Cisco Nexus Dashboard Fabric Controller REST API Command Injection Vulnerability

A vulnerability in Cisco Nexus Dashboard Fabric Controller NDFC, formerly Cisco Data Center Network Manager DCNM, could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device. This vulnerability is due to insufficient...

CVE-2024-20413

A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to elevate privileges to network-admin on an affected device. This vulnerability is due to insufficient security restrictions when executing application arguments from the...

CVE-2024-20413 Cisco NX-OS Bash Privilege Escalation Vulnerability

A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to elevate privileges to network-admin on an affected device. This vulnerability is due to insufficient security restrictions when executing application arguments from the...

CVE-2024-20413 Cisco NX-OS Bash Privilege Escalation Vulnerability

A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to elevate privileges to network-admin on an affected device. This vulnerability is due to insufficient security restrictions when executing application arguments from the...

Cisco NX-OS Software Bash Arbitrary Code Execution and Privilege Escalation Vulnerabilities

Multiple vulnerabilities in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to execute arbitrary code with root privileges or elevate privileges to network-admin on an affected device. For more information about these vulnerabilities, see...

UBUNTU-CVE-2023-52642

In the Linux kernel, the following vulnerability has been resolved: media: rc: bpf attach/detach requires write permission Note that bpf attach/detach also requires CAPNETADMIN...

so-widgets-bundle < 1.51.0 - Admin+ Local File Inclusion

Description The plugin does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to perform LFI attacks in the context of Multisite WordPress sites. 1. Create a multi-site wordpress setup, i.e. using docker-containers,...

Linux kernel 代码问题漏洞

The Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel that stems from a vulnerability in the XFRM subsystem that allows a malicious user with the CAPNETADMIN privilege to trigger a null pointer...

kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation

A use-after-free vulnerability was found in the Netfilter subsystem of the Linux kernel when processing batch requests to update nftables configuration. This vulnerability can be abused to perform arbitrary reads and writes in kernel memory. A local user with CAPNETADMIN capability could use this...

CVE-2023-2819

A stored cross-site scripting vulnerability in the Sources UI in Proofpoint Threat Response/ Threat Response Auto Pull PTR/TRAP could allow an authenticated administrator on an adjacent network to replace the image file with an arbitrary MIME type. This could result in arbitrary javascript code...

SUSE CVE-2013-6431

The fib6add function in net/ipv6/ip6fib.c in the Linux kernel before 3.11.5 does not properly implement error-code encoding, which allows local users to cause a denial of service NULL pointer dereference and system crash by leveraging the CAPNETADMIN capability for an IPv6 SIOCADDRT ioctl call...

Command injection

A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to bypass the limited command set of the restricted Guest Shell and execute commands at the privilege level of a network-admin user outside of the Guest Shell. The attacker must...

CVE-2019-1730 Cisco NX-OS Software Bash Bypass Guest Shell Vulnerability

A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to bypass the limited command set of the restricted Guest Shell and execute commands at the privilege level of a network-admin user outside of the Guest Shell. The attacker must...

CVE-2019-1730

Cisco NX-OS Software contains a Bash bypass vulnerability (CVE-2019-1730) where the Bash shell invocation in the restricted Guest Shell can be exploited by an authenticated, local attacker to run commands at the network-admin level outside the Guest Shell. The root cause is the incorrect implemen...

Cisco NX-OS Software Bash Bypass Guest Shell Vulnerability

A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to bypass the limited command set of the restricted Guest Shell and execute commands at the privilege level of a network-admin user outside of the Guest Shell. The attacker must...

WordPress < 3.4.2 Multiple Vulnerabilities

Binary data 9099.prm...

[AFF v0.1] Anonymous FTP Finder

Anonymous FTP Scanner AFF is a Security tool for penetration testers, network admins etc. The tool is written in Python with wxPython as GUI and compiled with Py2exe. AFF can scan large networks for Anonymous FTP Servers and regular FTP:s. Example of Anonymous FTP Server is network equipment, Mul...