CVE-2016-7066

It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations...

SAP HANA Extended Application Services Information Disclosure Vulnerability (CNVD-2019-09633)

SAP HANA is a high-performance real-time data analytics platform from SAP, which provides data query functions that allow users to directly query and analyze a large amount of real-time business data.Extended Application Services XS is a development environment for application servers, Web server...

[SECURITY] Fedora 27 Update: soundtouch-2.0.0-6.fc27

SoundTouch is a LGPL-licensed open-source audio processing library for changing the Tempo, Pitch and Playback Rates of audio streams or files. The SoundTouch library is suited for application developers writing sound processing tools that require tempo/pitch control functionality, or just for...

Polymorph - A Real-Time Network Packet Manipulation Framework With Support For Almost All Existing Protocols

Polymorph is a framework written in Python 3 that allows the modification of network packets in real time, providing maximum control to the user over the contents of the packet. This framework is intended to provide an effective solution for real-time modification of network packets that implemen...

CVE-2018-2451

XS Command-Line Interface CLI user sessions with the SAP HANA Extended Application Services XS, version 1, advanced server may have an unintentional prolonged period of validity. Consequently, a platform user could access controller resources via active CLI session even after corresponding...

wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)

It was found that the explode function of the deployment utility in jboss-cli and console that allows extraction of files from an archive does not perform necessary validation for directory traversal. This can lead to remote code execution...

Cisco Policy Suite Local Information Disclosure Vulnerability

Cisco Policy Suite is a carrier-grade policy, charging, and subscriber data management solution. A local information disclosure vulnerability exists in the CLI of Cisco Policy Suite. The vulnerability stems from insufficient access control privileges. An attacker can exploit the vulnerability by...

CVE-2018-13110

All ADB broadband gateways / routers based on the Epicentro platform are affected by a privilege escalation vulnerability where attackers can gain access to the command line interface CLI if previously disabled by the ISP, escalate their privileges, and perform further attacks...

Privilege escalation

All ADB broadband gateways / routers based on the Epicentro platform are affected by a privilege escalation vulnerability where attackers can gain access to the command line interface CLI if previously disabled by the ISP, escalate their privileges, and perform further attacks...

CVE-2018-13110

All ADB broadband gateways / routers based on the Epicentro platform are affected by a privilege escalation vulnerability where attackers can gain access to the command line interface CLI if previously disabled by the ISP, escalate their privileges, and perform further attacks...

ADB Broadband Gateways/Routers Elevation of Privilege Vulnerability

ADB broadband gateways/routers on Epicentro platform are gateway and router devices for the Epicentro platform from ADB Switzerland. A privilege extraction vulnerability exists in ADB broadband gateways/routers on Epicentro platform. An attacker could use this vulnerability to gain access to the...

ADB Broadband Gateways / Routers - Privilege Escalation

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Privilege escalation via linux group manipulation product: All ADB Broadband Gateways / Routers based on Epicentro platform vulnerable version: Hardware: ADB P.RG AV4202N...

ADB Group Manipulation Privilege Escalation

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Privilege escalation via linux group manipulation product: All ADB Broadband Gateways / Routers based on Epicentro platform vulnerable version: Hardware: ADB P.RG AV4202N...

CVE-2018-1351

A Cross-site Scripting XSS vulnerability in Fortinet FortiManager 6.0.0, 5.6.6 and below versions allows attacker to execute HTML/javascript code via managed remote devices CLI commands by viewing the remote device CLI config installation log...

Fortinet FortiManager Cross-Site Scripting Vulnerability (CNVD-2018-15776)

Fortinet FortiManager is a centralized network security management platform from Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains ADOM to further simplify the deployment and management of multi-device...

Cisco Nexus 3000 and 9000 Series Switches NX-OS Denial of Service Vulnerability

The Cisco Nexus 3000 and 9000 Series Switches are different series of switch devices from Cisco. the NX-OS is a set of data center-grade operating system software used by the switches that run on it. A denial of service vulnerability exists in the implementation of the CLI commands and the...

Multiple Cisco Products NX-OS Software CLI Input Validation Vulnerability

Cisco Nexus 3000 Series Switches are products of Cisco Corporation.Nexus 3000 Series Switches are switch devices.Fabric Modules are switch matrix modules.NX-OS Software is a set of data center-grade operating system software for switches that run on them.CLI is one of the command-line tools. NX-O...

CVE-2018-12590

Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an...

PT-2018-3891 · Cisco · Cisco Ucs Fabric Interconnect +3

Name of the Vulnerable Software and Affected Versions: Cisco FXOS Software versions affected versions not specified Cisco UCS Fabric Interconnect Software versions affected versions not specified Description: A vulnerability in the CLI parser could allow an authenticated, local attacker to cause ...

CVE-2018-0274

A vulnerability in the CLI parser of Cisco Network Services Orchestrator NSO could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this...