Mail.ru: mailer.i.bizml.ru viber service preprod information disclosure

DEBUG mode enabled on http://52.29.101.127:1060/ leading to DB login and passwd leaks...

DEBIAN-CVE-2020-5274

In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the ErrorHandler rendered it stacktrace. In addition, the stacktrace were displayed even in a non-debug configuration. The ErrorHandler now escape alls properties of the exception, and the...

PT-2020-18364 · Symfony · Symfony +1

Name of the Vulnerable Software and Affected Versions: Symfony versions prior to 4.4.5 and 5.0.5 symfony/http-foundation versions prior to 4.4.5 and 5.0.5 Description: The issue arises from the ErrorHandler rendering unescaped properties of the Exception class when displaying the stacktrace, whic...

CVE-2020-10826

/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode...

Command injection

/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode...

CVE-2020-10826

/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode...

PT-2020-12349 · Draytek · Draytek Vigor2960 +2

Name of the Vulnerable Software and Affected Versions: Draytek Vigor3900 versions prior to 1.5.1 Draytek Vigor2960 versions prior to 1.5.1 Draytek Vigor300B versions prior to 1.5.1 Description: The issue allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode,...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2020-1283)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : docker-engine (EulerOS-SA-2020-1283)

According to the version of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Docker CE and EE before 18.09.8 as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10, Docker Engine in debug mode may...

RUSTSEC-2020-0004 sigstack allocation bug can cause memory corruption or leak

An embedding using affected versions of lucet-runtime configured to use non-default Wasm globals sizes of more than 4KiB, or compiled in debug mode without optimizations, could leak data from the signal handler stack to guest programs. This can potentially cause data from the embedding host to le...

laravelN00b - Automated Scan .env Files And Checking Debug Mode In Victim Host

Incorrect configuration allows you to access .env files or reading env variables. LaravelN00b automated scan .env files and checking debug mode in victim host. Scan rationale Scan host. Resolve IP adress and check .env file in IP Adress Checking debug mode Laravel Read .env variables Installation...

CVE-2019-19983

In the WordPress plugin, Fast Velocity Minify before 2.7.7, the full web root path to the running WordPress application can be discovered. In order to exploit this vulnerability, FVM Debug Mode needs to be enabled and an admin-ajax request needs to call the fastvelocityminfiles action...

CVE-2019-19983

In the WordPress plugin, Fast Velocity Minify before 2.7.7, the full web root path to the running WordPress application can be discovered. In order to exploit this vulnerability, FVM Debug Mode needs to be enabled and an admin-ajax request needs to call the fastvelocityminfiles action...

CVE-2019-11293: UAA logs all query parameters with debug logging level | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Description Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs clientsecret credentials when sent as a query param. A remote authenticated malicious user could gain access to user credentials via the uaa.log...

DEBIAN-CVE-2011-2924

foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileg...

CVE-2011-2924

foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileg...

CVE-2011-2924

foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileg...

CVE-2011-2924

CVE-2011-2924 affects the foomatic-rip filter (v4.0.12 and earlier). The flaw arises from insecure temporary file handling when rendering PostScript data in debug mode, enabling a local attacker to perform symlink attacks to overwrite arbitrary files accessible to the user running the foomatic-ri...

CVE-2011-2923

foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges ...

Design/Logic Flaw

foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges ...