CVE-2017-8398

dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash...

ALPINE-CVE-2017-8372

The madlayerIII function in layer3.c in Underbit MAD libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a denial of service assertion failure and application exit via a crafted audio file...

PT-2017-18298 · Underbit Technologies +1 · Libmad +1

Name of the Vulnerable Software and Affected Versions: libmad version 0.15.1b Description: The issue allows remote attackers to cause a denial of service, resulting in an assertion failure and application exit, via a crafted audio file. This is related to the mad layer III function in layer3.c,...

How to Enable DEBUG Log Level for Syslog Events on the NetScaler

This article describes how to enable DEBUG log level for syslog events on NetScaler. Enabling DEBUG level for syslog events will allow you to capture detailed information that is not recorded by default in ns.log file. Note : The DEBUG level should be disabled upon finishing the troubleshooting...

Solarwinds LEM 6.3.1 Management Shell Arbitrary File Read Vulnerability

The management shell on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1 allows the end user to edit the MOTD banner displayed during SSH logon. The editor provided for this is nano. This editor has a keyboard mapped function which lets the user import a file from the local file...

Fedora 25 : php-pear-CAS (2017-2a90185a04)

Changes in version 1.3.5 - Security Fixes : - Fix possible authentication bypass in validateCAS20 228 Gregory Boddin - Bug Fixes : - Fix file permissions non-executable 177 Remi Collet - Fixed translations Greek and Japanese 192 ikari7789 - Fix errors under phpdbg 204 MasonM - Fix logout...

Fedora 24 : php-pear-CAS (2017-d9d620366e)

Changes in version 1.3.5 - Security Fixes : - Fix possible authentication bypass in validateCAS20 228 Gregory Boddin - Bug Fixes : - Fix file permissions non-executable 177 Remi Collet - Fixed translations Greek and Japanese 192 ikari7789 - Fix errors under phpdbg 204 MasonM - Fix logout...

Reproducing Go binaries byte-by-byte

Fully reproducible builds are important because they bridge the gap between auditable open source and convenient binary artifacts. Technologies like TUF and Binary Transparency provide accountability for what binaries are shipped to users, but that's of limited utility if there is no way short of...

Homebrew: [https://jenkins.brew.sh] Jenkins in Debug Mode with Stack Traces Enabled

The consultant identified that the affected host is running an instance of Jenkins in debug mode, as a result stack traces are enabled. The affected URL below displays a full strack trace from Jenkins: Affected URL: - https://jenkins.brew.sh/adjuncts/3a890183/ Recommendation Disable stack traces...

NSA Eternalblue SMB vulnerability analysis-vulnerability warning-the black bar safety net

Environment TROJAN: Eternalblue-2.2.0.exe TARGET: win7 sp1 32bits srv.sys 6.1.7601.17514 srvnet.sys 6.1.7601.17514 PATCH: MS17-010 The vulnerability principle srv. sys in the processing SrvOs2FeaListSizeToNt when logic is incorrect resulting in cross-border copy. We first look at the vulnerabilit...

Phpcms v9 vulnerability analysis-vulnerability warning-the black bar safety net

Recent study the source code and audit-related knowledge, will be grabbed before open source CMS vulnerability research, yesterday accidentally saw this PHPCMS vulnerability, you are ready to Analysis a lot, originally wanted to directly from the source code static analysis, but found itself on t...

Adobe Multiple Products - XML Injection File Content Disclosure Exploit

Exploit for multiple platform in category web applications !/bin/bash Source: https://raw.githubusercontent.com/tsluyter/exploits/master/adobexmlinject.sh Exploit Title: Adobe XML Injection file content disclosure Date: 07-04-2017 Exploit Author: Thomas Sluyter Website: https://www.kilala.nl Vend...

UBUNTU-CVE-2016-5041

dwarfmacro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service NULL pointer dereference via a debugging information entry using DWARF5 and without a DWATname...

Cisco UCS Manager Debug Plug-in Privilege Escalation Vulnerability (cisco-sa-20170405-ucs)

A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System UCS Manager could allow an authenticated, local attacker to execute arbitrary commands. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...

CVE-2017-6598

A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System UCS Manager, Cisco Firepower 4100 Series Next-Generation Firewall NGFW, and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to execute arbitrary commands, aka Privilege...

CVE-2017-6598

CVE-2017-6598 affects Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance. A vulnerability in the debug plug-in functionality allows an authenticated, local attacker to execute arbitrary commands with elevated privileges. The root cause is inadequate i...

CVE-2017-6598

A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System UCS Manager, Cisco Firepower 4100 Series Next-Generation Firewall NGFW, and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to execute arbitrary commands, aka Privilege...

Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance Debug Plug-in Privilege Escalation Vulnerability

A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System UCS Manager, Cisco Firepower 4100 Series Next-Generation Firewall NGFW, and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to execute arbitrary commands. The vulnerabilit...

shopify-scripts: Null pointer dereference in OP_ENTER

PoC === The following demonstrates a crash: class A def foo end end class B argv = ary-ptr; gdb p ary $1 = struct RArray 0x0 Test platform ============= Linux Mint 17.3 Cinnamon 64-bit, built with gcc version 4.8.4 Ubuntu 4.8.4-2ubuntu114.04.3 mruby SHA: a14a930c800aa50a191922580d53a2ce09287912...

Intel® NUC and Intel® Compute Stick DCI Disable

Summary: Intel® NUC and Intel® Compute Stick systems based on 6th Gen Intel® Core™ processors do not have DCI debug capability properly locked for BIOS only access. This would allow an attacker with physical possession of the system to potentially enable DCI from outside the BIOS. Description:...