Lucene search
K

100 matches found

Patchstack
Patchstack
added 2024/05/07 11:5 a.m.4 views

WordPress Debug Info plugin <= 1.3.10 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jakick Patchstack Alliance in WordPress Plugin Debug Info versions = 1.3.10...

5.9CVSS6.1AI score0.00274EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/05/07 12:0 a.m.10 views

WordPress Debug Info Plugin <= 1.3.10 is vulnerable to Cross Site Scripting (XSS)

Software Debug Info Type Plugin Vulnerable versions = 1.3.10 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34565 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 266a802a12bf Credits Jakick Required privilege Administrator...

5.9CVSS6.6AI score0.00274EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/04/03 12:0 a.m.4 views

Netgear R6850 安全漏洞

The NETGEAR Netgear R6850 is a wireless router from NETGEAR. A security vulnerability exists in Netgear R6850 version v1.1.0.88, which originates from an information disclosure vulnerability in debuginfo.htm. The vulnerability can be exploited by an attacker to obtain sensitive information...

5.3CVSS6AI score0.01231EPSS
Exploits1References3
OSV
OSV
added 2023/05/11 9:15 p.m.17 views

CVE-2023-29791

kodbox = 1.37 is vulnerable to Cross Site Scripting XSS via the debug information...

6.1CVSS6.2AI score0.00353EPSS
Exploits0References1
CVE
CVE
added 2023/05/11 12:0 a.m.49 views

CVE-2023-29791

CVE-2023-29791 affects kodbox versions 1.37 and earlier, with a Cross‑Site Scripting (XSS) flaw exposed via debug information. The vulnerability allows crafted debug output to be reflected in the UI, enabling user‑in‑context script execution. The advisory entries consistently identify the vulnera...

6.1CVSS5.9AI score0.00353EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/04/24 6:31 p.m.26 views

CVE-2023-1623 Custom Post Type UI < 1.13.5 - Debug Info Sending via CSRF

The Custom Post Type UI WordPress plugin before 1.13.5 does not properly check for CSRF when sending the debug information to a user supplied email, which could allow attackers to make a logged in admin send such information to an arbitrary email address via a CSRF attack...

6.5AI score0.00352EPSS
Exploits1References1
Prion
Prion
added 2022/12/13 4:15 p.m.23 views

Information disclosure

Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an authenticated attacker to decrypt the contents of the file and retrieve debug information about the system...

4CVSS6.2AI score0.00233EPSS
Exploits0References1Affected Software6
OSV
OSV
added 2022/08/25 2:15 p.m.4 views

CVE-2022-37074

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function switchdebuginfoset...

7.8CVSS5.8AI score0.00529EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/08/25 12:0 a.m.5 views

H3C GR-1200W 缓冲区错误漏洞

The H3C GR-1200W is a Gigabit enterprise wireless router from China's Xinhua San H3C. A security vulnerability exists in the H3C GR-1200W MiniGRW1A0V100R006 version that stems from a stack overflow in the switchdebuginfoset method...

7.8CVSS5.6AI score0.00529EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/08/25 12:0 a.m.6 views

PT-2022-23788 · H3C · H3C Gr-1200W

Name of the Vulnerable Software and Affected Versions: H3C GR-1200W MiniGRW1A0V100R006 Description: A stack overflow issue was discovered via the function switch debug info set. Recommendations: For H3C GR-1200W MiniGRW1A0V100R006, consider disabling the switch debug info set function as a...

7.8CVSS7.8AI score0.00529EPSS
Exploits1References2
Huntr
Huntr
added 2022/08/16 7:28 a.m.25 views

NULL Pointer Dereference in function generate_loadvar

Description NULL Pointer Dereference in function generateloadvar at vim9compile.c:1165 allows attackers to cause a denial of service application crash via a crafted input. vim version git log commit e1f3fd1d02e3f5fe6d2b6d82687c6846b8e500f8 HEAD - master, origin/master, origin/HEAD Author: Bram...

1.9CVSS0.6AI score0.00454EPSS
Exploits1
NVD
NVD
added 2021/12/13 8:15 p.m.21 views

CVE-2021-43814

Rizin is a UNIX-like reverse engineering framework and command-line toolset. In versions up to and including 0.3.1 there is a heap-based out of bounds write in parsedie when reversing an AMD64 ELF binary with DWARF debug info. When a malicious AMD64 ELF binary is opened by a victim user, Rizin ma...

7.8CVSS0.00846EPSS
Exploits0References3
OSV
OSV
added 2021/11/15 9:7 a.m.5 views

OPENSUSE-SU-2021:1475-1 Security update for binutils

This update for binutils fixes the following issues: Update to binutils 2.37: The GNU Binutils sources now requires a C99 compiler and library to build. Support for Realm Management Extension RME for AArch64 has been added. A new linker option '-z report-relative-reloc' for x86 ELF targets has be...

7.8CVSS7.1AI score0.03412EPSS
Exploits12References34
OSV
OSV
added 2021/11/04 11:29 a.m.10 views

OPENSUSE-SU-2021:3616-1 Security update for binutils

This update for binutils fixes the following issues: Update to binutils 2.37: The GNU Binutils sources now requires a C99 compiler and library to build. Support for Realm Management Extension RME for AArch64 has been added. A new linker option '-z report-relative-reloc' for x86 ELF targets has be...

6.3CVSS6.3AI score0.01287EPSS
Exploits10References28
Kitploit
Kitploit
added 2021/05/23 9:30 p.m.86 views

AMSITrigger - The Hunt For Malicious Strings

Hunting for Malicious Strings Usage: AMSI calls xmas tree mode -d, --debug Show Debug Info -m, --maxsiglength=VALUE Maximum signature Length to cater for, default=2048 -c, --chunksize=VALUE Chunk size to send to AMSIScanBuffer, default=4096 -h, -?, --help Show Help " -i, --inputfile=VALUE...

7.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/11/02 12:0 a.m.43 views

openSUSE Security Update : binutils (openSUSE-2020-1790)

This update for binutils fixes the following issues : binutils was updated to version 2.35. jscECO-2373 Update to binutils 2.35 : - The assembler can now produce DWARF-5 format line number tables. - Readelf now has a 'lint' mode to enable extra checks of the files it is processing. - Readelf will...

7.8CVSS6.6AI score0.02752EPSS
Exploits8References21
OSV
OSV
added 2020/09/17 4:15 p.m.4 views

CVE-2020-0392

In getLayerDebugInfo of SurfaceFlinger.cpp, there is a possible code execution due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10...

7.8CVSS6.2AI score0.00266EPSS
Exploits0References1
OSV
OSV
added 2020/08/03 4:15 p.m.3 views

UBUNTU-CVE-2020-16269

radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parsetypedef in typedwarf.c via a malformed DWATname in the .debuginfo section...

5.5CVSS5.8AI score0.00976EPSS
Exploits1References3
Hacker One
Hacker One
added 2019/07/02 6:34 a.m.16 views

shopify-scripts: Invalid read in `str_replace_partial`

PoC === The attached POC shows an invalid read. Debug info ========== The issue happens when memmove is called inside strreplacepartial. valgrind report: 0==27051== Invalid read of size 1 ==27051== at 0x483FA10: memmove vgreplacestrmem.c:1270 ==27051== by 0x135D60: strreplacepartial string.c:1193...

0.9AI score
Exploits0
Hacker One
Hacker One
added 2019/06/19 9:15 p.m.24 views

shopify-scripts: NULL pointer dereference in `mrb_check_frozen`

PoC === The following demonstrates a crash: 3735928559.removeinstancevariable '@a' Debug info ========== Valgrind suggests the crash happens due to an invalid read in mrbcheckfrozen: ==4882== Memcheck, a memory error detector ==4882== Copyright C 2002-2017, and GNU GPL'd, by Julian Seward et al...

0.4AI score
Exploits0
Rows per page
Query Builder