CVE-2023-30955 Foundry workspace-server Developer Mode Authorization Bypass

A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fi...

CVE-2023-30955

CVE-2023-30955 affects Palantir Foundry workspace-server prior to version 7.7.0, enabling a user to bypass an authorization check and view/interact with Developer Mode settings with insufficient privileges. The issue is resolved by upgrading to workspace-server 7.7.0 (fix deployed). Practical gui...

PT-2023-23084 · Foundry · Workspace-Server

Name of the Vulnerable Software and Affected Versions: Foundry workspace-server versions prior to 7.7.0 Description: A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This allowed users...

Palantir Foundry workspace-server 安全漏洞

Palantir Foundry workspace-server is a workspace service application from Palantir, Inc. A security vulnerability exists in Palantir Foundry workspace-server versions prior to 7.7.0 that originated from a vulnerability that allows an attacker to bypass authorization checks and view settings relat...

CVE-2023-21141

In several functions of several files, there is a possible way to access developer mode traces due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2023-21141

In several functions of several files, there is a possible way to access developer mode traces due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2023-21141

In several functions of several files, there is a possible way to access developer mode traces due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

PT-2023-17934 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-11 through Android-13 Description: The issue is related to a permissions bypass in several functions of multiple files, allowing access to developer mode traces. This could lead to local information disclosure without...

CVE-2023-21141

CVE-2023-21141 affects Android 11–13 and is linked to a permissions bypass that allows access to developer mode traces, enabling local information disclosure without additional execution privileges. The vulnerability is described as an information disclosure (ID) issue with local attack vector an...

CVE-2023-21141

In several functions of several files, there is a possible way to access developer mode traces due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

K25570584: Apache Struts vulnerability CVE-2012-0394

Security Advisory Description DISPUTED The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability...

SUSE CVE-2012-0394

The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself...

Dev mode Path traversal

Description Vite is misconfigured within nuxt to permit any file to be retrieved from the file system. Root Cause Vite configuration has strict set to false. Exploitation Requirements: + Server must be running in developer mode Vulnerability can be exploited using paths like the following...

Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode

The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."...

GHSA-HMVJ-GC9Q-MG9P Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode

The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."...

Cosori Smart 5.8-Quart Air Fryer CS158-AF configuration server code execution vulnerability

Summary A unauthenticated backdoor exists in the configuration server functionality of Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. Tested Versions Cosori Smart...

Hack-Tools - The All-In-One Red Team Extension For Web Pentester

The all-in-oneRed Team browser extension for Web Pentesters HackTools, is a web extension facilitating your web application penetration tests , it includes cheat sheets as well as all the tools used during a test such as XSS payloads, Reverse shells and much more. With the extension you no longer...

DiscordRAT - Discord Remote Administration Tool Fully Written In Python

Discord Remote Administration Tool fully written in Python3. This is a RAT controlled over Discord with over 20 post exploitation modules. Disclaimer: This tool is for educational use only, the author will not be held responsible for any misuse of this tool. This is my first project on github as...

Microsoft Windows - Global Reparse Point Security Feature BypassElevation of Privilege

Microsoft Windows - Global Reparse Point Security Feature BypassElevation of Privilege Windows: Global Reparse Point Security Feature Bypass/Elevation of Privilege Platform: Windows 10 1709 functionality not present prior to this version Class: Security Feature Bypass/Elevation of Privilege...

CVE-2017-9485

The Comcast firmware on Cisco DPC3939 firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST devices allows remote attackers to write arbitrary data to a known /var/tmp/sess pathname by leveraging the device's operation in UI dev mode...