CVE-2017-18860

Certain NETGEAR devices are affected by debugging command execution. This affects FS752TP 5.4.2.19 and earlier, GS108Tv2 5.4.2.29 and earlier, GS110TP 5.4.2.29 and earlier, GS418TPP 6.6.2.6 and earlier, GS510TLP 6.6.2.6 and earlier, GS510TP 5.04.2.27 and earlier, GS510TPP 6.6.2.6 and earlier,...

CVE-2017-18860

Certain NETGEAR devices are affected by debugging command execution. This affects FS752TP 5.4.2.19 and earlier, GS108Tv2 5.4.2.29 and earlier, GS110TP 5.4.2.29 and earlier, GS418TPP 6.6.2.6 and earlier, GS510TLP 6.6.2.6 and earlier, GS510TP 5.04.2.27 and earlier, GS510TPP 6.6.2.6 and earlier,...

CVE-2017-18860

CVE-2017-18860 describes a debugging command execution vulnerability in multiple NETGEAR switches and stackable devices. The issue affects a broad range of models (e.g., FS752TP, GS108Tv2, GS110TP, GS418TPP, GS510TLP/TPP, GS716Tv2/3, GS724Tv3/4, GS728TPSB/TSB/TXS, GS748Tv4/5, M4200/M4300, M5300, ...

CVE-2020-11723

Cellebrite UFED 5.0 through 7.29 uses four hardcoded RSA private keys to authenticate to the ADB daemon on target devices. Extracted keys can be used to place evidence onto target devices when performing a forensic extraction...

Microsoft Media Foundation CQTMetadataKeysAtom GetKeyForIndex Information Disclosure Vulnerability

Summary An exploitable code execution vulnerability exists in the CQTMetadataKeysAtom GetKeyForIndex functionality of Microsoft Corporation Microsoft Media Foundation 10.0.18362.476. A specially crafted malformed file can cause code execution resulting in remote code execution. An attacker can...

CVE-2019-11248

The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for...

CVE-2019-0221

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a...

Angrgdb - Use Angr Inside GDB - Create An Angr State From The Current Debugger State

Use angr inside GDB. Create an angr state from the current debugger state. Install pip install angrgdb echo "python import angrgdb.commands" /.gdbinit Usage angrgdb implements the angrdbg API in GDB. You can use it in scripts like this: from angrgdb import gdb.execute"b 0x004005f9" gdb.execute"r...

Unauthorized Access Vulnerability in Liferay Portal

Liferay Portal is both an open source portal building tools , but also a Java-based application software system development platform . An unauthorized access vulnerability exists in Liferay Portal, which can be exploited by an attacker to view sensitive information such as debugging information...

Samsung Mobile Device Information Disclosure Vulnerability (CNVD-2020-29854)

Android is a free and open source operating system from Google based on the Linux kernel without GNU components. An information disclosure vulnerability exists in Samsung mobile devices, which can be exploited by attackers to access data with the help of Bluetooth debugging commands...

FreeBSD : puppetserver and puppetdb -- Puppet Server and PuppetDB may leak sensitive information via metrics API (36def7ba-6d2b-11ea-b115-643150d3111d)

Puppetlabs reports : Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types which may contain sensitive information as...

USN-4171-5: Apport regression

USN-4171-1 fixed vulnerabilities in Apport. This caused a regression in autopkgtest and python2 compatibility. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Kevin Backhouse discovered Apport would read its user-controlled settings file as the root...

tomcat: XSS in SSI printenv

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a...

Chrome Cookie Extraction

Extract cookies from Chrome using Chrome’s Remote Debugging Protocol Recent assessments: 0xEmma at March 15, 2020 7:03pm UTC reported: Although this can lead to cookie leaks, the typical session cookie expires. And the complexity of this attack requires local access to a system, which, generally...

Betwixt - Web Debugging Proxy Based On Chrome DevTools Network Panel

Betwixt will help you analyze web traffic outside the browser using familiar Chrome DevTools interface. Installing Download the latest release for your operating system, build your own bundle or run Betwixt from the source code. Setting up In order to capture traffic, you'll have to direct it to...

CVE-2020-7943

Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types which may contain sensitive information as well as function names...

Design/Logic Flaw

Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types which may contain sensitive information as well as function names...

CVE-2020-7943

Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types which may contain sensitive information as well as function names...

Exploit for CVE-2019-1458

CVE-2019-1458: Going from 'in the wild report' to POC Intr...

Information Disclosure Vulnerability in RICOH printers

Overview Multiple RICOH printers contain Information Disclosure CWE-200. RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership. Impact A user who ca...