CVE-2017-7564

In ARM Trusted Firmware through 1.3, the secure self-hosted invasive debug interface allows normal world attackers to cause a denial of service secure world panic via vectors involving debug exceptions and debug registers...

Authentication flaw

In ARM Trusted Firmware through 1.3, the secure self-hosted invasive debug interface allows normal world attackers to cause a denial of service secure world panic via vectors involving debug exceptions and debug registers...

CVE-2017-7564

Technical details about CVE-2017-7564 are not publicly provided in the supplied connected documents; the available information only restates a denial-of-service risk in ARM Trusted Firmware up to version 1.3. Monitor for updates.

CVE-2017-7564

In ARM Trusted Firmware through 1.3, the secure self-hosted invasive debug interface allows normal world attackers to cause a denial of service secure world panic via vectors involving debug exceptions and debug registers...

PT-2017-17802

Name of the Vulnerable Software and Affected Versions ARM Trusted Firmware versions prior to 1.4 Description The issue allows attackers in the normal world to cause a denial of service, specifically a secure world panic, by exploiting vectors related to debug exceptions and debug registers in the...

Frequently Asked Questions During NetScaler MAS Troubleshooting

Citrix ADM, formerly NetScaler MAS The following section lists some of the frequently asked questions during diagnosis and troubleshooting of NetScaler MAS issues: How to verify the NetScaler MAS build version using CLI and support file? How does MAS fetch all the dashboard related data from...

Automattic: SSRF and local file disclosure in https://wordpress.com/media/videos/ via FFmpeg HLS processing

Summary FFmpeg is a video encoding software that appears to be used by wordpress.com for video processing for paid accounts. FFmpeg is known to process HLS playlists that may contain references to external files. I was able to fire this feature using GAB2 subtitle chunks inside an AVI file. After...

CVE-2017-8840

Debug information disclosure exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2380hw6580hw2710hw31350hw22500-7.0.1-build2093. A direct request to cgi-bin/HASync/hasync.cgi?debug=1 shows Master LAN Address, Serial Number, HA Group ID, Virtual IP, a...

Information disclosure

Debug information disclosure exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2380hw6580hw2710hw31350hw22500-7.0.1-build2093. A direct request to cgi-bin/HASync/hasync.cgi?debug=1 shows Master LAN Address, Serial Number, HA Group ID, Virtual IP, a...

CVE-2017-8840

Debug information disclosure exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2380hw6580hw2710hw31350hw22500-7.0.1-build2093. A direct request to cgi-bin/HASync/hasync.cgi?debug=1 shows Master LAN Address, Serial Number, HA Group ID, Virtual IP, a...

CVE-2017-8840

Debug information disclosure exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2380hw6580hw2710hw31350hw22500-7.0.1-build2093. A direct request to cgi-bin/HASync/hasync.cgi?debug=1 shows Master LAN Address, Serial Number, HA Group ID, Virtual IP, a...

Exploit for Code Injection in Samba

Basic Setup Install Samba version 4.5.9 https://download...

Exploit for Code Injection in Samba

Basic Setup Install Samba version 4.5.9 https://download...

CVE-2017-9138

There is a debug-interface vulnerability on some Tenda routers FH1202/F1202/F1200: versions before 1.2.0.20. After connecting locally to a router in a wired or wireless manner, one can bypass intended access restrictions by sending shell commands directly and reading their results, or by entering...

Design/Logic Flaw

There is a debug-interface vulnerability on some Tenda routers FH1202/F1202/F1200: versions before 1.2.0.20. After connecting locally to a router in a wired or wireless manner, one can bypass intended access restrictions by sending shell commands directly and reading their results, or by entering...

CVE-2017-9138

There is a debug-interface vulnerability on some Tenda routers FH1202/F1202/F1200: versions before 1.2.0.20. After connecting locally to a router in a wired or wireless manner, one can bypass intended access restrictions by sending shell commands directly and reading their results, or by entering...

CVE-2017-9138

CVE-2017-9138 affects Tenda FH1202/F1202/F1200 routers with firmware older than 1.2.0.20. A debug-interface vulnerability permits local attacker access to run shell commands and read results, or to execute commands that alter the router’s username/password, bypassing access restrictions. This imp...

Session fixation

Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data keystrokes to any process. In mictray64.exe mic tray icon 1.0.0.46, a LowLevelKeyboardProc Windows hook is used to capture keystrokes. This data is leaked via unintended channels: deb...

HPSBGN03558 rev.9 - Conexant HD Audio Driver Local Debug Log

Potential Security Impact Potential, local loss of confidentiality VULNERABILITY SUMMARY A potential security vulnerability caused by a local debugging capability that was not disabled prior to product launch has been identified with certain versions of Conexant HD Audio Drivers on HP products. H...

CVE-2017-8398

dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash...