openstack-ironic-discoverd: potential remote code execution with debug mode enabled

It was discovered that enabling debug mode in openstack-ironic-discoverd also enabled debug mode in the underlying Flask framework. If errors were encountered while Flask was in debug mode, a user experiencing an error might be able to access the debug console effectively, a command shell...

Werkzeug Debug Shell Command Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex' class Metasploit4 'Werkzeug Debug Shell Command Execution', 'Description' = %q This module will exploit the Werkzeug debug console to put...

Design/Logic Flaw

The debug console interface on Cisco Small Business SPA300 and SPA500 phones does not properly perform authentication, which allows local users to execute arbitrary debug-shell commands, or read or modify data in memory or a filesystem, via direct access to this interface, aka Bug ID CSCun77435...

CVE-2014-3312

The debug console interface on Cisco Small Business SPA300 and SPA500 phones does not properly perform authentication, which allows local users to execute arbitrary debug-shell commands, or read or modify data in memory or a filesystem, via direct access to this interface, aka Bug ID CSCun77435...

CVE-2014-3312

Cisco Small Business SPA300 and SPA500 Series IP Phones are affected by CVE-2014-3312 due to an insufficiently authenticated debug console interface. The vulnerability allows a local attacker to execute arbitrary commands on the debug shell and read/modify data in memory or on the filesystem via ...

PR10-17 Various XSS and information disclosure flaws within KeyFax response management system

PR10-17: Various XSS and information disclosure flaws within KeyFax response management system http://www.omfax.co.uk Vulnerability found: 25th August 2010 Vendor informed: Vulnerability fixed: Severity: Medium/High Description: KeyFax response management system provides professional management o...

FiWin SS28S Wi-Fi phones backdoor account

Phone has debug console with telnet access and hardcoded account 1 with password 1...

[SA22041] Fi Win WiFi Phone SS28S Debug Console Security Issue

---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available:...