CVE-2019-4299

IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive information from log files when debugging is enabled. IBM X-Force ID: 160765...

PT-2019-17023 · Automation Anywhere +1 · Automation Anywhere +1

Name of the Vulnerable Software and Affected Versions: IBM Robotic Process Automation with Automation Anywhere version 11 Description: The issue allows a local user to obtain highly sensitive information from log files when debugging is enabled. Recommendations: For IBM Robotic Process Automation...

EA Origin Template Injection Remote Code Execution

Exploit Title: EA Origin 10.5.36 Template Injection Remote Code Execution Date: 04/19/2019 Exploit Author: Dominik Penner @zer0pwn Vendor Homepage: https://www.origin.com Software Link: https://www.origin.com/can/en-us/store/download Version: 10.5.36 and below Tested on: Windows 10 CVE :...

Security Bulletin: IBM Robotic Process Automation Client Security Token is written to the Client log file (CVE-2019-4299)

Summary IBM Robotic Process Automation Client Security Token is written to the Client log file Vulnerability Details CVEID: CVE-2019-4299 DESCRIPTION: IBM Robotic Process Automation with Automation Anywhere could allow a local user to obtain highly sensitive information from log files when...

Unprotect Project: Classify Malwares Based on Known Evasion Techniques

PenTestIT RSS Feed One of the first steps in learning about a malware is to see if it is evasive in any sense and then proceed accordingly. The Unprotect Project helps you do this easily. It is an open source project in Python that proposes a malware classification techniques based on their evasi...

CocoaDebug - iOS Debugging Tool

iOS Debugging Tool Shake to hide or show the black bubble. support both device and simulator Long press the black bubble to show UIDebuggingInformationOverlay. Apple's Private API, support iOS 10/11/12 Application memory usage and FPS. List all print and NSLog messages which have been written by...

The vulnerability of the microprogrammed programmable logic controller Modicon, related to unprocessed exceptions, allows a intruder to trigger a service failure.

The vulnerability of the microprogrammed logic controller Modicon is related to unprocessed exceptions. Exploiting this vulnerability could allow a malicious actor to cause malfunctions by sending inappropriate debugging parameters to the controller using the Modbus protocol...

Exploit for Use After Free in Microsoft

CVE-2019-0708 - BlueKeep RDP RDP Connection Sequence:...

Debian DLA-1810-1 : tomcat7 security update

Nightwatch Cybersecurity Research team identified a XSS vulnerability in tomcat7. The SSI printenv command echoes user provided data without escaping. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website. For Debian 8...

Time travel debugging: It’s a blast! (from the past)

The Microsoft Security Response Center MSRC works to assess vulnerabilities that are externally reported to us as quickly as possible, but time can be lost if we have to confirm details of the repro steps or environment with the researcher to reproduce the vulnerability. Microsoft has made our...

Time travel debugging: It’s a blast! (from the past)

The Microsoft Security Response Center MSRC works to assess vulnerabilities that are externally reported to us as quickly as possible, but time can be lost if we have to confirm details of the repro steps or environment with the researcher to reproduce the vulnerability. Microsoft has made our...

Time travel debugging: It’s a blast! (from the past)

The Microsoft Security Response Center MSRC works to assess vulnerabilities that are externally reported to us as quickly as possible, but time can be lost if we have to confirm details of the repro steps or environment with the researcher to reproduce the vulnerability. Microsoft has made our...

Command injection

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a...

CVE-2019-0221

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a...

CVE-2018-20008

iBall Baton iB-WRB302N20122017 devices have improper access control over the UART interface, allowing physical attackers to discover Wi-Fi credentials plain text and the web-console password base64 via the debugging console...

Improper access control

iBall Baton iB-WRB302N20122017 devices have improper access control over the UART interface, allowing physical attackers to discover Wi-Fi credentials plain text and the web-console password base64 via the debugging console...

CVE-2018-20008

iBall Baton iB-WRB302N20122017 devices have improper access control over the UART interface, allowing physical attackers to discover Wi-Fi credentials plain text and the web-console password base64 via the debugging console...

CVE-2019-0221

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a...

EUVD-2019-0473

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a...

CVE-2018-20008

iBall Baton iB-WRB302N20122017 devices have improper access control over the UART interface, allowing physical attackers to discover Wi-Fi credentials plain text and the web-console password base64 via the debugging console...