<< Previous Next >>
command/line
http://www.kvirc.net/?lang=en
description:
"KVIrc is a Multilanguage, graphical IRC-Client for Windows, Linux, Unix and Mac
OS.[..]"
A command line parsing vulnerability exists (or I should say persists...:
http://secunia.com/advisories/25740, fixed or not?) which can be exploited by
passing the '"' char followed by command line switches to 'irc:///', 'irc6:///',
'ircs:///' and 'ircs6:///' urls, ex. this shows the argument list:
irc:///"%20--help%20"
The most interesting one is the -e switch followed by 'run' command, this runs
SQL injection digger is a command line program that looks for SQL
injections and common errors in websites. This version now can
perform the following operations.
* Look for SQL injections and common errors in website urls found
by performing a google search.
* Look for SQL injections and common erros in a given url or a file
with urls.
* Look for SQL injections and common errors in links from a web page.
* Crawl a website/webpage and do the above.
system can be determined by navigating to "Show > Software" via the
administration interface.
For Unified Communications Manager version 5.0, the software version can
also be determined by running the command "show version active" in the
Command Line Interface (CLI).
For CallManager and Unified Communications Manager version 3.x and 4.x
systems, the software version can be determined by navigating to
"Help > About Cisco Unified CallManager" and selecting the "Details"
button via the administration interface.
* Cisco Network Registrar
All Cisco Network Registrar versions are affected, and DNS services
are enabled by default.
The DNS server on CNR is enabled via the command-line interface
(CLI) commands "server dns enable start-on-reboot" or "dns enable
start-on-reboot" or via the web management interface in the Servers
page by selecting the appropriate "Start," "Stop," or "Reload"
button.
> Quick calculator session :
> 2^(-18) = 0.000003814697265625
> 2^(-14) = 0.00006103515625
>
> So there is a vanishingly small probability that a Bad Guy may
> discover less than 2 characters from my command-line, every time they
> try this attack. And each time they fail, my connection gets rudely
> chopped. Two characters won't help them much. They'd need to succeed
> about ten times per typed command-line to snoop on most of my
> sessions. This weakness is surely of no conceivable use to a Bad Guy
> ?
References: http://www.devtarget.org/mcafee-advisory-08-2007.txt
III - OVERVIEW
McAfee Virus Scan for Linux and Unix is a command-line version of the
popular McAfee anti-virus scanner running on the Linux operating system
as well as on other Unices (e.g. AIX, Solaris, HP-UX etc.). It was
discovered that the product is prone to a classic buffer overflow
vulnerability when attempting to scan files or directories with a
particularly long name. This vulnerability results in the local
How To Determine The Running Software Version
+--------------------------------------------
To determine whether a vulnerable version of Cisco ASA Software is
running on an appliance, administrators can issue the "show version"
command-line interface (CLI) command. The following example shows a
Cisco ASA 5500 Series Adaptive Security Appliance that is running
software version 8.0(4):
ASA#show version
Cisco Adaptive Security Appliance Software Version 8.0(4)
After almost a year of intensive development and internal use, we are
pleased to announce the public release of Immunity Debugger v1.0.
When we started developing Immunity Debugger our main objective was to
combine the best of the commandline based and GUI based debugger worlds.
The commandline because most of us come from a UNIX background, and it
just ends up being more efficient than clicking your way around. The GUI
because we understand that we are visual beings that often can
grasp more from a single look at a graphical layout than from two days
of x/x-ing memory pages.
> Quick calculator session :
> 2^(-18) = 0.000003814697265625
> 2^(-14) = 0.00006103515625
>
> So there is a vanishingly small probability that a Bad Guy may
> discover less than 2 characters from my command-line, every time they
> try this attack. And each time they fail, my connection gets rudely
> chopped. Two characters won't help them much. They'd need to succeed
> about ten times per typed command-line to snoop on most of my
> sessions. This weakness is surely of no conceivable use to a Bad Guy
Windows NT Domain authentication may be vulnerable. Devices that are
using any other type of external authentication (that is, LDAP, RADIUS,
TACACS+, SDI, or local database) are not affected by this vulnerability.
The following example demonstrates how Windows NT domain authentication
is configured using the command line interface (CLI) on the Cisco ASA:
aaa-server NTAuth protocol nt
aaa-server NTAuth (inside) host 10.1.1.4
nt-auth-domain-controller primary1
Devices that are running a vulnerable version of Cisco IOS software
and configured for Cisco IOS firewall AIC for HTTP are affected.
To determine the software running on a Cisco IOS product, log in to
the device and issue the show version command-line interface (CLI)
command to display the system banner. Cisco IOS software will
identify itself as "Internetwork Operating System Software" or simply
"IOS." On the next line of output, the image name will be displayed
between parentheses, followed by "Version" and the Cisco IOS release
name. Other Cisco devices will not have the show version command, or
This update alters table creation behaviour by disallowing the use of the
MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY options. This
issue only affected Ubuntu 8.10. (CVE-2008-4098)
It was discovered that MySQL contained a cross-site scripting vulnerability
in the command-line client when the --html option is enabled. An attacker
could place arbitrary web script or html in a database cell, which would
then get placed in the html document output by the command-line tool. This
issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 8.10 and 9.04.
(CVE-2008-4456)
operation, and multiplexing.
When TCP connections are terminated in Cisco IOS Software, they are
allocated a transmission control block (TCB). All allocated TCBs,
associated TCP port numbers, and the TCP state are displayed in the
output of the "show tcp brief all" command-line interface (CLI) command.
Cisco IOS Software version 15.1(2)T contains a vulnerability that could
cause an embryonic TCP connection to remain in SYNRCVD or SYNSENT
state without a further TCP state transition. Examining the output of
the "show tcp brief all" command multiple times will indicate if TCP
Quick calculator session :
2^(-18) = 0.000003814697265625
2^(-14) = 0.00006103515625
So there is a vanishingly small probability that a Bad Guy may
discover less than 2 characters from my command-line, every time they
try this attack. And each time they fail, my connection gets rudely
chopped. Two characters won't help them much. They'd need to succeed
about ten times per typed command-line to snoop on most of my
sessions. This weakness is surely of no conceivable use to a Bad Guy
?
+------------------
This vulnerability affects Cisco MXE 5600 units that are running
Cisco Media Processing Software releases prior to 1.2. To determine
the software release that is running on a Cisco MXE unit, log in to
the device and issue the show version command-line interface (CLI)
command to display the system banner. The following example shows a
Cisco MXE 5600 device running software version 1.2.0-34.
mxe# show version
------------------------------------------------------------
also, look at quote() inside ./include/command.php:
..
// {{{ quote
//
// Quote a string to send to the command line
function quote($str) {
global $config;
if ($config->serverIsWindows) {
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /usr/bin/php -r '$nx=new Tidy("*");$nx->diagnose();'
[Thread debugging using libthread_db enabled]
PHP Warning: tidy::__construct(): Cannot Load '*' into memory in Command line code on line 1
Program received signal SIGSEGV, Segmentation fault.
0x00007fffedfaff87 in prvTidyReportMarkupVersion ()
from /usr/lib/libtidy-0.99.so.0
-PoC---
refer to the following link:
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/mpc.html
To determine whether you are running a vulnerable version of Cisco PIX
or ASA software, issue the show version command-line interface (CLI)
command. The following example shows a Cisco ASA Security Appliance that
runs software release 7.2(3):
ASA#show version
software-only versions of the product.
The following methods can be used to determine which version of the
Cisco Secure ACS is installed:
* From the Cisco Secure ACS command-line interface (CLI), issue the
"show version" command, as shown in the following example:
acs51a/admin# show version
Cisco Application Deployment Engine OS Release: 1.2
Symantec has reviewed the issue that was reported with smc.exe crashing from the command line. We have confirmed that an improperly formatted command line can cause the user mode process to crash. However, the privileged service process is unaffected. The client machine maintained full protection. Symantec will supply an update to prevent the command line tool from crashing in a future release.
Synopsis
========
gif2png contains a stack overflow vulnerability when parsing command
line arguments.
Background
==========
gif2png is a command line program that converts image files from the
By default, Telnet is configured on the Management port. Telnet
services can be disabled to mitigate this vulnerability.
Administrators can disable Telnet by using the administration
graphical user interface (GUI) or by using the "interfaceconfig"
command in the command-line interface (CLI). As a security best
practice, customers should use Secure Shell (SSH) instead of Telnet.
Complete the following steps to disable Telnet via the GUI:
Step 1: Navigate to Network > IP Interfaces > interface_name.
1. Stop the Operations Manager for Windows console and its additional binaries, such as node editor.
2. From a command prompt, backup %OvInstallDir%\bin\srcvw4.dll
3. From a command prompt, copy OMW60_srcvw4.dll into %OvInstallDir%\bin\srcvw4.dll
4. Verify that %OvInstallDir%\bin\srcvw4.dll is now v4.0.1.2
Note: Steps 2 and 3 above must be performed from the Windows command line, not from Windows Explorer.
For Operations Manager for Windows v7.5
Verify the version of srcvw32.dll currently installed
After almost a year of intensive development and internal use, we are
pleased to announce the public release of Immunity Debugger v1.0.
When we started developing Immunity Debugger our main objective was to
combine the best of the commandline based and GUI based debugger worlds.
The commandline because most of us come from a UNIX background, and it
just ends up being more efficient than clicking your way around. The GUI
because we understand that we are visual beings that often can
grasp more from a single look at a graphical layout than from two days
of x/x-ing memory pages.
This vulnerability affects the Cisco AVS 3110, 3120, 3180, and 3180A
Management Station appliances that are running software versions prior
to AVS 5.1.0. Administrators can determine the software version of the
AVS appliances by logging in to the Management Station web-based user
interface or from the command-line interface (CLI) of the appliance
operating system.
Customers who use the AVS 3180 or 3180A Management Station can determine
their node software versions by navigating to the Cluster Information
Page. Each registered node will display the corresponding software
Tandberg.com, and is no longer available for download. The deferral
notice can be found at the following link: Software Deferral Notice
Administrators can determine the version of software running on their
device by logging in to the command-line interface (CLI) as the admin
user and issuing the xstatus systemunit command and finding the
SystemUnit Software Version field.
Example:
Hi @ll,
since Windows Vista resp. Windows Server 2003 Service Pack 2, the
command line tool to modify/set file/directory permissions is
ICACLS.EXE [0][1][2][3][4].
Main advantage over the previous command line tools CACLS.EXE [5],
XCACLS.EXE [6] and XCACLS.VBS [7] is the ability to specify
inheritance and to process/propagate inheritable permissions.
-------
Template Security has discovered a root privilege escalation
vulnerability in the BlueCat Networks Adonis DNS/DHCP appliance
which allows the admin user to gain root privilege from the
Command Line Interface (CLI).
Software Version
----------------
Adonis version 5.0.2.8 was tested.
- The server validates the user before asking for a password, thus we
can keep trying usernames until we get a password prompt.
- A Proof of Concept has been created:
--- command line output begin ---
[waKKu@localhost: codes] # ./totvs_users_enumerator.py -h
usage: totvs_users_enumerator.py [options] [filename]
-h for help
options:
The main windows of the AClient GUI has a hidden button that
can be seen using a resource viewer such as MS Spy++. The
button has a caption of "command prompt".
Clicking this button causes the GUI to attempt to call
CreateProcess() with the following CommandLine parameter.
"c:\Program Files\Altiris\AClient\cmd.exe"
The AClient GUI also has a ListView control which can be
which can be used to overwrite process memory. Using the
ListView, it is possible to overwrite a static pointer
<<Previous Next>>
|
