CVE-2019-4550

IBM Security Directory Server 6.4.0 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 165952...

CVE-2019-4550

IBM Security Directory Server 6.4.0 is affected by a vulnerability where active debugging code creates unintended entry points, enabling potential information exposure. The issue is documented across multiple sources (NVD entry CVE-2019-4550; CNVD-2020-04412) with a MEDIUM severity (CVSSv3.1 base...

Security Bulletin: Multiple security vulnerabilities have been addressed in IBM Security Directory Server

Summary Multiple security vulnerabilities have been fixed and delivered in IBM Security Directory Server. Vulnerability Details CVEID: CVE-2019-4551 DESCRIPTION: IBM Security Directory Server does not perform an authentication check for a critical resource or functionality allowing anonymous user...

Information Disclosure

nifi-parameter is vulnerable to information disclosure. The parameter parser logs parsed values for debugging purposes. The values can contain confidential information such as usernames and passwords...

CVE-2020-1928

An information disclosure vulnerability was found in Apache NiFi 1.10.0. The sensitive parameter parser would log parsed values for debugging purposes. This would expose literal values entered in a sensitive property when no parameter was present...

CVE-2020-1928

An information disclosure vulnerability was found in Apache NiFi 1.10.0. The sensitive parameter parser would log parsed values for debugging purposes. This would expose literal values entered in a sensitive property when no parameter was present...

h1-ctf: [h1-415 2020] SSRF in a headless chrome with remote debugging leads to sensible information leak

Summary: Converter is using headless chrome with remote debbuging by rendring a page where we have out name, with which we can get xss leads to ssrf By using the remote debbugging with that ssrf we can grab the info all tabs in that chrome wher we can get even the flag document. Steps To Reproduc...

h1-ctf: [h1-415 2020] @_bayotop h1-415-ctf writeup

TL;DR: Thanks for the challenge! 1. Abusing account recovery via QR codes to get access to [email protected]. 2. Blind XSS in /support/review/ including CSP bypass. 3. Missing input sanitization on name parameter when POSTing to /support/review/. 4. Access to remote debugging port on local...

MariaDB: Exposed debug.log file leads to information disclosure

At the following address i have found debug.log file disclose the application full path on the server. And there is database username too in debug.log http://mariadb.org/wp-content/debug.log Impact Information disclosure...

Persistence – Image File Execution Options Injection

Image File Execution Options is a Windows registry key which enables developers to attach a debugger to an application and to enable "GlobalFlag" for application debugging. This behavior of Windows opens the door for persistence since an arbitrary executable can be used as a debugger of a specifi...

Fedora Update for libdwarf FEDORA-2019-4fa597c615

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2013-3088

Belkin N900 router F9K1104v1 contains an Authentication Bypass using "Javascript debugging"...

Authentication flaw

Belkin N900 router F9K1104v1 contains an Authentication Bypass using "Javascript debugging"...

CVE-2013-3088

Belkin N900 router F9K1104v1 contains an Authentication Bypass using "Javascript debugging"...

DLL Hijacking Vulnerability in Weinview EasyWatch

EasyWatch is a tool for debugging or remote monitoring. Weinview EasyWatch suffers from a DLL hijacking vulnerability that can be exploited by attackers to execute malicious code...

RetDec - A Retargetable Machine-Code Decompiler Based On LLVM

RetDec is a retargetable machine-code decompiler based on LLVM. The decompiler is not limited to any particular target architecture, operating system, or executable file format: Supported file formats: ELF, PE, Mach-O, COFF, AR archive, Intel HEX, and raw machine code Supported architectures:...

CAPE - Malware Configuration And Payload Extraction

CAPE is a malware sandbox. It is derived from Cuckoo and is designed to automate the process of malware analysis with the goal of extracting payloads and configuration from malware. This allows CAPE to detect malware based on payload signatures, as well as automating many of the goals of malware...

EulerOS 2.0 SP8 : libpcap (EulerOS-SA-2019-2286)

According to the versions of the libpcap package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Libpcap provides a portable framework for low-level network monitoring. Libpcap can provide network statistics collection,security monitoring an...

macOS 10.14.6 - root->kernel Privilege Escalation via update_dyld_shared_cache

Tested on macOS Mojave 10.14.6, 18G87 and Catalina Beta 10.15 Beta 19A536g. On macOS, the dyld shared cache in /private/var/db/dyld/ is generated locally on the system and therefore doesn't have a real code signature; instead, SIP seems to be the only mechanism that prevents modifications of the...

tomcat: XSS in SSI printenv

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a...