CVE-2018-5167

The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both will display "chrome:" links as active, clickable hyperlinks in their output. Web sites should not be able to directly link to internal chrome pages. Additionally, the JavaScript debugger will display...

KLA11246 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR

Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, gain privileges, execute arbitrary code, perform XSS attacks and bypass security restrictions. Below is a complete list ...

Apple macOS 10.13.2 - Double mach_port_deallocate in kextd due to Failure to Comply with MIG Ownership Rules

Here's a kextd method exposed via MIG com.apple.KernelExtensionServer kernreturnt kextmanagerunlockkextload machportt server, machportt client kernreturnt migresult = KERNFAILURE; if gClientUID != 0 OSKextLog/ kext / NULL, kOSKextLogErrorLevel | kOSKextLogIPCFlag, "Non-root kextutil doesn't need ...

Apple macOS 10.13.2 - Double mach_port_deallocate in kextd due to Failure to Comply with MIG Ownership Rules

Apple macOS 10.13.2 - Double machportdeallocate in kextd due to Failure to Comply with MIG Ownership Rules Here's a kextd method exposed via MIG com.apple.KernelExtensionServer kernreturnt kextmanagerunlockkextload machportt server, machportt client kernreturnt migresult = KERNFAILURE; if...

DEBIAN-CVE-2014-1846

Enlightenment before 0.17.6 might allow local users to gain privileges via vectors involving the gdb method...

Router vulnerability reproduce the analysis of the second bomb: CNVD-2018-01084-vulnerability warning-the black bar safety net

Vulnerability information: D-Link DIR 615/645/815 router 1. 03 and previous firmware version is the presence of a remote command execution vulnerability. The vulnerability is due to service. the cgi in the splicing of the HTTP POST request data, causing background commands splicing, leading to...

CVE-2018-10230

Zend Debugger in Zend Server before 9.1.3 has XSS, aka ZSR-2455...

Design/Logic Flaw

Zend Debugger in Zend Server before 9.1.3 has XSS, aka ZSR-2455...

CVE-2018-10230

Zend Debugger in Zend Server before 9.1.3 has XSS, aka ZSR-2455...

[SECURITY] [DSA 4093-1] openocd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4093-1 [email protected] https://www.debian.org/security/ January 21, 2018 https://www.debian.org/security/faq - -------------------------------------------------------------------------...

[SECURITY] [DSA 4093-1] openocd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4093-1 [email protected] https://www.debian.org/security/ January 21, 2018 https://www.debian.org/security/faq - -------------------------------------------------------------------------...

Debian: Security Advisory (DSA-4093-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2018-5704

Open On-Chip Debugger OpenOCD 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site...

CVE-2018-5704

Open On-Chip Debugger OpenOCD 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site...

PT-2018-17099 · Open On Chip Debugger +1 · Openocd +1

Name of the Vulnerable Software and Affected Versions: Open On-Chip Debugger OpenOCD version 0.10.0 Description: The issue allows remote attackers to conduct cross-protocol scripting attacks and execute arbitrary commands via a crafted web site, by not blocking attempts to use HTTP POST for sendi...

ALPINE-CVE-2018-5336

In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth...

DEBIAN-CVE-2017-18026

Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands through the Mercurial adapter via vectors involving a branch whose name begins with a --config...

UBUNTU-CVE-2017-18026

Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands through the Mercurial adapter via vectors involving a branch whose name begins with a --config...

Updated python-werkzeug packages fix security vulnerability

Cross-site scripting XSS vulnerability in the renderfull function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message CVE-2016-10516...

Perspective ICM Investigation & Case 5.1.1.16 - Privilege Escalation

Exploit Title: Privilege Escalation - Perspective ICM Investigation & Case - 5.1.1.16 Date Reported to vendor: Jun 28, 2017 Date Accepted by vendor: Jun 11, 2017 Exploit Author: [email protected] Vendor Homepage: www.resolver.com Version: Perspective ICM Investigation & Case -...