Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.0 update

Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.0, and fix multiple security issues, several bugs, and add various enhancements, are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact...

Juniper Junos Local Elevation of Privilege Vulnerability

Juniper Networks JUNOS is an operating system that runs on Juniper Networks' line of border routers and more. A local elevation of privilege vulnerability exists in Juniper Junos that allows local users to elevate privileges via special CLI commands and parameters...

oc Arbitrary Command Execution Vulnerability (CNVD-2015-01830)

osc is a command-line interface written in Python, and also provides Python modules for use by Python programs. A security vulnerability exists in versions of osc prior to 0.151.0, which can be exploited by a remote attacker to execute arbitrary commands via shell metacharacters within a...

Varnish Cache CLI Interface - Remote Code Execution (Metasploit)

Varnish Cache CLI Interface - Remote Code Execution Metasploit This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Varnish Cache CLI Interface Bruteforce Utility', 'Description' = 'This...

Cisco Unified Computing System B-Series Servers Privilege Escalation Vulnerability

Cisco Unified Computing System B-Series Blade Servers could allow an authenticated, local attacker to gain shell-level access to the affected device. The vulnerability is due to improper input validation in the ping6 and the traceroute6 commands. An attacker could exploit this vulnerability by...

Cisco Integrated Management Controller Privilege Escalation Vulnerability

Cisco Integrated Management Controller contains a vulnerability that could allow an authenticated, local attacker to gain shell-level access to the affected device. The vulnerability is due to improper input validation in the map-nfs command. An attacker could exploit this vulnerability by sendin...

CVE-2014-8991

pip 1.3 through 1.5.6 allows local users to cause a denial of service prevention of package installation by creating a /tmp/pip-build- file for another user...

jenkins: remote code execution flaw (SECURITY-150)

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel...

Cisco IOS XR Software Information Disclosure Vulnerability

A vulnerability in the command-line interface CLI of Cisco IOS XR Software could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to insufficient data protection of sensitive information. An attacker could exploit this vulnerability by issuing...

Katello: CLI - user without access can call "system remove_deletion" command

Katello allows remote authenticated users to call the "system removedeletion" CLI command via vectors related to "remove system" permissions...

Directory traversal

Directory traversal vulnerability in the command-line interface in Cisco NX-OS 6.22a and earlier allows local users to read arbitrary files via unspecified input, aka Bug ID CSCul05217...

Cisco TelePresence TC and TE Software u-boot Buffer Overflow Vulnerability

A vulnerability in the implementation of executable utilities that use the universal bootloader u-boot compiler of Cisco TelePresence TC and TE Software could allow an authenticated, local attacker to create a buffer overflow and possibly execute arbitrary code on the affected system. The...

CVE-2013-6990

FortiGuard FortiAuthenticator before 3.0 allows remote administrators to gain privileges via the command line interface...

Design/Logic Flaw

FortiGuard FortiAuthenticator before 3.0 allows remote administrators to gain privileges via the command line interface...

CVE-2013-6990

FortiGuard FortiAuthenticator before 3.0 allows remote administrators to gain privileges via the command line interface...

dompdf 0.6.0 - dompdf.php?read Arbitrary File Read

dompdf 0.6.0 - dompdf.php?read Arbitrary File Read Vulnerability title: Arbitrary file read in dompdf CVE: CVE-2014-2383 Vendor: dompdf Product: dompdf Affected version: v0.6.0 Fixed version: v0.6.1 partial fix Reported by: Alejo Murillo Moyas Details: An arbitrary file read vulnerability is...

Cisco Unified Computing System Central Software Privilege Escalation Vulnerability

A vulnerability in the local-mgmt context in Cisco Unified Computing System Central Software could allow an authenticated, local attacker to gain shell-level access to the affected device. The vulnerability is due to improper input validation in the copy command. An attacker could exploit this...

Cisco UCS Director Software Has Default Credentials Open to Attackers

Cisco’s UCS Director infrastructure management product contains a set of default credentials that any remote attacker can exploit to take complete control of any vulnerable machine. The flaw is in UCS Director versions 4.0.0.2 and below. The Cisco UCS Director software is designed to allow...

[IE Password Decryptor] Internet Explorer Password Recovery Tool

IE Password Decryptor is the FREE software to quickly and easily recover all the stored passwords from Internet Explorer. It automatically detects the installed IE version and use appropriate technique to successfully decrypt all the stored passwords. It can recover passwords from all versions of...

Cisco NX-OS Arbitrary File Access Vulnerability

A vulnerability in the Command Line Interface CLI of the Cisco NX-OS Software could allow an authenticated, local attacker to access arbitrary files on the device. The vulnerability is due to improper filtering of user input. An attacker could exploit this vulnerability by leveraging the tar...