WordPress plugin Easy Forms for Mailchimp 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

The vulnerability of the devMode debugging mode implementation in the Apache Struts software platform allows attackers to perform cross-site scripting attacks.

The vulnerability of the devMode debugging mode implementation in the Apache Struts software platform is related to the lack of measures taken to protect the web page structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

The vulnerability of the StarOS operating system arises from the improper activation of the debugging mode for certain services, allowing a perpetrator to execute arbitrary code.

The vulnerability of the StarOS operating system exists due to the incorrect activation of the debugging mode for certain services. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2022-25481

ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php. NOTE: this is disputed by a third party because system environment exposure is an intended feature of the debugging mode...

PT-2022-17318

Name of the Vulnerable Software and Affected Versions: ThinkPHP Framework version 5.0.24 Description: The ThinkPHP Framework was discovered to be configured without the PATHINFO parameter, allowing attackers to access all system environment parameters from index.php. It is noted that this issue i...

Huawei Emily-AL00A Authentication Bypass Vulnerability

The Huawei Emily-AL00A is a smartphone device from the Chinese company Huawei. A forensic bypass vulnerability exists in Huawei Emily-AL00A. An attacker induces a user to connect to a malicious device. With debugging mode enabled, malware on the device can exploit this vulnerability to bypass the...

New Ransomware Not Just Encrypts Your Android But Also Changes PIN Lock

DoubleLocker—as the name suggests, it locks device twice. Security researchers from Slovakia-based security software maker ESET have discovered a new Android ransomware that not just encrypts users’ data, but also locks them out of their devices by changing lock screen PIN. On top of that:...

389-ds: unauthenticated information disclosure

It was found that when replication was enabled for each attribute in Red Hat Directory Server / 389 Directory Server, which is the default configuration, the server returned replicated metadata when the directory was searched while debugging was enabled. A remote attacker could use this flaw to...

WinVNC Web Server <= 3.3.3r7 - GET Overflow

No description provided by source. $Id: winvnchttpget.rb 7724 2009-12-06 05:50:37Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of us...

DEBIAN-CVE-2010-4777

The Perlregnumberedbufffetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service assertion failure and application exit via crafted input that is not properly handled when using certain...

CVE-2010-1650

IBM WebSphere Application Server WAS 6.0.x before 6.0.2.41, 6.1.x before 6.1.0.31, and 7.0.x before 7.0.0.11, when the -trace option aka debugging mode is enabled, executes debugging statements that print string representations of unspecified objects, which allows attackers to obtain sensitive...

Design/Logic Flaw

IBM WebSphere Application Server WAS 6.0.x before 6.0.2.41, 6.1.x before 6.1.0.31, and 7.0.x before 7.0.0.11, when the -trace option aka debugging mode is enabled, executes debugging statements that print string representations of unspecified objects, which allows attackers to obtain sensitive...

CVE-2010-1650

IBM WebSphere Application Server WAS 6.0.x before 6.0.2.41, 6.1.x before 6.1.0.31, and 7.0.x before 7.0.0.11, when the -trace option aka debugging mode is enabled, executes debugging statements that print string representations of unspecified objects, which allows attackers to obtain sensitive...

IBM WebSphere Application Server 6.1 < 6.1.0.31 Multiple Vulnerabilities

IBM WebSphere Application Server 6.1 before Fix Pack 31 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities : - It is possible for Administrator role members to modify primary administrative id via the administrative console. PK88606 - An...

multi-gnome-terminal information leak

Keystrokes are logged to user's home in debugging mode...

Локальная дырка в OpenBSD

Ошибка в ядре системы позволяет "уронить" систему в режим отладки ядра, в котором можно проделывать любые действия...