8285 matches found
CVE-2016-3890
The Java Debug Wire Protocol JDWP implementation in adb/sockets.cpp in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 mishandles socket close operations, which allows attackers to gain privileges via a crafted application, aka internal bug 28347842...
CVE-2016-3890
The Java Debug Wire Protocol JDWP implementation in adb/sockets.cpp in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 mishandles socket close operations, which allows attackers to gain privileges via a crafted application, aka internal bug 28347842...
DEBIAN-CVE-2016-3890
The Java Debug Wire Protocol JDWP implementation in adb/sockets.cpp in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 mishandles socket close operations, which allows attackers to gain privileges via a crafted application, aka internal bug 28347842...
CVE-2016-3876
providers/settings/SettingsProvider.java in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the SAFEBOOTDISALLOWED protection mechanism and boot to safe mode via the Android Debug Bridge adb tool, aka internal bug 29900345...
UBUNTU-CVE-2016-3876
providers/settings/SettingsProvider.java in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the SAFEBOOTDISALLOWED protection mechanism and boot to safe mode via the Android Debug Bridge adb tool, aka internal bug 29900345...
UBUNTU-CVE-2016-3890
The Java Debug Wire Protocol JDWP implementation in adb/sockets.cpp in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 mishandles socket close operations, which allows attackers to gain privileges via a crafted application, aka internal bug 28347842...
Design/Logic Flaw
The Java Debug Wire Protocol JDWP implementation in adb/sockets.cpp in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 mishandles socket close operations, which allows attackers to gain privileges via a crafted application, aka internal bug 28347842...
CVE-2016-3890
The Java Debug Wire Protocol JDWP implementation in adb/sockets.cpp in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 mishandles socket close operations, which allows attackers to gain privileges via a crafted application, aka internal bug 28347842...
CVE-2016-3890
The Java Debug Wire Protocol JDWP implementation in adb/sockets.cpp in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 mishandles socket close operations, which allows attackers to gain privileges via a crafted application, aka internal bug 28347842...
CVE-2016-3890
The Java Debug Wire Protocol JDWP implementation in adb/sockets.cpp in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 mishandles socket close operations, which allows attackers to gain privileges via a crafted application, aka internal bug 28347842...
JDWP Command Execution Vulnerability in Some IPs of ZDNT
ZDNT Customer Resource Management System is a foreign trade software that solves the key problems of foreign trade enterprises by focusing on customers. A JDWP command execution vulnerability exists in some IPs of ZDNT, which allows attackers to exploit the vulnerability to gain control of the we...
Google Android Java Debug Wire Protocol Elevation of Privilege Vulnerability
Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. An elevated privilege vulnerability exists in the Java Debug Wire Protocol in Android. An attacker can exploit this vulnerability to execute arbitrary code with elevated privilege...
Boozt Fashion AB: PHP info page disclosure on http://www.day.dk/
Hi, Boozt team. Description: phpinfo is a debug functionality that prints out detailed information on both the system and the PHP configuration. Step to reproduce: 1. Go to http://www.day.dk/check.php An attacker can obtain information such as: •Exact PHP version. •Exact OS and its version...
MySQL 5.5.45 64bit Local Credential Dislcosure
MySQL 5.5.45 64bit Local Credentials Disclosure Tested on Windows Windows Server 2012 R2 64bit, English Vendor Homepage @ https://www.mysql.com Date 05/09/2016 Bug Discovered by Yakir Wizman https://www.linkedin.com/in/yakirwizman http://www.black-rose.ml Special Thanks & Greetings to friend of...
How to debug Citrix Gateway connector logs (XNC)
In order to determine an issue with Citrix Gateway connector formerly known as XNC, we would need to enable debug logging...
NUUO NVRmini 2 Arbitrary Code Execution Vulnerability
NUUO provides a stable and high performance digital networked surveillance system. The NUUO NVRmini 2 suffers from an arbitrary code execution vulnerability that can be exploited by an attacker to inject and execute arbitrary code with root privileges due to unauthenticated and hidden debug scrip...
Zortam Media Studio 20.60 - Buffer Overflow Vulnerability
Document Title: =============== Zortam Media Studio 20.60 - Buffer Overflow Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1884 Release Date: ============= 2016-07-26 Vulnerability Laboratory ID VL-ID: ====================================...
python2-django: cross-site scripting
Unsafe usage of JavaScript's Element.innerHTML could result in XSS in the admin's add/change related popup. Element.textContent is now used to prevent execution of the data. The debug view also used innerHTML. Although a security issue wasn't identified there, out of an abundance of caution it's...
Debian DLA-555-1 : python-django security update
It was discovered that Django, a high-level Python web development framework, is prone to a cross-site scripting vulnerability in the admin's add/change related popup and debug view. For Debian 7 'Wheezy', these problems have been fixed in version 1.4.5-1+deb7u17. We recommend that you upgrade yo...
python-django: cross-site scripting
Unsafe usage of JavaScript's Element.innerHTML could result in XSS in the admin's add/change related popup. Element.textContent is now used to prevent execution of the data. The debug view also used innerHTML. Although a security issue wasn't identified there, out of an abundance of caution it's...