CVE-2021-35235 ASP.NET Debug Feature Enabled

The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions. ASP.NET allows remote debugging of web applications, if configured to do so. Debug mode causes ASP.NET to compile applications with extra information. The information enables a debugger to closely...

CVE-2021-35235

The CVE concerns SolarWinds Kiwi Syslog Server (versions

CVE-2021-24779

The WP Debugging WordPress plugin before 2.11.0 has its updatesettings function hooked to admininit and is missing any authorisation and CSRF checks, as a result, the settings can be updated by unauthenticated users...

CVE-2021-24779

The WP Debugging WordPress plugin before 2.11.0 has its updatesettings function hooked to admininit and is missing any authorisation and CSRF checks, as a result, the settings can be updated by unauthenticated users...

Cross site request forgery (csrf)

The WP Debugging WordPress plugin before 2.11.0 has its updatesettings function hooked to admininit and is missing any authorisation and CSRF checks, as a result, the settings can be updated by unauthenticated users...

CVE-2021-24779

Vulnerability summary: The WP Debugging WordPress plugin (versions before 2.11.0) is affected by an unauthenticated settings update flaw. The update_settings() function is hooked to admin_init and lacks authorization and CSRF checks, allowing unauthenticated users to modify plugin settings. Affec...

USN-5122-1: Apport vulnerability

It was discovered that Apport could be tricked into writing core files as root into arbitrary directories in certain scenarios. A local attacker could possibly use this issue to escalate privileges. This update will cause Apport to generate all core files in the /var/lib/apport/coredump directory...

WordPress 访问控制错误漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An access control error vulnerability exists in the WordPress plugin The WP Debugging prior to versi...

SAP Business One Information Disclosure Vulnerability

SAP Business One is a suite of enterprise management software from SAP, a German company. The software includes financial management, operations management, and human resources management functions.SAP Business One in version 10.0 contains an information disclosure vulnerability that stems from t...

SAP Business One 安全漏洞

SAP Business One is a suite of enterprise management software from SAP, a German company. The software includes financial management, operations management, and human resources management functions.SAP Business One in version 10.0 contains an information disclosure vulnerability that stems from t...

Fedora: Security Advisory for rust-gimli (FEDORA-2021-1805eacb48)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

ALPINE-CVE-2021-32672

Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support 3.2 or newer...

[SECURITY] Fedora 34 Update: rust-gimli-0.25.0-1.fc34

Library for reading and writing the DWARF debugging format...

PT-2021-7752 · Redis +5 · Redis +5

Name of the Vulnerable Software and Affected Versions: Redis versions 3.2 through 6.2.5 Redis versions 3.2 through 6.0.15 Redis versions 3.2 through 5.0.13 can be simplified to: Redis versions 3.2 through 6.2.5 Description: The issue affects Redis, an open source, in-memory database that persists...

[SECURITY] Fedora 35 Update: rust-gimli-0.25.0-1.fc35

Library for reading and writing the DWARF debugging format...

WordPress WP Debugging plugin <= 2.10.2 - Unauthenticated Plugin's Settings Update vulnerability

Unauthenticated Plugin's Settings Update vulnerability discovered by apple502j in WordPress WP Debugging plugin versions = 2.10.2. Solution Update the WordPress WP Debugging plugin to the latest available version at least 2.11.0...

WP Debugging < 2.11.0 - Unauthenticated Plugin's Settings Update

The plugin has its updatesettings function hooked to admininit and is missing any authorisation and CSRF checks, as a result, the settings can be updated by unauthenticated users. PoC POST /wp-admin/admin-post.php HTTP/1.1 Accept:...

WP Debugging < 2.11.0 - Unauthenticated Plugin's Settings Update

The plugin has its updatesettings function hooked to admininit and is missing any authorisation and CSRF checks, as a result, the settings can be updated by unauthenticated users. csrf.submit POST /wp-admin/admin-post.php HTTP/1.1 Accept:...

Easier URI Targeting With Metasploit Framework

Over the past year and a half, Metasploit Framework’s core engineering team in Belfast has made significant improvements to usability, discoverability, and the general quality of life for the global community of Framework users. A few of the enhancements we’ve worked on in MSF 6 include: A handy...

strace bug fix and enhancement update

The strace utility intercepts and records the system calls that are made and received by a running process and prints a record of each system call, its arguments, and its return value to standard error output or a file. It is often used for problem diagnoses, debugging, and for instructional...