100 matches found
WordPress Debug Info plugin <= 1.3.10 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Jakick Patchstack Alliance in WordPress Plugin Debug Info versions = 1.3.10...
WordPress Debug Info Plugin <= 1.3.10 is vulnerable to Cross Site Scripting (XSS)
Software Debug Info Type Plugin Vulnerable versions = 1.3.10 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34565 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 266a802a12bf Credits Jakick Required privilege Administrator...
Netgear R6850 安全漏洞
The NETGEAR Netgear R6850 is a wireless router from NETGEAR. A security vulnerability exists in Netgear R6850 version v1.1.0.88, which originates from an information disclosure vulnerability in debuginfo.htm. The vulnerability can be exploited by an attacker to obtain sensitive information...
CVE-2023-29791
kodbox = 1.37 is vulnerable to Cross Site Scripting XSS via the debug information...
CVE-2023-29791
CVE-2023-29791 affects kodbox versions 1.37 and earlier, with a Cross‑Site Scripting (XSS) flaw exposed via debug information. The vulnerability allows crafted debug output to be reflected in the UI, enabling user‑in‑context script execution. The advisory entries consistently identify the vulnera...
CVE-2023-1623 Custom Post Type UI < 1.13.5 - Debug Info Sending via CSRF
The Custom Post Type UI WordPress plugin before 1.13.5 does not properly check for CSRF when sending the debug information to a user supplied email, which could allow attackers to make a logged in admin send such information to an arbitrary email address via a CSRF attack...
Information disclosure
Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an authenticated attacker to decrypt the contents of the file and retrieve debug information about the system...
CVE-2022-37074
H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function switchdebuginfoset...
H3C GR-1200W 缓冲区错误漏洞
The H3C GR-1200W is a Gigabit enterprise wireless router from China's Xinhua San H3C. A security vulnerability exists in the H3C GR-1200W MiniGRW1A0V100R006 version that stems from a stack overflow in the switchdebuginfoset method...
PT-2022-23788 · H3C · H3C Gr-1200W
Name of the Vulnerable Software and Affected Versions: H3C GR-1200W MiniGRW1A0V100R006 Description: A stack overflow issue was discovered via the function switch debug info set. Recommendations: For H3C GR-1200W MiniGRW1A0V100R006, consider disabling the switch debug info set function as a...
NULL Pointer Dereference in function generate_loadvar
Description NULL Pointer Dereference in function generateloadvar at vim9compile.c:1165 allows attackers to cause a denial of service application crash via a crafted input. vim version git log commit e1f3fd1d02e3f5fe6d2b6d82687c6846b8e500f8 HEAD - master, origin/master, origin/HEAD Author: Bram...
CVE-2021-43814
Rizin is a UNIX-like reverse engineering framework and command-line toolset. In versions up to and including 0.3.1 there is a heap-based out of bounds write in parsedie when reversing an AMD64 ELF binary with DWARF debug info. When a malicious AMD64 ELF binary is opened by a victim user, Rizin ma...
OPENSUSE-SU-2021:1475-1 Security update for binutils
This update for binutils fixes the following issues: Update to binutils 2.37: The GNU Binutils sources now requires a C99 compiler and library to build. Support for Realm Management Extension RME for AArch64 has been added. A new linker option '-z report-relative-reloc' for x86 ELF targets has be...
OPENSUSE-SU-2021:3616-1 Security update for binutils
This update for binutils fixes the following issues: Update to binutils 2.37: The GNU Binutils sources now requires a C99 compiler and library to build. Support for Realm Management Extension RME for AArch64 has been added. A new linker option '-z report-relative-reloc' for x86 ELF targets has be...
AMSITrigger - The Hunt For Malicious Strings
Hunting for Malicious Strings Usage: AMSI calls xmas tree mode -d, --debug Show Debug Info -m, --maxsiglength=VALUE Maximum signature Length to cater for, default=2048 -c, --chunksize=VALUE Chunk size to send to AMSIScanBuffer, default=4096 -h, -?, --help Show Help " -i, --inputfile=VALUE...
openSUSE Security Update : binutils (openSUSE-2020-1790)
This update for binutils fixes the following issues : binutils was updated to version 2.35. jscECO-2373 Update to binutils 2.35 : - The assembler can now produce DWARF-5 format line number tables. - Readelf now has a 'lint' mode to enable extra checks of the files it is processing. - Readelf will...
CVE-2020-0392
In getLayerDebugInfo of SurfaceFlinger.cpp, there is a possible code execution due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10...
UBUNTU-CVE-2020-16269
radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parsetypedef in typedwarf.c via a malformed DWATname in the .debuginfo section...
shopify-scripts: Invalid read in `str_replace_partial`
PoC === The attached POC shows an invalid read. Debug info ========== The issue happens when memmove is called inside strreplacepartial. valgrind report: 0==27051== Invalid read of size 1 ==27051== at 0x483FA10: memmove vgreplacestrmem.c:1270 ==27051== by 0x135D60: strreplacepartial string.c:1193...
shopify-scripts: NULL pointer dereference in `mrb_check_frozen`
PoC === The following demonstrates a crash: 3735928559.removeinstancevariable '@a' Debug info ========== Valgrind suggests the crash happens due to an invalid read in mrbcheckfrozen: ==4882== Memcheck, a memory error detector ==4882== Copyright C 2002-2017, and GNU GPL'd, by Julian Seward et al...