Hardcoded credentials

Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by leveraging knowledge of the password, aka Bug ID CSCuz56238...

CVE-2016-1394

Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by leveraging knowledge of the password, aka Bug ID CSCuz56238...

CVE-2016-1394

Cisco Firepower System Software versions 6.0.0–6.1.0 are affected by a hardcoded/default account that allows unauthenticated, remote CLI login by exploiting knowledge of the password (Bug CSCuz56238). The vulnerability stems from a default static password created during installation, enabling the...

CVE-2016-3956

The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers...

CVE-2016-3956

The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers...

Authorization

The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers...

CVE-2016-3956

The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers...

CVE-2016-3956

CVE-2016-3956 describes an HTTP bearer token leak in the npm CLI, allowing a remote attacker to obtain sensitive information via Authorization headers. Affected npm versions include prior to 2.15.1 and 3.x prior to 3.8.3, used with Node.js 0.10 (before 0.10.44), 0.12 (before 0.12.13), 4 (before 4...

CVE-2016-3956

The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers...

Cisco Firepower System Software Static Credential Vulnerability

A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to log in to the device with a default account. This account does not have full administrator privileges. The vulnerability is due to a user account that has a default and static password. This...

Capture Windows Kernel Activity: Fibratus

Capture Windows Kernel Activity: Fibratus Tool for exploration and tracing of the Windows kernel Fibratus is a tool which is able to capture the most of the Windows kernel activity – process/thread creation and termination, file system I/O, registry, network activity, DLL loading/unloading and mu...

CVE-2016-1418

Cisco Aironet Access Point Software 8.2100.0 on 1830e, 1830i, 1850e, 1850i, 2800, and 3800 access points allows local users to obtain Linux root access via crafted CLI command parameters, aka Bug ID CSCuy64037...

CVE-2016-1418

Cisco Aironet Access Point Software 8.2100.0 on 1830e, 1830i, 1850e, 1850i, 2800, and 3800 access points allows local users to obtain Linux root access via crafted CLI command parameters, aka Bug ID CSCuy64037...

Code injection

Cisco Aironet Access Point Software 8.2100.0 on 1830e, 1830i, 1850e, 1850i, 2800, and 3800 access points allows local users to obtain Linux root access via crafted CLI command parameters, aka Bug ID CSCuy64037...

CVE-2016-1418

Cisco Aironet Access Point Software 8.2100.0 on 1830e, 1830i, 1850e, 1850i, 2800, and 3800 access points allows local users to obtain Linux root access via crafted CLI command parameters, aka Bug ID CSCuy64037...

Cisco Aironet Access Points Command-Line Interpreter Linux Shell Command Injection Vulnerability

A vulnerability in the command-line interpreter of Cisco Aironet 1800, 2800, and 3800 Series Access Points could allow an authenticated, local attacker to inject commands in the Linux shell. The commands could be executed with root-level privileges. The vulnerability is due to improper sanitizati...

Cisco Prime Network Analysis Module and Cisco Prime Virtual Network Analysis Module Local Command Injection Vulnerability

Cisco Prime Network Analysis Module and Cisco Prime Virtual Network Analysis Module are network analysis software used by network administrators to manage and configure the network's usage, operational status, and so on. A local command injection vulnerability exists in the CLI of Cisco Prime...

CVE-2016-1403

CISCO IP 8800 phones with software 11.0.1 and earlier allow local users to gain privileges for OS command execution via crafted CLI commands, aka Bug ID CSCuz03005...

CVE-2016-1403

CISCO IP 8800 phones with software 11.0.1 and earlier allow local users to gain privileges for OS command execution via crafted CLI commands, aka Bug ID CSCuz03005...

CVE-2016-1390

Cisco Prime Network Analysis Module NAM before 6.11 patch.6.1-2-final and 6.2.x before 6.21 and Prime Virtual Network Analysis Module vNAM before 6.11 patch.6.1-2-final and 6.2.x before 6.21 allow local users to obtain root access via crafted CLI input, aka Bug ID CSCuy21892...