Boozt Fashion AB: PHP info page disclosure on http://www.day.dk/

Hi, Boozt team. Description: phpinfo is a debug functionality that prints out detailed information on both the system and the PHP configuration. Step to reproduce: 1. Go to http://www.day.dk/check.php An attacker can obtain information such as: •Exact PHP version. •Exact OS and its version...

MySQL 5.5.45 64bit Local Credential Dislcosure

MySQL 5.5.45 64bit Local Credentials Disclosure Tested on Windows Windows Server 2012 R2 64bit, English Vendor Homepage @ https://www.mysql.com Date 05/09/2016 Bug Discovered by Yakir Wizman https://www.linkedin.com/in/yakirwizman http://www.black-rose.ml Special Thanks & Greetings to friend of...

How to debug Citrix Gateway connector logs (XNC)

In order to determine an issue with Citrix Gateway connector formerly known as XNC, we would need to enable debug logging...

NUUO NVRmini 2 Arbitrary Code Execution Vulnerability

NUUO provides a stable and high performance digital networked surveillance system. The NUUO NVRmini 2 suffers from an arbitrary code execution vulnerability that can be exploited by an attacker to inject and execute arbitrary code with root privileges due to unauthenticated and hidden debug scrip...

Zortam Media Studio 20.60 - Buffer Overflow Vulnerability

Document Title: =============== Zortam Media Studio 20.60 - Buffer Overflow Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1884 Release Date: ============= 2016-07-26 Vulnerability Laboratory ID VL-ID: ====================================...

python2-django: cross-site scripting

Unsafe usage of JavaScript's Element.innerHTML could result in XSS in the admin's add/change related popup. Element.textContent is now used to prevent execution of the data. The debug view also used innerHTML. Although a security issue wasn't identified there, out of an abundance of caution it's...

Debian DLA-555-1 : python-django security update

It was discovered that Django, a high-level Python web development framework, is prone to a cross-site scripting vulnerability in the admin's add/change related popup and debug view. For Debian 7 'Wheezy', these problems have been fixed in version 1.4.5-1+deb7u17. We recommend that you upgrade yo...

python-django: cross-site scripting

Unsafe usage of JavaScript's Element.innerHTML could result in XSS in the admin's add/change related popup. Element.textContent is now used to prevent execution of the data. The debug view also used innerHTML. Although a security issue wasn't identified there, out of an abundance of caution it's...

Vulnerabilities of the Red Hat Enterprise Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the kernel-debug-devel package of the Red Hat Enterprise Linux operating system can be exploited, leading to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the libxpm4-dbg package of the Debian GNU/Linux operating system may lead to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The libc6.1-dbg package of the Debian GNU/Linux operating system has multiple vulnerabilities. Exploitation of these vulnerabilities may lead to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

Vulnerabilities of the Red Hat Enterprise Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the kernel-debug package of the Red Hat Enterprise Linux operating system can be exploited, leading to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

CVE-2 0 1 5-7 5 4 7 analysis and use-vulnerability and early warning-the black bar safety net

0x01 analysis This vulnerability analysis and how to build a test environment k0 chef in seebug and mrh God in the drops of the articles are written very in detail, in the following reference to Annex A of the original address. I was standing on the shoulders of Giants to write some of your own i...

PT-2019-15837 · Luajit +3 · Luajit +3

Name of the Vulnerable Software and Affected Versions: LuaJIT versions 2.0.5 and earlier Moonjit versions prior to 2.1.2 Description: The issue involves a type confusion problem in the debug.getinfo function, which can lead to arbitrary memory write or read operations due to mishandling of certai...

Microsoft Windows - Kernel ATMFD.dll NamedEscape 0x250C Pool Corruption (MS16-074)

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=785 The Adobe Type Manager Font Driver ATMFD.DLL responsible for handling PostScript and OpenType fonts in the Windows kernel provides a channel of communication with user-mode...

Microsoft Windows Kernel - 'ATMFD.dll' NamedEscape 0x250C Pool Corruption (MS16-074)

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=785 The Adobe Type Manager Font Driver ATMFD.DLL responsible for handling PostScript and OpenType fonts in the Windows kernel provides a channel of communication with user-mode applications via an undocumented gdi32!NamedEscape API...

Microsoft Windows Kernel - ATMFD.dll NamedEscape 0x250C Pool Corruption (MS16-074)

Microsoft Windows Kernel - ATMFD.dll NamedEscape 0x250C Pool Corruption MS16-074 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=785 The Adobe Type Manager Font Driver ATMFD.DLL responsible for handling PostScript and OpenType fonts in the Windows kernel provides a channel of...

http-aspnet-debug NSE Script

Determines if a ASP.NET application has debugging enabled using a HTTP DEBUG request. The HTTP DEBUG verb is used within ASP.NET applications to start/stop remote debugging sessions. The script sends a 'stop-debug' command to determine the application's current configuration state but access to R...

CVE-2016-4087

Huawei S12700 switches with software before V200R008C00SPC500 and S5700 switches with software before V200R005SPH010, when the debug switch is enabled, allows remote attackers to cause a denial of service or execute arbitrary code via crafted DNS packets...

CVE-2016-4087

CVE-2016-4087 affects Huawei S12700 switches pre-V200R008C00SPC500 and S5700 switches pre-V200R005SPH010. When the device Debug switch is on, processing crafted DNS packets can cause a denial of service or remote code execution due to an input validation/checksum vulnerability in the affected Hua...