1179 matches found
Visual Studio Code remote code execution vulnerability
I occasionally noticed that Visual Studio Code was listening on a fixed TCP port 9333. After upgrading to 1.19.3, it’s gone. ➜ netstat -an | grep 9333 tcp4 0 0 127.0.0.1.9333 . LISTEN Looks like it’s a bug that affects VSCode 1.19.01.19.2. Extension process always run in debug mode, because of th...
Synaptics Keyboard Driver Unprotected Debug Mode - Lenovo Support US
No description provided...
Synaptics Keyboard Driver Unprotected Debug Mode - us
Synaptics Keyboard Driver Unprotected Debug Mode Lenovo Security Advisory: LEN-18507 Potential Impact: Loss of confidentiality local to system Severity: Medium Scope of Impact: Industry-wide CVE Identifier: CVE-2017-17556 Summary Description: A researcher discovered a vulnerability in Synaptics...
LaZagneForensic - Decrypt Windows Credentials From Another Host
LaZagne uses an internal Windows API called CryptUnprotectData to decrypt user passwords. This API should be called on the victim user session, otherwise, it does not work. If the computer has not been started when the analysis is realized on an offline mounted disk, or if we do not want to drop ...
Cross site scripting
In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. Related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php...
Remote attackers could obtain potentially sensitive information from exception messages printed by the error handler in non-debug mode.
More info at https://www.yiiframework.com/news/165/yii-2-0-14-is-released/...
Remote attackers could obtain potentially sensitive information from exception messages printed by the error handler in non-debug mode.
More info at https://www.yiiframework.com/news/165/yii-2-0-14-is-released/...
Design/Logic Flaw
In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk...
CVE-2017-6139
In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk...
CVE-2017-6139
In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk...
CVE-2017-6139
In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk...
Apache Struts 'Problem Report' XSS Vulnerability (S2-025)
Apache Struts is prone to a cross-site scripting XSS vulnerability. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
How to enable/collect logs on WEM Agent machine
Type of logs available: There are a number of logs that can be collected from the WEM Agent to help with troubleshooting/diagnosing an issue Note:Please make sure to revert all changes after completing log collection. For logging information related to WEM Brokers, see CTX228742 1. WEM Agent...
Advanced Policy Firewall: APF
Advanced Policy Firewall APF is an iptablesnetfilter based firewall system designed around the essential needs of today’s Internet deployed servers and the unique needs of custom deployed Linux installations. The configuration of APF is designed to be very informative and present the user with an...
I Recommend This <= 3.8.1 - Authenticated SQL Injection
Plugin description: "This plugin allows your visitors to simply like/recommend your posts instead of comment on it." Active installs according to https://wordpress.org/plugins/i-recommend-this/: 40.000+ It's possible to inject SQL into the dotrecommends shortcode, if the check for IP addresses is...
Cross-site Scripting (XSS)
yiisoft/yii2 is vulnerable to cross-site scripting XSS.When debug mode is enabled, the $exception-errorInfo is mishandled, allowing attackers to execute XSS attacks...
CVE-2017-11516
An XSS vulnerability exists in framework/views/errorHandler/exception.php in Yii Framework 2.0.12 affecting the exception screen when debug mode is enabled, because $exception-errorInfo is mishandled...
CVE-2017-11516
The CVE-2017-11516 entry describes an XSS in Yii Framework 2.0.12: framework/views/errorHandler/exception.php mishandles $exception->errorInfo, enabling XSS on the exception screen when debug mode is enabled. The description and related references indicate this is a framework component-level i...
Exploit for Code Injection in Samba
Basic Setup Install Samba version 4.5.9 https://download...
ALPINE-CVE-2017-8372
The madlayerIII function in layer3.c in Underbit MAD libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a denial of service assertion failure and application exit via a crafted audio file...