted DSDIFF file...

CVE-2018-7254

WavPack 5.1.0 is affected by multiple header parsing weaknesses in the CLI parsers. Specifically, ParseRiffHeaderConfig (riff.c), ParseDsdiffHeaderConfig (dsdiff.c), and ParseCaffHeaderConfig (caff.c) can mis-handle unknown or malformed chunk data, leading to remote-denial-of-service via buffer o...

Debian DSA-4115-1 : quagga - security update

Several vulnerabilities have been discovered in Quagga, a routing daemon. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2018-5378 It was discovered that the Quagga BGP daemon, bgpd, does not properly bounds check data sent with a NOTIFY to a peer, if an...

CVE-2017-6229

The CVE-2017-6229 issue affects Ruckus Networks devices: Unleashed AP firmware prior to 200.6.10.1.x and ZoneDirector firmware prior to 10.1.0.0.x, 9.10.2.0.x, 9.12.3.0.x, 9.13.3.0.x, or 10.0.1.0.x. The root cause is an authenticated root command injection in the CLI that allows an authenticated ...

EvilOSX

EvilOSX An evil RAT Remote Administration Tool for macOS...

cliqueschaeflibach.ch XSS vulnerability

Open Bug Bounty ID: OBB-558784 Description| Value ---|--- Affected Website:| cliqueschaeflibach.ch Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2018-0122

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite system files that are stored in the flash memory of an affected system. The vulnerability is due to insufficient...

Input validation

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite system files that are stored in the flash memory of an affected system. The vulnerability is due to insufficient...

CVE-2018-0122

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite system files that are stored in the flash memory of an affected system. The vulnerability is due to insufficient...

CVE-2018-0122

CVE-2018-0122 is a Cisco StarOS CLI vulnerability on Cisco ASR 5000 Series where insufficient input validation in a vulnerable CLI command can allow an authenticated, local attacker with valid admin credentials to overwrite or modify arbitrary files stored in flash memory. The issue stems from im...

CVE-2018-0122

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite system files that are stored in the flash memory of an affected system. The vulnerability is due to insufficient...

Ubiquiti Inc.: Code Execution in restricted CLI of EdgeSwitch

In EdgeSwitch 1.7.3 and prior, an user with admin credentials can make use of specially crafted commands to execute arbitrary shell instructions, bypassing the SSH/TELNET CLI interface. A command injection vulnerability existed in the restricted CLI of the EdgeSwitch. Exploiting this vulnerabilit...

Cisco IOS XE Software Diagnostic Shell Path Traversal Vulnerability

A vulnerability in the diagnostic shell for Cisco IOS XE Software could allow an authenticated, local attacker to use certain diagnostic shell commands that can overwrite system files. These system files may be sensitive and should not be able to be overwritten by a user of the diagnostic shell...

Cisco StarOS for Cisco ASR 5000 Series Aggregation Services Routers File Overwrite Vulnerability

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite system files that are stored in the flash memory of an affected system. The vulnerability is due to insufficient...

CVE-2018-6767

An out-of-bounds stack buffer read flaw was found in WavPack. This flaw could potentially be used to crash WavPack CLI utilities by tricking them into processing specially crafted WAVE files...

Command injection

An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Hidden Root Shell by entering the administrator password in conjunction with the 'service start-shell' CLI command...

CVE-2018-5796

An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Hidden Root Shell by entering the administrator password in conjunction with the 'service start-shell' CLI command...