Cisco IOS XE Software Active Debug Code Vulnerability

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with high privileges or an unauthenticated attacker with physical access to the device to open a debugging console. The vulnerability is due to insufficient command authorization restrictions. An attacker could...

Update of python-perf, kernel-firmware, perf, kernel-debug-devel, kernel-devel, kernel-debug-devel, kernel-headers, kernel-firmware, kernel, kernel-debug

...

Exploit for Off-by-one Error in Sudo_Project Sudo

CVE-2021-3156 Sudo Baron Samedit This repository is CVE-202...

The vulnerability of Intel microprogramming software relates to the transmission of confidential information in debugging messages, allowing a intruder to gain unauthorized access to protected information.

The vulnerability of Intel microprogramming software is related to the transmission of confidential information in debugging messages. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...

HFS (HTTP File Server) 2.3.x Remote Code Execution

Exploit Title: HFS HTTP File Server 2.3.x - Remote Command Execution 3 Google Dork: intext:"httpfileserver 2.3" Date: 20/02/2021 Exploit Author: Pergyz Vendor Homepage: http://www.rejetto.com/hfs/ Software Link: https://sourceforge.net/projects/hfs/ Version: 2.3.x Tested on: Microsoft Windows...

Shining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part One)

In 2019, Mandiant’s Red Team discovered a series of vulnerabilities present within Digi International’s ConnectPort X2e device, which allows for remote code execution as a privileged user. Specifically, Mandiant’s research focused on SolarCity’s now owned by Tesla rebranded ConnectPort X2e device...

Engel & Völkers Technology GmbH: CVE-2019-11248 on alertmanager.ev-cloud-platform.engelvoelkers.com

Summary: The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration. Steps To Reproduce: Navigate to the following...

OSV-2021-289 Global-buffer-overflow in vte_write_debug

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30351 Crash type: Global-buffer-overflow READ 1 Crash state: vtewritedebug doaction parsedata...

CVE-2021-3333

Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting XSS. When outputting SQL statements for debugging, a maliciously crafted query can trigger an XSS attack. This attack only succeeds if the user is already logged in to Open-AudIT before they click the malicious link...

Uroboros - A GNU/Linux Monitoring And Profiling Tool Focused On Single Processes

Uroboros is a GNU/Linux monitoring tool focused on single processes. While utilities like top, ps and htop provide great overall details, they often lack useful temporal representation for specific processes, such visual representation of the process data points can be used to profile, debug and...

A vulnerability exists in the Android version of the Miramar app that does not disable app debugging privileges.

The Beauty Talk app is a software used for online shopping. A vulnerability exists in the Android version of Meilizhou app where the APP debugging privilege is not closed. Attackers can use the vulnerability to debug the app to obtain sensitive user information...

Emulation of Kernel Mode Rootkits With Speakeasy

In August 2020, we released a blog post about how the Speakeasy emulation framework can be used to emulate user mode malware such as shellcode. If you haven’t had a chance, give the post a read today. In addition to user mode emulation, Speakeasy also supports emulation of kernel mode Windows...

HyperDbg - The Source Code Of HyperDbg Debugger

HyperDbg is designed with a focus on using modern hardware technologies to provide new features to the reverse engineering world. It operates on top of Windows by virtualizing an already running system using Intel VT-x and Intel PT. This debugger aims not to use any APIs and software debugging...

Denial Of Service (DoS)

Xen is vulnerable to denial of service. A malicious guest administrator is able to cause management tools and debugging operations to fail by creating paths in its own namespace that are too long...

Metasploit Tips and Tricks for HaXmas 2020

For this year's HaXmas, we're giving the gift of Metasploit knowledge! We'll cover a mix of old, new, or recently improved features that you can incorporate into your workflows. Some of our readers may already know these tips and tricks for using Metasploit, but for the others who aren't aware of...

Exploit for OS Command Injection in Sonatype Nexus_Repository_Manager

CVE-2019-5475 CVE-2019-5475 and CVE-2019-15588: RCE command...

CVE-2020-29482

An issue was discovered in Xen through 4.14.x. A guest may access xenstore paths via absolute paths containing a full pathname, or via a relative path, which implicitly includes /local/domain/$DOMID for their own domain id. Management tools must access paths in guests' namespaces, necessarily usi...

ALPINE-CVE-2020-29482

An issue was discovered in Xen through 4.14.x. A guest may access xenstore paths via absolute paths containing a full pathname, or via a relative path, which implicitly includes /local/domain/$DOMID for their own domain id. Management tools must access paths in guests' namespaces, necessarily usi...

CVE-2020-29482

An issue was discovered in Xen through 4.14.x. A guest may access xenstore paths via absolute paths containing a full pathname, or via a relative path, which implicitly includes /local/domain/$DOMID for their own domain id. Management tools must access paths in guests' namespaces, necessarily usi...

CVE-2020-29482

An issue was discovered in Xen through 4.14.x. A guest may access xenstore paths via absolute paths containing a full pathname, or via a relative path, which implicitly includes /local/domain/$DOMID for their own domain id. Management tools must access paths in guests' namespaces, necessarily usi...