CVE-2019-11809

An issue was discovered in Joomla! before 3.9.6. The debug views of comusers do not properly escape user supplied data, which leads to a potential XSS attack vector...

Cross site scripting

An issue was discovered in Joomla! before 3.9.6. The debug views of comusers do not properly escape user supplied data, which leads to a potential XSS attack vector...

CVE-2019-11809

An issue was discovered in Joomla! before 3.9.6. The debug views of comusers do not properly escape user supplied data, which leads to a potential XSS attack vector...

Denial Of Service (DoS)

Binary File Descriptor BFD library distributed in GNU Binutils is vulnerable to denial of serviceDoS attacks. An attacker could cause a crash by providing an ELF file with corrupted DWARF debug information...

Denial Of Service (DoS)

Binutils is vulnerable to denial of service DoS attacks. The vulnerability exists in the parsedie function in dwarf1.c in the Binary File Descriptor BFD library. A remote attacker could cause an application crash via an ELF file with corrupt dwarf1 debug information impacting availability of the...

How to enable debug logging for Citrix WEM Cloud Authentication Service and Citrix WEM Cloud Messaging Service on Cloud Connectors

The Workspace Environment Management WEM service is a Citrix Workspace product. Similar to on-premise WEM, the WEM Service Agent needs to connect to the WEM service Broker. In order to do so, the WEM Service Agent must first request the WEM service Broker's URL and a service key from a Citrix Clo...

Schneider Electric Quantum Ethernet Module Multiple Versions Hardcoded Passwords

Binary data 720009.prm...

Emerson Multiple RTUs Debug Service RCE

Binary data 720173.prm...

Improper Input Validation

The sudo superuser do utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled time stamp files. An attacker able to run code as a local user and with the ability to control the system clock could possibly gain...

Privilege Escalation

OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances, managing networks, an...

[20190501] - Core - XSS in com_users ACL debug views

The debug views of comusers do not properly escape user supplied data, which leads to a potential XSS attack vector...

Multiple VPN applications insecurely store session cookies

The Missing Encryption Of Sensitive Data vulnerability in FortiClient may allow an attacker to access VPN session cookie from an endpoint device running FortiClient. The attacker can steal the cookies only if endpoint device has been compromised in such a way that the attacker has access to...

Mail.ru: Cross-site Scripting (XSS) - Stored in ru.mail.mailapp

A leftover debug code for XSS protection was causing "alert1" execution in the case of XSS vector XSS vector itself was not executed...

Windows Exploitation Tricks: Abusing the User-Mode Debugger

Posted by James Forshaw, Google Project Zero I've recently been adding native user-mode debugger support to NtObjectManager. Whenever I add new functionality I have to do some research and reverse engineering to better understand how it works. In this case I wondered what access you need to debug...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3932-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3932-1 advisory. It was discovered that a race condition existed in the f2fs file system implementation in the Linux kernel. A local attacker could use this to cause a...

openSUSE Security Update : openwsman (openSUSE-2019-1111)

This update for openwsman fixes the following issues : Security issues fixed : - CVE-2019-3816: Fixed a vulnerability in openwsmand deamon which could lead to arbitary file disclosure bsc1122623. - CVE-2019-3833: Fixed a vulnerability in processconnection which could allow an attacker to trigger ...

openSUSE: Security Advisory for openwsman (openSUSE-SU-2019:1111-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

WebKit JavaScriptCore - CodeBlock Dangling Watchpoints Use-After-Free

/ While fuzzing JavaScriptCore, I encountered the following simplified and commented JavaScript program which crashes jsc from current HEAD and release: / function v9 // Some watchpoint on the LexicalEnvironment is triggered here // during the 2nd invocation which jettisons the CodeBlock for v9. ...

USN-3932-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3932-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a race condition existed in the f2fs file system implementation...

USN-3932-1: Linux kernel vulnerabilities

It was discovered that a race condition existed in the f2fs file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service. CVE-2017-18249 Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadat...