A day^W^W Several months in the life of Project Zero - Part 2: The Chrome exploit of suffering

Posted by Sergei Glazunov and Mark Brand, Project Zero Introduction After we’d understood how the bug worked, and had passed on those details to Chrome to help them get started on a fix, we went back to our other projects. This bug remained a topic of discussion, and eventually we ran out of...

CVE-2013-3091

An Authentication Bypass vulnerability in Belkin N300 F7D7301v1 router allows remote attackers to bypass authentication using "Javascript debugging."...

Authentication flaw

An Authentication Bypass vulnerability in Belkin N300 F7D7301v1 router allows remote attackers to bypass authentication using "Javascript debugging."...

CVE-2013-3091

An Authentication Bypass vulnerability in Belkin N300 F7D7301v1 router allows remote attackers to bypass authentication using "Javascript debugging."...

IBM Security Directory Server Information Disclosure Vulnerability (CNVD-2020-04412)

IBM Security Directory Server is a suite of enterprise identity management software from IBM USA that uses the Lightweight Directory Access Protocol LDAP. The software provides a trusted identity data infrastructure for authentication. IBM Security Directory Server version 6.4.0 is deployed using...

CVE-2019-4550

IBM Security Directory Server 6.4.0 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 165952...

CVE-2019-4550

IBM Security Directory Server 6.4.0 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 165952...

Code injection

IBM Security Directory Server 6.4.0 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 165952...

CVE-2019-4550

IBM Security Directory Server 6.4.0 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 165952...

CVE-2019-4550

IBM Security Directory Server 6.4.0 is affected by a vulnerability where active debugging code creates unintended entry points, enabling potential information exposure. The issue is documented across multiple sources (NVD entry CVE-2019-4550; CNVD-2020-04412) with a MEDIUM severity (CVSSv3.1 base...

Security Bulletin: Multiple security vulnerabilities have been addressed in IBM Security Directory Server

Summary Multiple security vulnerabilities have been fixed and delivered in IBM Security Directory Server. Vulnerability Details CVEID: CVE-2019-4551 DESCRIPTION: IBM Security Directory Server does not perform an authentication check for a critical resource or functionality allowing anonymous user...

Information Disclosure

nifi-parameter is vulnerable to information disclosure. The parameter parser logs parsed values for debugging purposes. The values can contain confidential information such as usernames and passwords...

CVE-2020-1928

An information disclosure vulnerability was found in Apache NiFi 1.10.0. The sensitive parameter parser would log parsed values for debugging purposes. This would expose literal values entered in a sensitive property when no parameter was present...

CVE-2020-1928

An information disclosure vulnerability was found in Apache NiFi 1.10.0. The sensitive parameter parser would log parsed values for debugging purposes. This would expose literal values entered in a sensitive property when no parameter was present...

h1-ctf: [h1-415 2020] SSRF in a headless chrome with remote debugging leads to sensible information leak

Summary: Converter is using headless chrome with remote debbuging by rendring a page where we have out name, with which we can get xss leads to ssrf By using the remote debbugging with that ssrf we can grab the info all tabs in that chrome wher we can get even the flag document. Steps To Reproduc...

h1-ctf: [h1-415 2020] @_bayotop h1-415-ctf writeup

TL;DR: Thanks for the challenge! 1. Abusing account recovery via QR codes to get access to [email protected]. 2. Blind XSS in /support/review/ including CSP bypass. 3. Missing input sanitization on name parameter when POSTing to /support/review/. 4. Access to remote debugging port on local...

MariaDB: Exposed debug.log file leads to information disclosure

At the following address i have found debug.log file disclose the application full path on the server. And there is database username too in debug.log http://mariadb.org/wp-content/debug.log Impact Information disclosure...

Persistence – Image File Execution Options Injection

Image File Execution Options is a Windows registry key which enables developers to attach a debugger to an application and to enable "GlobalFlag" for application debugging. This behavior of Windows opens the door for persistence since an arbitrary executable can be used as a debugger of a specifi...

Fedora Update for libdwarf FEDORA-2019-4fa597c615

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2013-3088

Belkin N900 router F9K1104v1 contains an Authentication Bypass using "Javascript debugging"...