2401 matches found
tomcat: XSS in SSI printenv
The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a...
Ddoor - Cross Platform Backdoor Using Dns Txt Records
Cross-platform backdoor using dns txt records. What is ddor? ddor is a cross platform light weight backdoor that uses txt records to execute commands on infected machines. Features Allows a single txt record to have seperate commands for both linux and windows machines List of around 10 public DN...
The vulnerability in the implementation of the Secure Boot protocol for operating systems with Windows, which allows a perpetrator to disclose protected information
The vulnerability of the Secure Boot protocol for loading operating systems on Windows is related to errors in accessing debugging functions during the loading process. Exploiting this vulnerability can allow an attacker to disclose sensitive information that is protected by the security measures...
USN-4171-1: Apport vulnerabilities
Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to possibly crash Apport or have other unspecified consequences. CVE-2019-11481 Sander Bos discovered a race-condition in Apport during core dump creation. This...
Fedora Update for libpcap FEDORA-2019-b92ce3144a
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora Update for libpcap FEDORA-2019-eaa681d33e
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
KTRW: The journey to build a debuggable iPhone
Posted by Brandon Azad, Project Zero In my role here at Project Zero, I do not use some of the tooling used by some external iOS security researchers, in particular development-fused iPhones with hardware debugging capabilities like JTAG enabled. I believe that access to such devices puts those w...
[SECURITY] Fedora 29 Update: libpcap-1.9.1-1.fc29
Libpcap provides a portable framework for low-level network monitoring. Libpcap can provide network statistics collection, security monitoring and network debugging. Since almost every system vendor provides a different interface for packet capture, the libpcap authors created this...
[SECURITY] Fedora 31 Update: libpcap-1.9.1-1.fc31
Libpcap provides a portable framework for low-level network monitoring. Libpcap can provide network statistics collection, security monitoring and network debugging. Since almost every system vendor provides a different interface for packet capture, the libpcap authors created this...
[SECURITY] Fedora 30 Update: libpcap-1.9.1-1.fc30
Libpcap provides a portable framework for low-level network monitoring. Libpcap can provide network statistics collection, security monitoring and network debugging. Since almost every system vendor provides a different interface for packet capture, the libpcap authors created this...
Cisco IOS Authentication Bypass (CVE-2019-12643)
An authentication bypass vulnerability exists in the Cisco REST API Software. This vulnerability is due to a debugging API endpoint being enabled by default in the management of the REST API authentication service. Successful exploitation of this vulnerability could lead to an authentication bypa...
IoT-Implant-Toolkit - Toolkit For Implant Attack Of IoT Devices
IoT-Implant-Toolkit is a framework of useful tools for malware implantation research of IoT devices. It is a toolkit consisted of essential software tools on firmware modification, serial port debugging, software analysis and stable spy clients. With an easy-to-use and extensible shell-like...
The vulnerability of the parse_hid_report_descriptor() function in the Linux operating system allows a perpetrator to compromise data integrity, gain unauthorized access to protected information, and cause service failures.
The vulnerability of the parsehidreportdescriptor function in the Linux operating system is related to writing beyond buffer boundaries during debugging messages generation. Exploiting this vulnerability can allow attackers to compromise data integrity, gain unauthorized access to protected...
CVE-2019-1368
A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality, aka 'Windows Secure Boot Security Feature Bypass Vulnerability'...
CVE-2019-1368
A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality, aka 'Windows Secure Boot Security Feature Bypass Vulnerability'...
Security feature bypass
A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality, aka 'Windows Secure Boot Security Feature Bypass Vulnerability'...
Microsoft Windows Secure Boot Security Feature Bypass Vulnerability
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, U.S.A. Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. Windows Secure Boot is one of the secure boot components. A security feature bypas...
Metasploit HTTP(S) handler DoS
This module exploits the Metasploit HTTPS handler by sending a specially crafted HTTP request that gets added as a resource handler. Resources which come from the external connections are evaluated as RegEx in the handler server. Specially crafted input can trigger Gentle, Soft and Hard DoS. Test...
Windows Secure Boot Security Feature Bypass Vulnerability
A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality. An attacker who successfully exploited this vulnerability could disclose protected kernel memory. To exploit the vulnerability, an attacker must gain physical access to the target...
[SECURITY] Fedora 31 Update: libdwarf-20191002-1.fc31
Library to access the DWARF debugging file format which supports source level debugging of a number of procedural languages, such as C, C++, and Fortran. Please see http://www.dwarfstd.org for DWARF specification...