Cisco Adaptive Security Appliance CLI Remote Code Execution Vulnerability

Cisco Adaptive Security Appliances ASA, Adaptive Security Appliances Software is a set of firewall appliances from Cisco USA. The device also includes IPS Intrusion Prevention System, SSL VPN, IPSec VPN, anti-spam and other features. A remote code execution vulnerability exists in the command-lin...

Cisco Adaptive Security Appliance CLI Remote Code Execution Vulnerability (cisco-sa-20160817-asa-cli)

A vulnerability in the command-line interface CLI parser of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, local attacker to create a denial of service DoS condition or potentially execute arbitrary code. An attacker could exploit this vulnerability by invoking certa...

Cisco Adaptive Security Appliance CLI Remote Code Execution Vulnerability

A vulnerability in the command-line interface CLI parser of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, local attacker to create a denial of service DoS condition or potentially execute arbitrary code. An attacker could exploit this vulnerability by invoking certa...

Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms CLI Privilege Escalation Vulnerability

A vulnerability in command execution from the command line-interface CLI of Cisco Access Point AP platforms could allow an authenticated, local attacker to perform privilege escalation to root-level privileges. The vulnerability occurs because user input is not properly sanitized for certain...

VulnCheck KEV: CVE-2016-6367

A vulnerability in the command-line interface CLI parser of Cisco ASA software could allow an authenticated, local attacker to create a denial-of-service DoS condition or potentially execute code...

PT-2016-2535 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software versions prior to 8.41 Description: The issue is caused by a buffer overflow in the Cisco Adaptive Security Appliance software. It allows an authenticated, local attacker to potentially execute...

CVE-2015-6396

CVE-2015-6396 affects Cisco RV110W, RV130W, and RV215W routers. The issue stems from the CLI command parser, where insufficient input validation allows an authenticated, local attacker to inject and execute arbitrary shell commands with administrator privileges. This vulnerability could enable fu...

CVE-2016-1278

Juniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to "safe mode" authentication and allows root CLI logins without a password after a failed upgrade to 12.1X46, which might allow local users to gain privileges by leveraging use of the "request system software" command with the...

Cisco RV110W, RV130W, and RV215W Routers Command Shell Injection Vulnerability

A vulnerability in the command-line interface CLI command parser of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an authenticated, local attacker to inject arbitrary shell commands that are executed ...

Debian DSA-3634-1 : redis - security update

It was discovered that redis, a persistent key-value database, did not properly protect redis-cli history files: they were created by default with world-readable permissions. Users and systems administrators may want to proactively change permissions on existing /redisclihistory files, instead of...

Debian DLA-577-1 : redis security update

It was discovered that the redis-cli tool in redis an in-memory key-value database created world-readable history files. For Debian 7 'Wheezy', this issue has been fixed in redis version 2:2.4.14-1+deb7u1. We recommend that you upgrade your redis packages. NOTE: Tenable Network Security has...

HTTP Proxy header vulnerability

Bug Fixes - Removed support for using HTTPPROXY environment variable for non-CLI apps per CVE-2016-5385 httpoxy. Graham Campbell 143 145 - Convert BUGSNAGNOTIFYRELEASESTAGES to a comma-delimited array Jason Graham Campbell 142 144...

Swiss Army Knife for Mac OS X: m-cli

Swiss Army Knife for Mac OS X m-cli differs from other mac command line tools in that: Its main purpose is to manage administrative tasks and do it easier It doesn’t install 3rd party tools because it doesn’t have dependencies The installation is very easy and doesn’t require intervention It only...

CVE-2016-1456

The CLI in Cisco IOS XR 6.x through 6.0.1 allows local users to execute arbitrary OS commands in a privileged context by leveraging unspecified container access, aka Bug ID CSCuz62721...

Design/Logic Flaw

The CLI in Cisco IOS XR 6.x through 6.0.1 allows local users to execute arbitrary OS commands in a privileged context by leveraging unspecified container access, aka Bug ID CSCuz62721...

CVE-2016-1456

The CLI in Cisco IOS XR 6.x through 6.0.1 allows local users to execute arbitrary OS commands in a privileged context by leveraging unspecified container access, aka Bug ID CSCuz62721...

CVE-2016-1456

CVE-2016-1456 affects Cisco IOS XR 6.x through 6.0.1. A local attacker can exploit a flaw in the CLI/container input validation to run arbitrary OS commands with elevated/root privileges via a crafted input to a command in a specific container. The issue is a privilege-escalation vulnerability in...

Jenkins RCE 2(CVE-2 0 1 6-0 7 8 8)analysis and use-vulnerability and early warning-the black bar safety net

Foreign security researchers Moritz Bechler in 2 months found a Jenkins remote command execution vulnerability the vulnerability without having to login you can use, that is, the CVE-2 0 1 6-0 7 8 8 is. The official announcement is such description of this vulnerability: A vulnerability in the...

Web Interface Privilege Escalation

Palo Alto Networks Panorama administrators have the ability to assign predefined permissions to users created on PAN-OS. A read-only user with CLI access could elevate web interface privileges. Ref. 88191...

CVE-2016-1394

Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by leveraging knowledge of the password, aka Bug ID CSCuz56238...