8287 matches found
CVE-2017-9138
There is a debug-interface vulnerability on some Tenda routers FH1202/F1202/F1200: versions before 1.2.0.20. After connecting locally to a router in a wired or wireless manner, one can bypass intended access restrictions by sending shell commands directly and reading their results, or by entering...
CVE-2017-9138
CVE-2017-9138 affects Tenda FH1202/F1202/F1200 routers with firmware older than 1.2.0.20. A debug-interface vulnerability permits local attacker access to run shell commands and read results, or to execute commands that alter the router’s username/password, bypassing access restrictions. This imp...
Session fixation
Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data keystrokes to any process. In mictray64.exe mic tray icon 1.0.0.46, a LowLevelKeyboardProc Windows hook is used to capture keystrokes. This data is leaked via unintended channels: deb...
HPSBGN03558 rev.9 - Conexant HD Audio Driver Local Debug Log
Potential Security Impact Potential, local loss of confidentiality VULNERABILITY SUMMARY A potential security vulnerability caused by a local debugging capability that was not disabled prior to product launch has been identified with certain versions of Conexant HD Audio Drivers on HP products. H...
CVE-2017-8398
dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash...
OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)
It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol JDWP packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP request...
Weblate: ClickJacking on Debug
Proof Of Concept: Related Issue on report 225543 1. Navigate to https://debug.weblate.org 2. As you notice it is forbidden. 3. just vulnerable by clickjacking. 3. Now the user report to CIA to open. 4. Redirect to MaliciousSite.com I uploaded the poc.html Thanks,...
DEBIAN-CVE-2017-8398
dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash...
CVE-2017-8398
dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash...
CVE-2017-8398
dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash...
UBUNTU-CVE-2017-8398
dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash...
Design/Logic Flaw
dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash...
CVE-2017-8398
dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash...
ALPINE-CVE-2017-8372
The madlayerIII function in layer3.c in Underbit MAD libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a denial of service assertion failure and application exit via a crafted audio file...
PT-2017-18298 · Underbit Technologies +1 · Libmad +1
Name of the Vulnerable Software and Affected Versions: libmad version 0.15.1b Description: The issue allows remote attackers to cause a denial of service, resulting in an assertion failure and application exit, via a crafted audio file. This is related to the mad layer III function in layer3.c,...
How to Enable DEBUG Log Level for Syslog Events on the NetScaler
This article describes how to enable DEBUG log level for syslog events on NetScaler. Enabling DEBUG level for syslog events will allow you to capture detailed information that is not recorded by default in ns.log file. Note : The DEBUG level should be disabled upon finishing the troubleshooting...
Solarwinds LEM 6.3.1 Management Shell Arbitrary File Read Vulnerability
The management shell on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1 allows the end user to edit the MOTD banner displayed during SSH logon. The editor provided for this is nano. This editor has a keyboard mapped function which lets the user import a file from the local file...
Fedora 25 : php-pear-CAS (2017-2a90185a04)
Changes in version 1.3.5 - Security Fixes : - Fix possible authentication bypass in validateCAS20 228 Gregory Boddin - Bug Fixes : - Fix file permissions non-executable 177 Remi Collet - Fixed translations Greek and Japanese 192 ikari7789 - Fix errors under phpdbg 204 MasonM - Fix logout...
Fedora 24 : php-pear-CAS (2017-d9d620366e)
Changes in version 1.3.5 - Security Fixes : - Fix possible authentication bypass in validateCAS20 228 Gregory Boddin - Bug Fixes : - Fix file permissions non-executable 177 Remi Collet - Fixed translations Greek and Japanese 192 ikari7789 - Fix errors under phpdbg 204 MasonM - Fix logout...
Reproducing Go binaries byte-by-byte
Fully reproducible builds are important because they bridge the gap between auditable open source and convenient binary artifacts. Technologies like TUF and Binary Transparency provide accountability for what binaries are shipped to users, but that's of limited utility if there is no way short of...