ceph-iscsi-cli: rbd-target-api service runs in debug mode allowing for remote command execution

It was found that rbd-target-api service provided by ceph-iscsi-cli was running in debug mode. An unauthenticated attacker could use this to remotely execute arbitrary code and escalate privileges...

Solaris srsexec Arbitrary File Reader

This module exploits a vulnerability in NetCommander 3.2.3 and 3.2.5. When srsexec is executed in debug -d verbose -v mode, the first line of an arbitrary file can be read due to the suid bit set. The most widely accepted exploitation vector is reading /etc/shadow, which will reveal root's hash f...

Block Overflow

github.com/ethereum/go-ethereum is vulnerable to block overflow. The library does not ensure that the end chain comes after the start chain in debug mode, causing an overwrite when processing a malformed block that can overwrite the next block in the sequence...

CVE-2018-7947

Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153C00 have an authentication bypass vulnerability. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific...

CVE-2018-7947

Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153C00 have an authentication bypass vulnerability. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific...

CVE-2018-7947

Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153C00 have an authentication bypass vulnerability. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific...

Jenkins Stapler Debug Mode Cross-Site Scripting Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . A...

Cross site scripting

A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in...

Security Bulletin: IBM Worklight and IBM Mobile Foundation application authenticity bypass (CVE-2014-0888)

Summary IBM Worklight and IBM Mobile Foundation application authenticity verification can be bypassed under certain conditions. Vulnerability Details CVEID: CVE-2014-0888 DESCRIPTION: The application authenticity feature in IBM Worklight and IBM Mobile Foundation enables the Worklight server to...

Probequest - Toolkit For Playing With Wi-Fi Probe Requests

Toolkit allowing to sniff and display the Wi-Fi probe requests passing near your wireless interface. Probe requests are sent by a station to elicit information about access points, in particular to determine if an access point is present or not in the nearby environment. Some devices mostly...

Sslmerge - Tool To Help You Build A Valid SSL Certificate Chain From The Root Certificate To The End-User Certificate

Is an open source tool to help you build a valid SSL certificate chain from the root certificate to the end-user certificate. Also can help you fix the incomplete certificate chain and download all missing CA certificates. How To Use It's simple: Clone this repository git clone...

Smule: Disclosure of information about the system, configuration files.

Disclosure of django configuration via debug mode...

Chrome V8 PromiseAllResolveElementClosure Element Confusion

Chrome: V8: PromiseAllResolveElementClosure can cause elements kind confusion The Promise.all method internally uses PromiseAllResolveElementClosure https://cs.chromium.org/chromium/src/v8/src/builtins/builtins-promise-gen.cc?rcl=dc2d3bb9711effb349df58af26c49169aa019121&l=1910 as a resolver for...

Chrome V8 JIT - AwaitedPromise Update Bug

Chrome V8 JIT - AwaitedPromise Update Bug / Here's a snippet of AsyncGeneratorReturn. https://cs.chromium.org/chromium/src/v8/src/builtins/builtins-async-generator-gen.cc?rcl=bcd1365cf7fac0d7897c43b377c143aae2d22f92&l=650 Node const context = ParameterDescriptor::kContext; Node const outerpromise...

Chrome V8 JIT - 'NodeProperties::InferReceiverMaps' Type Confusion

/ https://cs.chromium.org/chromium/src/v8/src/compiler/node-properties.cc?rcl=df84e87191022bf6914f9570069908f10b303245&l=416 Here's a snippet of NodeProperties::InferReceiverMaps. case IrOpcode::kJSCreate: if IsSamereceiver, effect HeapObjectMatcher mtargetGetValueInputeffect, 0; HeapObjectMatche...

Chrome V8 JIT - NodeProperties::InferReceiverMaps Type Confusion

Chrome V8 JIT - NodeProperties::InferReceiverMaps Type Confusion / https://cs.chromium.org/chromium/src/v8/src/compiler/node-properties.cc?rcl=df84e87191022bf6914f9570069908f10b303245&l=416 Here's a snippet of NodeProperties::InferReceiverMaps. case IrOpcode::kJSCreate: if IsSamereceiver, effect...

Chrome V8 JIT NodeProperties::InferReceiverMaps Type Confusion Exploit

Exploit for multiple platform in category dos / poc Chrome: V8: JIT: Type confusion in NodeProperties::InferReceiverMaps https://cs.chromium.org/chromium/src/v8/src/compiler/node-properties.cc?rcl=df84e87191022bf6914f9570069908f10b303245&l=416 Here's a snippet of NodeProperties::InferReceiverMaps...

WordPress Rating-Widget: Star Review System 2.8.9 Information Disclosure

Details ================ Software: Rating-Widget: Star Review System Version: 2.8.9 Homepage: https://wordpress.org/plugins/rating-widget/ Advisory report: https://advisories.dxw.com/advisories/rating-widget-debug-mode/ CVE: Awaiting assignment CVSS: 5 Medium; AV:N/AC:L/Au:N/C:P/I:N/A:N Descripti...

WordPress Rating-Widget: Star Review System 2.8.9 Information Disclosure Vulnerability

WordPress Rating-Widget: Star Review System plugin version 2.8.9 suffers from an information disclosure vulnerability. Details ================ Software: Rating-Widget: Star Review System Version: 2.8.9 Homepage: https://wordpress.org/plugins/rating-widget/ Advisory report:...

CVE-2018-1301

CVE-2018-1301 affects the Apache HTTP Server (httpd) prior to 2.4.30, caused by an out-of-bounds access after a size limit is reached when reading the HTTP header. Impact described as a crash (low risk for normal usage). Affected component is httpd’s HTTP header parsing; root cause is an out-of-b...