8309 matches found
Updated php-phpmailer packages fix security vulnerability
Debugoutput wasn't set in constructor according to SAPI in use, resulting in potential XSS in default debug output...
MGASA-2017-0438 Updated php-phpmailer packages fix security vulnerability
Debugoutput wasn't set in constructor according to SAPI in use, resulting in potential XSS in default debug output...
CVE-2017-8020
An issue was discovered in EMC ScaleIO 2.0.1.x. A buffer overflow vulnerability in the SDBG service may potentially allow a remote unauthenticated attacker to execute arbitrary commands with root privileges on an affected server...
Authentication flaw
Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device...
CVE-2017-9316
Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device...
CVE-2017-9316
Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device...
CVE-2017-9316
CVE-2017-9316 affects Dahua IPC-HDW4300S and some IP products. Root cause is an internal Debug function used for problem analysis during development, which leads to a firmware upgrade authentication bypass. The description notes this function was only capable of receiving data in one direction, w...
CVE-2017-9316
Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device...
Debian DLA-1188-1 : libxml2 security update
Pranjal Jumde @pjumde reported an heap overflow in memory debug code of libxml2. For Debian 7 'Wheezy', these problems have been fixed in version 2.8.0+dfsg1-7+wheezy10. We recommend that you upgrade your libxml2 packages. NOTE: Tenable Network Security has extracted the preceding description blo...
Cisco IP Phone 8800 Series Debug Interface Command Injection Vulnerability
The Cisco IP Phone 8800 is a phone product from Cisco that provides video and VoIP communication features. debug interface is one of the debugging interfaces. A command injection vulnerability exists in the debug interface in the Cisco IP Phone 8800 series that stems from the program failing to...
GNU Binutils Denial of Service Vulnerability (CNVD-2017-34506)
GNU Binutils is a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code. A denial of service vulnerability exists in the displaydebugframes function in dwarf.c in GNU Binutils 2.29.1. A remote attacker can exploit this...
Command injection
A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by...
CVE-2017-12305
A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by...
CVE-2017-12305
A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by...
CVE-2017-12305
CVE-2017-12305 concerns Cisco IP Phone 8800 Series, where the debug interface is susceptible to a command injection due to insufficient input validation. The vulnerability enables an authenticated, local attacker to execute arbitrary commands by submitting additional input to the affected debug s...
Cisco IP Phone 8800 Series Command Injection Vulnerability in Debug Shell
A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective rig...
Cisco IP Phone 8800 Series Command Injection Vulnerability in Debug Shell
A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting...
UBUNTU-CVE-2017-16828
The displaydebugframes function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service integer overflow and heap-based buffer over-read, and application crash or possibly have unspecified other impact via a crafted ELF file, related to printdebugframe...
CVE-2017-16828
The displaydebugframes function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service integer overflow and heap-based buffer over-read, and application crash or possibly have unspecified other impact via a crafted ELF file, related to printdebugframe...
Debugging Tool Left on OnePlus Phones, Enables Root Access
UPDATE Chinese phone maker OnePlus is accused of leaving a debugging app on its phones capable of giving adversaries root access to the devices. The application in question is called EngineerMode and is made by Qualcomm. An anonymous researcher who goes by the handle Elliot Alderson, a character ...