Exploit for Path Traversal in Jenkins

PoC-jenkins-rceCVE-2024-23897. On this git you can find all i...

Exploit for Path Traversal in Jenkins

PoC-jenkins-rceCVE-2024-23897. On this git you can find all i...

Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE

Jenkins has a built-in command line interface CLI to access Jenkins from a script or shell environment. Jenkins uses the args4j library to parse command arguments and options on the Jenkins controller when processing CLI commands. This command parser has a feature that replaces an @ character...

GHSA-6F9G-CXWR-Q5JR Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE

Jenkins has a built-in command line interface CLI to access Jenkins from a script or shell environment. Jenkins uses the args4j library to parse command arguments and options on the Jenkins controller when processing CLI commands. This command parser has a feature that replaces an @ character...

How to Rescan the QLogic Host Bus Adapter for New Logical Unit Numbers in XenServer

This article describes how to rescan QLogic Host Bus Adapter HBA for new Logical Unit Numbers LUNs, and query the HBA or ISCSI in XenServer. Requirements XenServer 8.2 CU1or later Basic Command Line Interface skills...

CVE-2024-23897

Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an ‘@’ character followed by a file path in an argument with the file’s contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system...

PT-2024-4055 · Fortinet · Fortiwebmanager

Name of the Vulnerable Software and Affected Versions: Fortinet FortiWebManager versions 6.0.2, 6.2.3 through 6.2.4, 6.3.0, 7.0.0 through 7.0.4, and 7.2.0 Description: The issue is related to an improper authorization in Fortinet FortiWebManager, which can allow an attacker to execute unauthorize...

The vulnerability of the command-line interface of the Aruba EdgeConnect Enterprise network management platform allows a attacker to execute arbitrary commands with root privileges.

The vulnerability of the command-line interface of the Aruba EdgeConnect Enterprise network management platform exists due to the lack of measures taken to neutralize special elements used in the operating system’s command line. Exploiting this vulnerability allows a remote attacker to execute...

CVE-2023-20260

A vulnerability in the application CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper processing of command line arguments to application scripts. An...

Bugsy - Command-line Interface Tool That Provides Automatic Security Vulnerability Remediation For Your Code

Bugsy is a command-line interface CLI tool that provides automatic security vulnerability remediation for your code. It is the community edition version of Mobb, the first vendor-agnostic automated security vulnerability remediation tool. Bugsy is designed to help developers quickly identify and...

ffcss Security Vulnerabilities

ffcss is a CLI interface for applying and configuring Firefox CSS themes. A security vulnerability exists in versions prior to ffcss 0.2.0, which stems from a vulnerability that allows an attacker to introduce all characters of a regular expression by bypassing the limitations of the...

CVE-2023-46681

Improper neutralization of argument delimiters in a command 'Argument Injection' vulnerability in VR-S1000 firmware Ver. 2.37 and earlier allows an authenticated attacker who can access to the product's command line interface to execute an arbitrary command...

Dell PowerProtect Data Domain Command Execution Vulnerability

Dell PowerProtect Data Domain Dell PowerProtect DD is a suite of hardware appliances for data protection, backup, storage, and deduplication from Dell, USA. A command execution vulnerability exists in Dell PowerProtect Data Domain that stems from a failure to properly filter construct command...

CVE-2023-44277

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in the CLI. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's...

Dell PowerProtect Data Domain Operating System Command Injection Vulnerability

Dell PowerProtect Data Domain Dell PowerProtect DD is a suite of hardware appliances for data protection, backup, storage, and deduplication from Dell, USA. An operating system command injection vulnerability exists in Dell PowerProtect Data Domain, which stems from a command line interface that...

CVE-2022-27488

A cross-site request forgery CSRF in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2,...

PT-2023-30395 · Draytek · Draytek Vigor167

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor167 version 5.2.2 Description: An OS Command Injection in the CLI interface allows remote attackers to execute arbitrary system commands and escalate privileges via any account created within the web interface. Recommendations: F...

See List and kill current AAA VPN Session on the CLI

See and Kill current AAA Sessions...

The vulnerability of the command-line interface of the Aruba EdgeConnect Enterprise network management platform allows a attacker to execute arbitrary commands with root privileges.

The vulnerability of the command-line interface of the Aruba EdgeConnect Enterprise network management platform is related to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with root...

CVE-2022-47531

An issue was discovered in Ericsson Evolved Packet Gateway EPG versions 3.x before 3.25 and 2.x before 2.16, allows authenticated users to bypass system CLI and execute commands they are authorized to execute directly in the UNIX shell...