8286 matches found
SUSE-SU-2017:0292-1 Security update for dbus-1
This update for dbus-1 to version 1.8.22 fixes one security issue and bugs. The following security issue was fixed: - bsc1003898: Do not treat ActivationFailure message received from root-owned systemd name as a format string. The following upstream changes are included: - Change the default...
Design/Logic Flaw
An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7PGKT01...
CVE-2017-5594
The Pagekit CMS
CVE-2016-6521
Cross-site request forgery CSRF vulnerability in Grails console aka Grails Debug Console and Grails Web Console 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of users for requests that execute arbitrary Groovy code via unspecified vectors...
CVE-2016-6521
CVE-2016-6521: CSRF vulnerability in Grails console (Grails Debug Console / Grails Web Console) versions 2.0.7, 1.5.10 and earlier. It allows remote attackers to hijack user authentication for requests that execute arbitrary Groovy code via unspecified vectors. Affected products/versions are name...
USB Enhanced Performance Keyboard
Lenovo Security Advisory: LEN-2015-015 Potential Impact: Escalation of Privilege Severity: Low Summary: Lenovo’s “USB Enhanced Performance Keyboard” software has a known issue where debug code was accidently left in the application. The debug code includes information about which keys on the...
USB Enhanced Performance Keyboard - Lenovo Support US
No description provided...
PageKit 1.0.10 Password Reset
Exploit Title: Remote PageKit Password Reset Vulnerability Date:a21-01-2017 Software Link: http://pagekit.com/ Exploit Author: Saurabh Banawar from SecureLayer7a Contact: http://twitter.com/asecurelayer7 Website: httpas://securelayer7.neta Category: webapps 1. Description Anyremote user can reset...
PageKit 1.0.10 - Password Reset Exploit
Exploit for php platform in category web applications Exploit Title: Remote PageKit Password Reset Vulnerability Date:21-01-2017 Software Link: http://pagekit.com/ Exploit Author: Saurabh Banawar from SecureLayer7 Contact: http://twitter.com/securelayer7 Website: https://securelayer7.net...
PageKit 1.0.10 - Password Reset
Exploit Title: Remote PageKit Password Reset Vulnerability Date:21-01-2017 Software Link: http://pagekit.com/ Exploit Author: Saurabh Banawar from SecureLayer7 Contact: http://twitter.com/securelayer7 Website: https://securelayer7.net Category: webapps 1. Description Anyremote user can reset...
PageKit 1.0.10 - Password Reset
PageKit 1.0.10 - Password Reset Exploit Title: Remote PageKit Password Reset Vulnerability Date:21-01-2017 Software Link: http://pagekit.com/ Exploit Author: Saurabh Banawar from SecureLayer7 Contact: http://twitter.com/securelayer7 Website: https://securelayer7.net Category: webapps 1...
OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)
It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol JDWP packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP request...
shopify-scripts: SIGSEGV - mrb_obj_extend - line:413
PoC: ------------------- The following code triggers the bug attached as testmrbobjextend413.rb: module Test end def methodmissingsextendTestend def setva.set0end set0 Mirb - Debug: ------------------- gdb r testmrbobjextend413.rb The program being debugged has been started already. Start it from...
shopify-scripts: SIGSEGV - mrb_vm_exec - line:1681
PoC: ------------------- The following code triggers the bug attached as testmrbvmexec1681.rb: def try yield ensure yield end a=lambda do a.try do return end end.call Mirb - Debug: ------------------- gdb r testmrbvmexec1678.rb The program being debugged has been started already. Start it from th...
shopify-scripts: SIGSEGV - mrb_vm_exec - vm.c in line:1272
PoC: ------------------- The following code triggers the bug attached as testmrbvmexec1272.rb: a,a,a,a=0,def e end a Sandbox: ------------------- x@x:/Desktop/research/mruby-engine/bin$ ./sandbox testmrbvmexec1272.rb ./sandbox:20: BUG Segmentation fault at 0x00000000000018 ruby 2.2.6p396 2016-11-...
Google Patches Android 'Custom Boot Mode' Vulnerability
A high-risk Android custom boot mode vulnerability was one of many bugs patched by Google as part of its January Android Security Bulletin released earlier this week. On Thursday, the IBM security team that discovered the vulnerability disclosed details about the flaw which leaves Nexus 6 and 6P...
Linux kernel local integer overflow vulnerability (CNVD-2017-00226)
The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. The 'ringbufferresize' function in the kernel/trace/ringbuffer.c file of the profiling subsystem in versions of the Linux kernel prior to 4.6.1 has a security vulnerability du...
DEBIAN-CVE-2016-9754
The ringbufferresize function in kernel/trace/ringbuffer.c in the profiling subsystem in the Linux kernel before 4.6.1 mishandles certain integer calculations, which allows local users to gain privileges by writing to the /sys/kernel/debug/tracing/buffersizekb file...
CVE-2016-9754
CVE-2016-9754 affects the Linux kernel’s ring_buffer_resize in the profiling subsystem, where integer calculations in ring_buffer.c before 4.6.1 allow a local user to gain privileges by writing to /sys/kernel/debug/tracing/buffer_size_kb. The issue is fixed in kernel 4.6.1 and later. Affected pro...
FLARE Script Series: Querying Dynamic State using the FireEye Labs Query-Oriented Debugger (flare-qdb)
Introduction This post continues the FireEye Labs Advanced Reverse Engineering FLARE script series. Here, we introduce flare-qdb, a command-line utility and Python module based on vivisect for querying and altering dynamic binary state conveniently, iteratively, and at scale. flare-qdb works on...