CVE-2014-3666

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel...

Cisco IOS XR Software Information Disclosure Vulnerability

A vulnerability in the command-line interface CLI of Cisco IOS XR Software could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to insufficient data protection of sensitive information. An attacker could exploit this vulnerability by issuing...

CVE-2014-3342

The CVE-2014-3342 issue affects Cisco IOS XR CLI, allowing an authenticated, remote attacker to disclose sensitive information through specific CLI commands due to insufficient data protection. Cisco’s advisory states exploitation requires authentication and software updates have been released to...

rubygem-hammer_cli_foreman: /etc/hammer/cli.modules.d/foreman.yml is world-readable

rubygem-hammercliforeman: File /etc/hammer/cli.modules.d/foreman.yml world readable...

CVE-2014-6072: CSRF vulnerability in the Web Profiler

Affected Versions All 2.0.X, 2.1.X, 2.2.X, 2.3.X, 2.4.X, and 2.5.X versions of the Symfony WebProfiler bundle are affected by this security issue. This issue has been fixed in Symfony 2.3.19, 2.4.9, and 2.5.4. Note that no fixes are provided for Symfony 2.0, 2.1, and 2.2 as they are not maintaine...

Cisco NX-OS Arbitrary File Read Vulnerability (CSCul05217 / CSCul23419)

According to its self-reported version, the remote NX-OS device is affected by a directory traversal vulnerability due to improper filtering of user input in its command line interface CLI. An authenticated, local attacker could access arbitrary files on the device. C Tenable Network Security, In...

Code injection

Cisco Unified Communications Manager CM 8.6.2 and earlier has an incorrect CLI restrictions setting, which allows remote authenticated users to establish undetected concurrent logins via unspecified vectors, aka Bug ID CSCup98029...

CVE-2014-3332

Cisco Unified Communications Manager (CM) 8.6(.2) and earlier contains an incorrect CLI restrictions setting that may allow an authenticated, remote attacker to establish undetected concurrent logins. The issue stems from improper sanitization of authenticated users, per Cisco’s advisory for CVE-...

CVE-2014-3332

Cisco Unified Communications Manager CM 8.6.2 and earlier has an incorrect CLI restrictions setting, which allows remote authenticated users to establish undetected concurrent logins via unspecified vectors, aka Bug ID CSCup98029...

CLI Magic: I Didn’t Know That !

Command Editing Shortcuts Ctrl + a – go to the start of the command line Ctrl + e – go to the end of the command line Ctrl + k – delete from cursor to the end of the command line Ctrl + u – delete from cursor to the start of the command line Ctrl + w – delete from cursor to start of word i.e...

Cisco Unified Communications Manager Concurrent Login Vulnerability

A vulnerability in the CLI restrictions setting of Cisco Unified Communications Manager could allow an authenticated, remote attacker to remain undetected as an authenticated user. The vulnerability is due to improper sanitization of authenticated users. Cisco has confirmed the vulnerability in a...

PHP 5.4.x < 5.4.31 CLI Server 'header' DoS

According to its banner, the version of PHP 5.4.x in use on the remote web server is a version prior to 5.4.31. It is, therefore, affected by a denial of service vulnerability that affects the built-in command line development server. The function 'sapicliserversendheaders' in the file...

Juniper Networks Junos OS Multiple Privilege Escalation Vulnerabilities

Privilege Escalation Vulnerability over CLI SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:juniper:junos"; if description...

CVE-2014-3816

Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R11, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8-S2, 12.3 before 12.3R7, 13.1 before 13.1R4-S2, 13.2 before 13.2R5, 13.3 before 13.3R2-S2, and 14.1 before 14.1...

Medium: php54

Issue Overview: acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file. A denial of service flaw was found in the way the File Information fileinfo extension parsed certain...

Fedora 19 : php-5.5.14-1.fc19 (2014-7782)

26 Jun 2014, PHP 5.5.14 Core : - Fixed BC break introduced by patch for bug 67072. Anatol, Stas - Fixed bug 66622 Closures do not correctly capture the late bound class static:: in some cases. Levi Morrison - Fixed bug 67390 insecure temporary file use in the configure script. CVE-2014-3981 Remi ...

Invision Power Board <= 2.3.5 - Remote SQL Injection Exploit

No description provided by source. ?php errorreportingEALL; /////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////// // IPB = 2.3.5 sql injection exploit // Version 1.0 // written by Janek Vind waraxe // Estoni...

eLitius 1.0 - Remote Command Execution Exploit

No description provided by source. ?php //786 / ============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | IN THE NAME OF // \ || || // \ || ||...

phpslash <= 0.8.1.1 - Remote Code Execution Exploit

No description provided by source. !/usr/bin/php -q ?php phpslash = 0.8.1.1 Remote Code Execution Exploit - - - - - - - - - - - - - - - - - - - - - - - - - RCE with no special rights guest. No special PHP conditions required. - - - - - - - - - - - - - - - - - - - - - - - - - 0 It was a private...

dompdf 0.6.0 (dompdf.php, read param) - Arbitrary File Read

No description provided by source. Vulnerability title: Arbitrary file read in dompdf CVE: CVE-2014-2383 Vendor: dompdf Product: dompdf Affected version: v0.6.0 Fixed version: v0.6.1 partial fix Reported by: Alejo Murillo Moyas Details: An arbitrary file read vulnerability is present on dompdf.ph...