CVE-2017-9862

An issue was discovered in SMA Solar Technology products. When signed into Sunny Explorer with a wrong password, it is possible to create a debug report, disclosing information regarding the application and allowing the attacker to create and save a .txt file with contents to his liking. An...

CVE-2017-9862

SMA Solar Technology Sunny Explorer information-disclosure (CVE-2017-9862) affects Sunny Boy TLST-21/TL-21 and Sunny Tripower TL-10/TL-30. When signing in with an incorrect password, a debug report can be created that exposes application information and allows saving a .txt file with arbitrary co...

PT-2017-19228 · Sma Solar Technology · Sunny Boy Tlst-21 +3

Name of the Vulnerable Software and Affected Versions: SMA Solar Technology products, specifically Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 Description: An issue in SMA Solar Technology products allows information disclosure when a user signs into Sunny Explorer with an...

CVE-2017-11387

Authentication Bypass in Trend Micro Control Manager 6.0 causes Information Disclosure when authentication validation is not done for functionality that can change debug logging level. Formerly ZDI-CAN-4512...

Stack overflow

Stack-based buffer overflow in hw/usb/redirect.c in QEMU aka Quick Emulator allows local guest OS users to cause a denial of service QEMU process crash via vectors related to logging debug messages...

CVE-2017-10806

Stack-based buffer overflow in hw/usb/redirect.c in QEMU aka Quick Emulator allows local guest OS users to cause a denial of service QEMU process crash via vectors related to logging debug messages...

CVE-2017-10806

Stack-based buffer overflow in hw/usb/redirect.c in QEMU aka Quick Emulator allows local guest OS users to cause a denial of service QEMU process crash via vectors related to logging debug messages...

CVE-2017-10806

Stack-based buffer overflow in hw/usb/redirect.c in QEMU aka Quick Emulator allows local guest OS users to cause a denial of service QEMU process crash via vectors related to logging debug messages...

Sound eXchange (SoX) 14.4.2 - Multiple Vulnerabilities

Exploit for linux platform in category dos / poc Sound eXchange SoX multiple vulnerabilities ================ Author : qflb.wu =============== Introduction: ============= SoX is a cross-platform Windows, Linux, MacOS X, etc. command line utility that can convert various formats of computer audio...

Trend Micro Control Manager Debug Level Authentication Bypass Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of debug settings. The software does not provide...

Fedora 26 : php-symfony (2017-4fcbd8a4c3)

2.8.25 2017-07-17 - security 23507 Security validate empty passwords again xabbuh - bug 23526 HttpFoundation Set meta refresh time to 0 in RedirectResponse content jnvsor - bug 23540 Disable inlining deprecated services alekitto - bug 23468 DI Handle root namespace in service definitions ro0NL -...

Password Reset And Recovery

pagekit/pagekit is vulnerable to password reset and recovery. Attackers are able to reset a registered user's password when the debug toolbar is enabled. By doing this, attackers are able to recover the password...

Cross-site Scripting (XSS)

yiisoft/yii2 is vulnerable to cross-site scripting XSS.When debug mode is enabled, the $exception-errorInfo is mishandled, allowing attackers to execute XSS attacks...

CVE-2017-11516

An XSS vulnerability exists in framework/views/errorHandler/exception.php in Yii Framework 2.0.12 affecting the exception screen when debug mode is enabled, because $exception-errorInfo is mishandled...

CVE-2017-11516

The CVE-2017-11516 entry describes an XSS in Yii Framework 2.0.12: framework/views/errorHandler/exception.php mishandles $exception->errorInfo, enabling XSS on the exception screen when debug mode is enabled. The description and related references indicate this is a framework component-level i...

CVE-2016-4996

discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in, which allows local users with access to the system journal to obtain the root password by reading the system journal, ...

Fedora 26 : webkitgtk4 (2017-dfaf0ca892)

Highlights of the 2.16.0 release : - Hardware acceleration is now enabled on demand to drastically reduce memory consumption. - CSS Grid Layout is enabled by default. - New WebKitSetting to set the hardware acceleration policy. - UI process API to configure network proxy settings. - Improved...

Fedora 26 : php-pear-CAS (2017-2f3096ba16)

Changes in version 1.3.5 - Security Fixes : - Fix possible authentication bypass in validateCAS20 228 Gregory Boddin - Bug Fixes : - Fix file permissions non-executable 177 Remi Collet - Fixed translations Greek and Japanese 192 ikari7789 - Fix errors under phpdbg 204 MasonM - Fix logout...

PT-2017-8642 · Foreman · Foreman

Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 6.2 Description: The issue allows local users with access to the system journal to obtain the root password by reading the system journal or by clicking Logs on the console, when the ssh service has been enabled on...

Fedora 24 : libmtp (2017-d26266eb32)

libmtp 1.1.13 ============= Christophe Vu-Brugier 1 : - added GoPro HERO5 Black Emeric Grange 2 : - added GoPro HERO5 Session - rename F5321 into XPeria X Compact Gaute Hope 2 : - add GoPro Hero+ - add mtp-detect for GoPro Hero+ Jerry Zhang 1 : - Update Google device strings, add PTP+ADB id Marcu...