Unauthorized Access Vulnerability in Liferay Portal

Liferay Portal is both an open source portal building tools , but also a Java-based application software system development platform . An unauthorized access vulnerability exists in Liferay Portal, which can be exploited by an attacker to view sensitive information such as debugging information...

Samsung Mobile Device Information Disclosure Vulnerability (CNVD-2020-29854)

Android is a free and open source operating system from Google based on the Linux kernel without GNU components. An information disclosure vulnerability exists in Samsung mobile devices, which can be exploited by attackers to access data with the help of Bluetooth debugging commands...

FreeBSD : puppetserver and puppetdb -- Puppet Server and PuppetDB may leak sensitive information via metrics API (36def7ba-6d2b-11ea-b115-643150d3111d)

Puppetlabs reports : Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types which may contain sensitive information as...

USN-4171-5: Apport regression

USN-4171-1 fixed vulnerabilities in Apport. This caused a regression in autopkgtest and python2 compatibility. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Kevin Backhouse discovered Apport would read its user-controlled settings file as the root...

tomcat: XSS in SSI printenv

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a...

Chrome Cookie Extraction

Extract cookies from Chrome using Chrome’s Remote Debugging Protocol Recent assessments: 0xEmma at March 15, 2020 7:03pm UTC reported: Although this can lead to cookie leaks, the typical session cookie expires. And the complexity of this attack requires local access to a system, which, generally...

Betwixt - Web Debugging Proxy Based On Chrome DevTools Network Panel

Betwixt will help you analyze web traffic outside the browser using familiar Chrome DevTools interface. Installing Download the latest release for your operating system, build your own bundle or run Betwixt from the source code. Setting up In order to capture traffic, you'll have to direct it to...

CVE-2020-7943

Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types which may contain sensitive information as well as function names...

Design/Logic Flaw

Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types which may contain sensitive information as well as function names...

CVE-2020-7943

Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types which may contain sensitive information as well as function names...

Exploit for CVE-2019-1458

CVE-2019-1458: Going from 'in the wild report' to POC Intr...

Information Disclosure Vulnerability in RICOH printers

Overview Multiple RICOH printers contain Information Disclosure CWE-200. RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership. Impact A user who ca...

A day^W^W Several months in the life of Project Zero - Part 2: The Chrome exploit of suffering

Posted by Sergei Glazunov and Mark Brand, Project Zero Introduction After we’d understood how the bug worked, and had passed on those details to Chrome to help them get started on a fix, we went back to our other projects. This bug remained a topic of discussion, and eventually we ran out of...

CVE-2013-3091

An Authentication Bypass vulnerability in Belkin N300 F7D7301v1 router allows remote attackers to bypass authentication using "Javascript debugging."...

Authentication flaw

An Authentication Bypass vulnerability in Belkin N300 F7D7301v1 router allows remote attackers to bypass authentication using "Javascript debugging."...

CVE-2013-3091

An Authentication Bypass vulnerability in Belkin N300 F7D7301v1 router allows remote attackers to bypass authentication using "Javascript debugging."...

IBM Security Directory Server Information Disclosure Vulnerability (CNVD-2020-04412)

IBM Security Directory Server is a suite of enterprise identity management software from IBM USA that uses the Lightweight Directory Access Protocol LDAP. The software provides a trusted identity data infrastructure for authentication. IBM Security Directory Server version 6.4.0 is deployed using...

CVE-2019-4550

IBM Security Directory Server 6.4.0 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 165952...

CVE-2019-4550

IBM Security Directory Server 6.4.0 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 165952...

Code injection

IBM Security Directory Server 6.4.0 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 165952...