CVE-2017-14329

Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving an exsh debug shell...

UBUNTU-CVE-2016-10516

Cross-site scripting XSS vulnerability in the renderfull function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 as used in Pallets Flask and other products allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message...

Ruby WIN32OLE ole_invoke and ole_query_interface Type Confusion Vulnerabilities(CVE-2016-2336)

DESCRIPTION Type Confusion exists in two methods of Ruby's WIN32OLE class, oleinvoke and olequeryinterface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution. TESTED VERSIONS Ruby 2.3.0 dev Ruby 2.2.2 PRODUCT URLs https://www.ruby-lang.or...

CVE-2017-12289

CVE-2017-12289 affects Cisco IOS XE Software IPsec verbose/dependent logging. The issue lies in the conditional, verbose debug logging implementation, causing sensitive IPsec information to be written to the system log. An authenticated, local attacker with valid admin credentials could enable IP...

Cisco IOS XE Software Verbose Debug Logging Information Disclosure Vulnerability

A vulnerability in conditional, verbose debug logging for the IPsec feature of Cisco IOS XE Software could allow an authenticated, local attacker to display sensitive IPsec information in the system log file. The vulnerability is due to incorrect implementation of IPsec conditional, verbose debug...

CVE-2017-5130

A heap overflow flaw was found in the libxml2 library. An application compiled with libxml2 using the vulnerable debug-only function xmlMemoryStrdup could be used by an attacker to crash the application or execute arbitrary code with the permission of the user running the application...

Skybox Manager Client Application Information Disclosure Vulnerability

Skybox Manager Client Application is a client-side management application of a network security risk analysis tool from Skybox Security, USA. An information disclosure vulnerability exists in Skybox Manager Client Application versions prior to 8.5.501. A local attacker can exploit this...

Microsoft Edge Scripting Engine Remote Memory Corruption Vulnerability(CVE-2017-11809)

Here's a snippet of the method that interprets a javascript function's bytecode. Js::Var Js::InterpreterStackFrame::INTERPRETERLOOPNAME PROBESTACKscriptContext, Js::Constants::MinStackInterpreter; closureInitDone Assertthis-mreader.GetCurrentOffset == 0; this-InitializeClosures; DoStackScopeSlots...

How to configure console access on XenServer or Citrix Hypervisor

This article is for customers running Citrix Hypervisor or XenServer who want to configure serial console access to their XenServer hosts. In some support cases, serial console access to the XenServer host is required for debug purposes. The serial connection is to use with HyperTerminal or simil...

GNU Binutils libbfd opncls.c bfd_get_debug_link_info_1 Denial of Service Vulnerability

GNU Binutils a.k.a. GNU Binary Utilities or binutils is a set of programming language utilities developed by the GNU Project to work with object files in a variety of formats, with connectors, assemblers, and other tools for object files and archives.The Binary File Descriptor BFD library a.k.a...

Apache Struts 'Problem Report' XSS Vulnerability (S2-025)

Apache Struts is prone to a cross-site scripting XSS vulnerability. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Some WEMs Agent are failing to check in with WEM Broker

Many WEM Agents do not check in with the WEM Broker Server and they are missing from the Agent List inside of the WEM Administration Console. For example, this screenshot shows only 4 Agents checking in but dozens more WEM Agents are configured and should be present in this list: The Debug logs o...

UBUNTU-CVE-2017-15022

dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, does not validate the DWATname data type, which allows remote attackers to cause a denial of service bfdhashhash NULL pointer dereference, or out-of-bounds access, and application crash via a craft...

How to enable/collect logs on WEM Agent machine

Type of logs available: There are a number of logs that can be collected from the WEM Agent to help with troubleshooting/diagnosing an issue Note:Please make sure to revert all changes after completing log collection. For logging information related to WEM Brokers, see CTX228742 1. WEM Agent...

GNU Binutils Denial of Service Vulnerability (CNVD-2017-30075)

GNU Binutils is a set of programming tools for creating and managing binary programs, object files, libraries, profile data and assembly source code. A denial of service vulnerability exists in processdebuginfo in dwarf.c in the Binary File Descriptor BFD library used in GNU Binutils, which can b...

WEM admin console fails to connect with error: Error while connecting to the specified Infrastructure Server

The WEM Administration Console errors out while connecting to the broker with a generic error: "Error while connecting to the specified Infrastructure Server". Looking into the the WEM admin console debug logs %userprofile%\Citrix WEM Console Trace.Log the following error is reported: Exception -...

Advanced Policy Firewall: APF

Advanced Policy Firewall APF is an iptablesnetfilter based firewall system designed around the essential needs of today’s Internet deployed servers and the unique needs of custom deployed Linux installations. The configuration of APF is designed to be very informative and present the user with an...

Regular Expression Denial of Service

Overview Affected versions of debug are vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. As it takes 50,000 characters to block the event loop for 2 seconds, this issue is a low severity issue. Recommendation Version 2.x.x: Update to...

Multiple DenyAll Product Authentication Vulnerabilities

DenyAll i-Suite LTS and others are Web firewall products from DenyAll France. An authentication vulnerability exists in several DenyAll products. A remote attacker can exploit this vulnerability by sending a typeOf=debug request to the /webservices/download/index.php file and reading the iToken...

How to generate the SecureHub device side logs

How to generate the SecureHub device-side logs and setup the correct debug level on them...