CVE-2017-3801

A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a Privilege Escalation Vulnerability. The vulnerability is due to improper role-based access control RBAC...

Boozt Fashion AB: ADB Backup is enabled within AndroidManifest

ADB Backup is enabled for this app. ADB Backup feature is a good tool for backing up all of your files. If it's enabled, malicious users who have your phone can copy all of the sensitive data for this app in your phone. Requirement: Unlock phone's screen; Enable the developer mode. Sensitive data...

w00t! Google OnHub Router actually Runs on Chrome OS; Here's How to Root it

Are you intrigued with the idea of disassembling things and making them work your ways? Then you’ll find this coverage to be one of its kind! Google OnHub Router runs ChromiumOS Chrome OS, the same Linux-based operating system that powers Google Chromebook laptops and desktops. Yeah, It's True. A...

Crouton - Chromium OS Universal Chroot Environment

crouton is a set of scripts that bundle up into an easy-to-use, Chromium OS-centric chroot generator. Currently Ubuntu and Debian are supported using debootstrap behind the scenes, but "Chromium OS Debian, Ubuntu, and Probably Other Distros Eventually Chroot Environment" doesn't acronymize as wel...

Apache Struts Developer Mode OGNL Execution

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include...

Stack overflow

Stack-based buffer overflow in a certain decryption function in qconnDoor on BlackBerry Z10 devices with software 10.1.0.2312, when developer-mode has been previously enabled, allows remote attackers to execute arbitrary code via a crafted packet in a TCP session on a wireless network...

BlackBerry Z 10 Buffer Overflow

--------------------------------------------------------------------- modzero Security Advisory: BlackBerry Z 10 - Buffer Overflow in qconnDoor MZ-13-05 --------------------------------------------------------------------- --------------------------------------------------------------------- 1...

Apache Struts Debugging Interceptor Remote Code Execution (CVE-2012-0394)

A remote code execution vulnerability exists in Apache Struts 2 web application framework. The vulnerability is due to insufficient input sanitization when running commands in "developer mode". A remote attacker can exploit this vulnerability by sending a crafted HTTP request to a vulnerable...

Apache Struts Developer Mode OGNL Execution Exploit

This Metasploit module exploits a remote command execution vulnerability in Apache Struts 2. The problem exists on applications running in developer mode, where the DebuggingInterceptor allows evaluation and execution of OGNL expressions, which allows remote attackers to execute arbitrary Java...

Oracle Application Framework - Diagnostic Mode Bypass

Trustwave SpiderLabs Security Advisory TWSL2012-023: Oracle Application Framework Diagnostic Mode Bypass Vulnerability Published: 1/15/2013 Version: 1.0 Vendor: Oracle www.oracle.com Product: Oracle Application Framework Version affected: 11.5.10.2, 12.0.6, 12.1.3 Product description: The Oracle...

PT-2012-2538 · Apache · Apache Struts

Name of the Vulnerable Software and Affected Versions: Apache Struts versions prior to 2.3.1.1 Description: The issue allows remote attackers to execute arbitrary commands via unspecified vectors when the DebuggingInterceptor component is used in developer mode. The vendor characterizes this...

Design/Logic Flaw

Google Chrome before 13.0.782.107 does not ensure that developer-mode NPAPI extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension...

Enable Web Sudo to work with other single-sign-on solutions

Customers with some of the unsupported single sign-on solutions|http://confluence.atlassian.com/display/DEV/Single+Sign-on+Integration+with+JIRA+and+Confluence can't easily upgrade to Confluence 3.3 because WebSudo doesn't handle external SSO solutions. See this example:...