CVE-2023-39515

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti accounts an...

CVE-2023-39515 Stored Cross-site Scripting on data_debug.php datasource path view in Cacti

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti accounts an...

sos bug fix and enhancement update

An update is available for sos. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The sos package contains a set of utilities that gather information from system...

CVE-2022-43937 - Sensitive fields are recorded in the debug-enabled logs

Possible information exposure through log file vulnerability where sensitive fields are recorded in the debug-enabled logs when debugging is turned on in Brocade SANnav before v2.3.0 and 2.2.2a...

Motorola MBTS Site Controller 安全漏洞

The Motorola EBTS Base Radio and Motorola MBTS Site Controller are both products of Motorola, U.S.A. The Motorola EBTS Base Radio is a walkie-talkie.The Motorola MBTS Site Controller is a The Motorola EBTS/MBTS Site Controller is a device used to manage and control a Macro Base Transceiver Statio...

Google Wear OS Security Vulnerability

Google Wear OS is a Google-developed operating system from Google, Inc. in the United States, designed for use in smartwatches, smart bands, and other wearable devices. Google Wear OS suffers from a security vulnerability that stems from an insecure default value in the checkDebuggingDisallowed...

PT-2023-7521 · Sierra Wireless · Aleos

Name of the Vulnerable Software and Affected Versions: ALEOS versions 4.16 and earlier Description: The issue is related to the use of hardcoded credentials in the debugging mode of the ALEOS operating system for Sierra Wireless MP70, RV50x, RV55, LX40, LX60 ES450, GX450 wireless routers. When...

Intel SDP Tool Security Vulnerability

Intel SDP Tool is a server debugging and configuration tool from Intel Corporation USA. A security vulnerability exists in IntelR SDP Tool versions prior to 1.4, which stems from incorrect default privileges. An attacker can exploit the vulnerability to elevate privileges...

Azure Serial Console Attack and Defense - Part 1

Ever had a virtual machine crash? Azure Serial console is a great way to directly connect to your Virtual machine and debug what went wrong. Azure Serial Console is a feature that's available for free for everyone. While the primary intent of this feature is to assist users debug their machine,...

Nozomi Networks Guardian Security Breach

Nozomi Networks Guardian is an IoT device and software inspection system from Nozomi Networks, USA. A security vulnerability exists in Nozomi Networks Guardian that stems from not enforcing a restriction on the application of actual assertions in the debugging function...

Lucee 5.4.2.17 - Authenticated Reflected XSS Vulnerability

Exploit Title: Lucee 5.4.2.17 - Authenticated Reflected XSS Exploit Author: Yehia Elghaly Vendor Homepage: https://www.lucee.org/ Software Link: https://download.lucee.org/ Version: http://172.16.110.130:8888/lucee/admin/server.cfm?action=%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%28%29%3E POST...

Sentry 安全漏洞

Mobileiron Sentry is a Smart Gateway product from Mobileiron, Inc. A security vulnerability exists in versions of Sentry prior to 23.5.2, which can be exploited by authenticated users to download debugging or artifact bundles from arbitrary organizations and projects using a known bundle ID...

Cisco Nexus 1000V ESXi Hypervisor Denial of Service (CVE-2013-1210)

Array index error in the Virtual Ethernet Module VEM kernel driver for VMware ESXi in Cisco NX-OS on the Nexus 1000V, when STUN debugging is enabled, allows remote attackers to cause a denial of service ESXi crash and purple screen of death by sending crafted STUN packets to a VEM, aka Bug ID...

PPLcontrol - Controlling Windows PP(L)s

This tool allows you to list protected processes, get the protection level of a specific process, or set an arbitrary protection level. For more information, you can read this blog post: Debugging Protected Processes. Usage 1. Download the MSI driver You can get a copy of the MSI driver...

How to capture and collect logs Citrix Secure Access VPN Plug-in on Windows.

Allow the capture of VPN Plug-In Citrix Secure Access debugging logs for 13.1 and higher builds...

Fedora: Security Advisory for rizin (FEDORA-2023-3dc1f9ba12)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

sos bug fix and enhancement update

An update is available for sos. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The sos package contains a set of utilities that gather information from system...

USN-6189-1: etcd vulnerability

It was discovered that etcd leaked credentials when debugging was enabled. This allowed remote attackers to discover etcd authentication credentials and possibly escalate privileges on systems using etcd...

USN-6189-1 etcd vulnerability

It was discovered that etcd leaked credentials when debugging was enabled. This allowed remote attackers to discover etcd authentication credentials and possibly escalate privileges on systems using etcd...

CVE-2023-21122

In various functions of various files, there is a possible way to bypass the DISALLOWDEBUGGINGFEATURES restriction for tracing due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...