CVE-2021-28161

In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected...

CVE-2021-28161

In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected...

Code injection

In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected...

CVE-2021-28161

In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected...

Eclipse Theia 跨站脚本漏洞

Eclipse Theia is the Eclipse Foundation's set of Visual Studio Code-based open source integrated development environment for desktop and Web applications framework. A cross-site scripting vulnerability exists in Eclipse Theia 1.8.0 and prior versions, which stems from the absence of HTML escaping...

Bitcoin Knots Has a Logic Flaw Vulnerability

A security vulnerability exists in Bitcoin Knots versions v0.11.0.ljr20150711 through v0.13.0.knots20160814, which stems from the program storing sensitive information containing private keys and wallet passwords in the debug console. An attacker can exploit the vulnerability to obtain sensitive...

MTN Group: Java Debug Console Provides Command Injection Without Privellage Esclation

Summary: I intially found the debug console as a tool to insert arbitrary html/xss bugs, however after further probing the debug console it has some serious security flaws to allow arbitrary java code to be executed. My intial report of a seperate bug using this console,...

Exploit for Use After Free in Google Android

CVE-2019-2215 Temproot for Pixel 2 and Pixel 2 XL via CVE-...

Juniper AppFormix Elevation of Privilege Vulnerability

Juniper AppFormix is a Juniper Networks optimization and management software platform for public, private and hybrid clouds. A security vulnerability exists in Juniper AppFormix version 2.7, version 2.11 prior to 2.11.3, and version 2.15 prior to 2.15.2. An attacker could exploit the vulnerabilit...

CVE-2018-0015

A malicious user with unrestricted access to the AppFormix application management platform may be able to access a Python debug console and execute system commands with root privilege. The AppFormix Agent exposes the debug console on a host where AppFormix Agent is executing. If the host is...

CVE-2018-0015

CVE-2018-0015 affects Juniper AppFormix: the AppFormix Agent exposes a Python debug console on the host where the agent runs, allowing a user with unrestricted access to execute commands with root privileges. Affected releases include all versions up to 2.7.3, and 2.11 before 2.11.3, and 2.15 bef...

CVE-2016-6521

Cross-site request forgery CSRF vulnerability in Grails console aka Grails Debug Console and Grails Web Console 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of users for requests that execute arbitrary Groovy code via unspecified vectors...

CVE-2016-6521

CVE-2016-6521: CSRF vulnerability in Grails console (Grails Debug Console / Grails Web Console) versions 2.0.7, 1.5.10 and earlier. It allows remote attackers to hijack user authentication for requests that execute arbitrary Groovy code via unspecified vectors. Affected products/versions are name...

Bitcoin Knots is vulnerable

Bitcoin is an e-currency, digital currency developed with open-source P2P software by the Bitcoin Foundation, and is an online virtual currency.Bitcoin Knots is one of the clients. A security vulnerability exists in Bitcoin Knots versions v0.11.0.ljr20150711 to v0.13.0.knots20160814, which stems...

CVE-2016-8889

In Bitcoin Knots v0.11.0.ljr20150711 through v0.13.0.knots20160814 fixed in v0.13.1.knots20161027, the debug console stores sensitive information including private keys and the wallet passphrase in its persistent command history...

Command injection

In Bitcoin Knots v0.11.0.ljr20150711 through v0.13.0.knots20160814 fixed in v0.13.1.knots20161027, the debug console stores sensitive information including private keys and the wallet passphrase in its persistent command history...

CVE-2016-8889

The CVE is for Bitcoin Knots, affecting versions v0.11.0.ljr20150711 through v0.13.0.knots20160814, with a fix in v0.13.1.knots20161027. The issue is that the debug console stores sensitive data (private keys and wallet passphrase) in its persistent command history, enabling potential exposure of...

openstack-ironic-discoverd: potential remote code execution with debug mode enabled

It was discovered that enabling debug mode in openstack-ironic-discoverd also enabled debug mode in the underlying Flask framework. If errors were encountered while Flask was in debug mode, a user experiencing an error might be able to access the debug console effectively, a command shell...

Werkzeug 调试模式 命令执行

No description provided by source. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex' class Metasploit4 'Werkzeug Debug Shell Command Execution', 'Description' = %q This module will exploi...

Werkzeug - Debug Shell Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex' class Metasploit4 'Werkzeug Debug Shell Command Execution', 'Description' = %q This module will exploit the Werkzeug debug console to put...