CVE-2017-12305

A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by...

CVE-2017-12305

CVE-2017-12305 concerns Cisco IP Phone 8800 Series, where the debug interface is susceptible to a command injection due to insufficient input validation. The vulnerability enables an authenticated, local attacker to execute arbitrary commands by submitting additional input to the affected debug s...

Cisco IP Phone 8800 Series Command Injection Vulnerability in Debug Shell

A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective rig...

Cisco IP Phone 8800 Series Command Injection Vulnerability in Debug Shell

A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting...

UBUNTU-CVE-2017-16828

The displaydebugframes function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service integer overflow and heap-based buffer over-read, and application crash or possibly have unspecified other impact via a crafted ELF file, related to printdebugframe...

CVE-2017-16828

The displaydebugframes function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service integer overflow and heap-based buffer over-read, and application crash or possibly have unspecified other impact via a crafted ELF file, related to printdebugframe...

Debugging Tool Left on OnePlus Phones, Enables Root Access

UPDATE Chinese phone maker OnePlus is accused of leaving a debugging app on its phones capable of giving adversaries root access to the devices. The application in question is called EngineerMode and is made by Qualcomm. An anonymous researcher who goes by the handle Elliot Alderson, a character ...

Failed to import Veeam Cloud Connect certificate after Veeam Availability Console server migration

Challenge After migrating your Veeam Availability Console VAC installation to a new server and adding an existing Veeam Cloud Connect VCC server, the following certificate error may be observed: Failed to import certificate from the Veeam Cloud Connect server. See debug logs for more information...

CVE-2017-15113

ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to...

How to solve the Malwarebytes CrackMe: a step-by-step tutorial

The topic of this post is a Malwarebytes CrackMe—an exercise in malware analysis that I recently created. First, the challenge was created to serve internal purposes, but then it was released to the community on Twitter and triggered a lot of positive response. Thanks to all of you who sent in yo...

ovirt-engine: DEBUG logging includes unmasked passwords

ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to...

GNU Binutils Binary File Descriptor Library Incompletely Fixes Remote Denial of Service Vulnerability

GNU Binutils a.k.a. GNU Binary Utilities or binutils is a set of programming language utilities developed by the GNU Project to work with object files in a variety of formats, with connectors, assemblers, and other tools for object files and archives.The Binary File Descriptor BFD library a.k.a...

UBUNTU-CVE-2017-15939

dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, mishandles NULL files in a .debugline file table, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted ELF file, related to...

Sonicwall WXA5000 1.3.2-10-30 Console Jail Escape / Privilege Escalation

KL-001-2017-019 : Sonicwall WXA5000 Console Jail Escape and Privilege Escalation Title: Sonicwall WXA5000 Console Jail Escape and Privilege Escalation Advisory ID: KL-001-2017-019 Publication Date: 2017.10.24 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-019.txt 1...

Sonicwall WXA5000 Console Jail Escape and Privilege Escalation

Vulnerability Details Affected Vendor: Sonicwall Affected Product: WXA5000 WAN Optimization Appliance Affected Version: 1.3.2-10-30 Platform: Embedded Linux CWE Classification: CWE-78: Improper Neutralization of Special Elements used in an OS Command Impact: Root Access Attack vector: Console 2...

PYSEC-2017-43

Cross-site scripting XSS vulnerability in the renderfull function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 as used in Pallets Flask and other products allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message...

PYSEC-2017-43

Cross-site scripting XSS vulnerability in the renderfull function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 as used in Pallets Flask and other products allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message...

CVE-2017-14329

Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving an exsh debug shell...

CVE-2017-14329

Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving an exsh debug shell...

Design/Logic Flaw

Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving an exsh debug shell...