8287 matches found
Homebrew: [https://jenkins.brew.sh] Jenkins in Debug Mode with Stack Traces Enabled
The consultant identified that the affected host is running an instance of Jenkins in debug mode, as a result stack traces are enabled. The affected URL below displays a full strack trace from Jenkins: Affected URL: - https://jenkins.brew.sh/adjuncts/3a890183/ Recommendation Disable stack traces...
NSA Eternalblue SMB vulnerability analysis-vulnerability warning-the black bar safety net
Environment TROJAN: Eternalblue-2.2.0.exe TARGET: win7 sp1 32bits srv.sys 6.1.7601.17514 srvnet.sys 6.1.7601.17514 PATCH: MS17-010 The vulnerability principle srv. sys in the processing SrvOs2FeaListSizeToNt when logic is incorrect resulting in cross-border copy. We first look at the vulnerabilit...
Phpcms v9 vulnerability analysis-vulnerability warning-the black bar safety net
Recent study the source code and audit-related knowledge, will be grabbed before open source CMS vulnerability research, yesterday accidentally saw this PHPCMS vulnerability, you are ready to Analysis a lot, originally wanted to directly from the source code static analysis, but found itself on t...
Adobe Multiple Products - XML Injection File Content Disclosure Exploit
Exploit for multiple platform in category web applications !/bin/bash Source: https://raw.githubusercontent.com/tsluyter/exploits/master/adobexmlinject.sh Exploit Title: Adobe XML Injection file content disclosure Date: 07-04-2017 Exploit Author: Thomas Sluyter Website: https://www.kilala.nl Vend...
UBUNTU-CVE-2016-5041
dwarfmacro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service NULL pointer dereference via a debugging information entry using DWARF5 and without a DWATname...
Cisco UCS Manager Debug Plug-in Privilege Escalation Vulnerability (cisco-sa-20170405-ucs)
A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System UCS Manager could allow an authenticated, local attacker to execute arbitrary commands. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...
CVE-2017-6598
A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System UCS Manager, Cisco Firepower 4100 Series Next-Generation Firewall NGFW, and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to execute arbitrary commands, aka Privilege...
CVE-2017-6598
CVE-2017-6598 affects Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance. A vulnerability in the debug plug-in functionality allows an authenticated, local attacker to execute arbitrary commands with elevated privileges. The root cause is inadequate i...
CVE-2017-6598
A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System UCS Manager, Cisco Firepower 4100 Series Next-Generation Firewall NGFW, and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to execute arbitrary commands, aka Privilege...
Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance Debug Plug-in Privilege Escalation Vulnerability
A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System UCS Manager, Cisco Firepower 4100 Series Next-Generation Firewall NGFW, and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to execute arbitrary commands. The vulnerabilit...
shopify-scripts: Null pointer dereference in OP_ENTER
PoC === The following demonstrates a crash: class A def foo end end class B argv = ary-ptr; gdb p ary $1 = struct RArray 0x0 Test platform ============= Linux Mint 17.3 Cinnamon 64-bit, built with gcc version 4.8.4 Ubuntu 4.8.4-2ubuntu114.04.3 mruby SHA: a14a930c800aa50a191922580d53a2ce09287912...
Intel® NUC and Intel® Compute Stick DCI Disable
Summary: Intel® NUC and Intel® Compute Stick systems based on 6th Gen Intel® Core™ processors do not have DCI debug capability properly locked for BIOS only access. This would allow an attacker with physical possession of the system to potentially enable DCI from outside the BIOS. Description:...
Fedora 24 : webkitgtk4 (2017-0f38995622)
Highlights of the 2.16.0 release : - Hardware acceleration is now enabled on demand to drastically reduce memory consumption. - CSS Grid Layout is enabled by default. - New WebKitSetting to set the hardware acceleration policy. - UI process API to configure network proxy settings. - Improved...
Fedora 25 : webkitgtk4 (2017-25ffd5b236)
Highlights of the 2.16.0 release : - Hardware acceleration is now enabled on demand to drastically reduce memory consumption. - CSS Grid Layout is enabled by default. - New WebKitSetting to set the hardware acceleration policy. - UI process API to configure network proxy settings. - Improved...
shopify-scripts: SIGSEGV in mrb_vm_exec
PoC ------------------- The following code triggers the bug attached as testmrbvmexec.rb: def methodmissingmeth,argsyieldmeth,argsend enumfor.next Debug - mirb ------------------- x@x:/Desktop/test/mruby/bin$ gdb -q ./mirb rReading symbols from ./mirb...done. gdb r testmrbvmexec.rb Starting...
shopify-scripts: SIGSEGV in mrb_str_inum
PoC ------------------- The following code triggers the bug attached as testmrbstrinum.rb: def methodmissingfalse end def tostr""end Integerÿ,2.h Debug - mirb ------------------- x@x:/Desktop/test/mruby/bin$ gdb -q ./mirb r Reading symbols from ./mirb...idone. gdb r testmrbstrinum.rb Starting...
CVE-2016-10225
The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privileges by sending "rootmydevice" to /proc/sunxidebug/sunxidebug...
CVE-2017-7271
Reflected Cross-site scripting XSS vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen...
Cross site scripting
Reflected Cross-site scripting XSS vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen...
Code injection
The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privileges by sending "rootmydevice" to /proc/sunxidebug/sunxidebug...