PT-2022-17318

Name of the Vulnerable Software and Affected Versions: ThinkPHP Framework version 5.0.24 Description: The ThinkPHP Framework was discovered to be configured without the PATHINFO parameter, allowing attackers to access all system environment parameters from index.php. It is noted that this issue i...

Huawei Emily-AL00A Authentication Bypass Vulnerability

The Huawei Emily-AL00A is a smartphone device from the Chinese company Huawei. A forensic bypass vulnerability exists in Huawei Emily-AL00A. An attacker induces a user to connect to a malicious device. With debugging mode enabled, malware on the device can exploit this vulnerability to bypass the...

New Ransomware Not Just Encrypts Your Android But Also Changes PIN Lock

DoubleLocker—as the name suggests, it locks device twice. Security researchers from Slovakia-based security software maker ESET have discovered a new Android ransomware that not just encrypts users’ data, but also locks them out of their devices by changing lock screen PIN. On top of that:...

389-ds: unauthenticated information disclosure

It was found that when replication was enabled for each attribute in Red Hat Directory Server / 389 Directory Server, which is the default configuration, the server returned replicated metadata when the directory was searched while debugging was enabled. A remote attacker could use this flaw to...

WinVNC Web Server <= 3.3.3r7 - GET Overflow

No description provided by source. $Id: winvnchttpget.rb 7724 2009-12-06 05:50:37Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of us...

DEBIAN-CVE-2010-4777

The Perlregnumberedbufffetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service assertion failure and application exit via crafted input that is not properly handled when using certain...

CVE-2010-1650

IBM WebSphere Application Server WAS 6.0.x before 6.0.2.41, 6.1.x before 6.1.0.31, and 7.0.x before 7.0.0.11, when the -trace option aka debugging mode is enabled, executes debugging statements that print string representations of unspecified objects, which allows attackers to obtain sensitive...

Design/Logic Flaw

IBM WebSphere Application Server WAS 6.0.x before 6.0.2.41, 6.1.x before 6.1.0.31, and 7.0.x before 7.0.0.11, when the -trace option aka debugging mode is enabled, executes debugging statements that print string representations of unspecified objects, which allows attackers to obtain sensitive...

CVE-2010-1650

IBM WebSphere Application Server WAS 6.0.x before 6.0.2.41, 6.1.x before 6.1.0.31, and 7.0.x before 7.0.0.11, when the -trace option aka debugging mode is enabled, executes debugging statements that print string representations of unspecified objects, which allows attackers to obtain sensitive...

IBM WebSphere Application Server 6.1 < 6.1.0.31 Multiple Vulnerabilities

IBM WebSphere Application Server 6.1 before Fix Pack 31 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities : - It is possible for Administrator role members to modify primary administrative id via the administrative console. PK88606 - An...

multi-gnome-terminal information leak

Keystrokes are logged to user's home in debugging mode...

Локальная дырка в OpenBSD

Ошибка в ядре системы позволяет "уронить" систему в режим отладки ядра, в котором можно проделывать любые действия...