Command injection

A vulnerability in the CLI parser of the Cisco Web Security Appliance WSA could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid operator-level or administrator-level credentials. Affected Products: virtu...

CVE-2017-6748

A vulnerability in the CLI parser of the Cisco Web Security Appliance WSA could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid operator-level or administrator-level credentials. Affected Products: virtu...

CVE-2017-6748

A vulnerability in the CLI parser of the Cisco Web Security Appliance WSA could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid operator-level or administrator-level credentials. Affected Products: virtu...

Ubiquiti Networks EP-R6 / ER-X / ER-X-SFP Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Cross-Site Scripting XSS product: Ubiquiti Networks EP-R6, ER-X, ER-X-SFP vulnerable version: Firmware v1.9.1 fixed version: Firmware v1.9.1.1 CVE number: impact: Medium...

Prowler - Tool for AWS Security Assessment, Auditing And Hardening

Tool based on AWS-CLI commands for AWS account security assessment and hardening, following guidelines of the CIS Amazon Web Services Foundations Benchmark 1.1 Features It covers hardening and security best practices for all AWS regions related to: Identity and Access Management 24 checks Logging...

Cisco Web Security Appliance Authenticated Command Injection and Privilege Escalation Vulnerability

A vulnerability in the CLI parser of the Cisco Web Security Appliance WSA could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid operator-level or administrator-level credentials. SPDX-FileCopyrightText:...

Cisco Web Security Appliance Static Credentials Vulnerability

A vulnerability in AsyncOS for the Cisco Web Security Appliance WSA could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas of the web GUI. The vulnerability is due to a us...

Cisco Web Security Appliance Authenticated Command Injection and Privilege Escalation Vulnerability

A vulnerability in the CLI parser of the Cisco Web Security Appliance WSA could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid operator-level or administrator-level credentials. The vulnerability is due...

CVE-2017-10603

An XML injection vulnerability in Junos OS CLI can allow a locally authenticated user to elevate privileges and run arbitrary commands as the root user. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS 15.1X53 prior to 15.1X53-D47, 15....

Design/Logic Flaw

An XML injection vulnerability in Junos OS CLI can allow a locally authenticated user to elevate privileges and run arbitrary commands as the root user. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS 15.1X53 prior to 15.1X53-D47, 15....

Buffer overflow

A buffer overflow vulnerability in Junos OS CLI may allow a local authenticated user with read only privileges and access to Junos CLI, to execute code with root privileges. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D46 on EX2200/VC, EX3200, EX3300/VC,...

Fedora 26 : openvas-cli / openvas-gsa / openvas-libraries / openvas-manager / etc (2017-3fb16e3a65)

Update to openvas-9 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...

[SECURITY] Fedora 26 Update: spatialite-tools-4.3.0-23.fc26

Spatialite-Tools is a set of useful CLI tools for SpatiaLite...

[SECURITY] Fedora 26 Update: openvas-cli-1.4.5-3.fc26

OpenVAS CLI contains the command line tool "omp" which allows to create bat ch processes to drive OpenVAS Manager...

CVE-2017-10602 Junos OS: buffer overflow vulnerability in Junos CLI

A buffer overflow vulnerability in Junos OS CLI may allow a local authenticated user with read only privileges and access to Junos CLI, to execute code with root privileges. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D46 on EX2200/VC, EX3200, EX3300/VC,...

CVE-2017-2343 SRX Series: Hardcoded credentials in Integrated UserFW feature.

The Integrated User Firewall UserFW feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to provide simple integration of user profiles on top of the existing firewall polices. As part of an internal security review of the UserFW services authentication API,...

CVE-2017-10603

The CVE describes an XML injection vulnerability in Junos OS CLI that can be exploited by a locally authenticated user to elevate privileges and execute commands as root. The issue stems from improper handling/validation of XML content received by the CLI, enabling arbitrary command execution wit...

CVE-2017-10603 Junos OS: Local XML Injection through CLI command can lead to privilege escalation

An XML injection vulnerability in Junos OS CLI can allow a locally authenticated user to elevate privileges and run arbitrary commands as the root user. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS 15.1X53 prior to 15.1X53-D47, 15....

CVE-2017-10602

CVE-2017-10602 describes a buffer overflow in Junos OS CLI that can allow a local authenticated user with read-only CLI access to execute code with root privileges. Affected releases include Junos OS versions across multiple lines of products: 14.1X53 (prior to 14.1X53-D46 on EX2200/VC, EX3200, E...

Cisco ASR StarOS CLI Command Injection Local Privilege Escalation (cisco-sa-20170705-asrcmd)

According to its self-reported version and model number, the remote Cisco ASR device is affected by a privilege escalation vulnerability in StarOS in the Command Line Interface CLI due to improper sanitization of commands passed to the Linux shell. A local attacker can exploit this, via specially...