[SECURITY] [DSA 4093-1] openocd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4093-1 [email protected] https://www.debian.org/security/ January 21, 2018 https://www.debian.org/security/faq - -------------------------------------------------------------------------...

Debian DSA-4093-1 : openocd - security update

Josef Gajdusek discovered that OpenOCD, a JTAG debugger for ARM and MIPS, was vulnerable to Cross Protocol Scripting attacks. An attacker could craft a HTML page that, when visited by a victim running OpenOCD, could execute arbitrary commands on the victims host. This fix also sets the OpenOCD...

UBUNTU-CVE-2018-5704

Open On-Chip Debugger OpenOCD 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site...

DEBIAN-CVE-2018-5704

Open On-Chip Debugger OpenOCD 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site...

PT-2018-17099 · Open On Chip Debugger +1 · Openocd +1

Name of the Vulnerable Software and Affected Versions: Open On-Chip Debugger OpenOCD version 0.10.0 Description: The issue allows remote attackers to conduct cross-protocol scripting attacks and execute arbitrary commands via a crafted web site, by not blocking attempts to use HTTP POST for sendi...

VulnCheck KEV: CVE-2005-2678

Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVERNAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost...

The vulnerability of the ss-manager component (manager.c) of the shadowsocks-libev proxy server allows a hacker to inject any command or execute any code.

The vulnerability of the ss-manager component manager.c of the shadowsock-libev proxy server is related to insufficient cleaning of special elements used in the command. Exploiting this vulnerability allows a local attacker to inject arbitrary commands or execute arbitrary code by sending a...

Remote code execution

Elixir's vim plugin, alchemist.vim is vulnerable to remote code execution in the bundled alchemist-server. A malicious website can execute requests against an ephemeral port on localhost that are then evaluated as elixir code...

Immunity Canvas: JBOSS6_JMXINVOKERSERVLET_DESERIALIZE

Name| jboss6jmxinvokerservletdeserialize ---|--- CVE| CVE-2015-7501 Exploit Pack| CANVAS Description| jboss6jmxinvokerservletdeserialize Notes| CVE Name: CVE-2015-7501 VENDOR: Red Hat NOTES: IMPORTANT NOTE: Any instance of this application running Apache Commons Collections version prior to 3.0...

Wordpress Image Upload for BBPress Plugin - Full Path Disclosure Vulnerability

Usage Info About Failure: The Full Path Disclosure vulnerability, when it occurs, exposes the full path of a particular file and the user on your server. These two information make life easier for an attacker. First he will know where the files are and his attempts will be directed. According to...

GSA Bounty: Homo graphs attack

Hi there, Greeting for the day, hope you are doing good, In Federa localhost i found homograph attack, Here i made homograph for the ebay.com, when see this link its look like normal simple text link but no its not, however, when you click on this particular link you might be think that you are...

Design/Logic Flaw

DISPUTED An issue was discovered in SMA Solar Technology products. By sniffing for specific packets on the localhost, plaintext passwords can be obtained as they are typed into Sunny Explorer by the user. These passwords can then be used to compromise the overall device. NOTE: the vendor reports...

CVE-2017-9854

An issue was discovered in SMA Solar Technology products. By sniffing for specific packets on the localhost, plaintext passwords can be obtained as they are typed into Sunny Explorer by the user. These passwords can then be used to compromise the overall device. NOTE: the vendor reports that...

PT-2017-19220 · Sma Solar Technology · Sunny Tripower +3

Name of the Vulnerable Software and Affected Versions: SMA Solar Technology products affected versions not specified Sunny Boy versions TLST-21 and TL-21 Sunny Tripower versions TL-10 and TL-30 Description: An issue was discovered in SMA Solar Technology products where plaintext passwords can be...

eCom Cart 1.3 SQL Injection

Exploit Title: eCom Cart 1.3 Exploit Google Dork: inurl:"/pdetails/11" 11 is variable Date: 10.06.2017 Exploit Author: Alperen Eymen Ozcan & Batuhan Camci Vendor Homepage: https://codecanyon.net/item/ecom-cart-a-php-shopping-cart-with-blog/13731007 Software Link:...

GitLab: SSRF vulnerability in gitlab.com via project import.

Dear GitLab bug bounty team, Summary --- It appears as though the fix to !17286 can be easily bypassed. You have blocked the usage of http://127.0.0.1, http://localhost/, etc., but http://0177.1/ and http://0x7f.1/, for instance, can still be used to scan internal ports. Error importing repositor...

DEBIAN-CVE-2017-7200

An SSRF issue was discovered in OpenStack Glance before Newton. The 'copyfrom' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to...

UBUNTU-CVE-2017-7200

An SSRF issue was discovered in OpenStack Glance before Newton. The 'copyfrom' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to...

Readymade Job Site Script 3.0.1 SQL Injection

Title: READYMADE JOB SITE SCRIPT v3.0.1 - Authentication Bypass & SQL injection Credit: Bilal KARDADOU Vendor: http://www.2daybiz.com Vendor URL: http://www.2daybiz.com/content/products/40-readymade-job-site-script.php Product: READYMADE JOB SITE SCRIPT v3.0.1 Google Dork: N/A Product & Service...

Joomla JomSocial SQL Injection

Exploit Title: Joomla! Component JomSocial - SQL Injection Google Dork: N/A Date: 25.02.2017 Vendor Homepage: https://www.cmsplugin.com/ Software : http://extensions.cmsplugin.com/extensions/j3demo/jomsocial Demo: http://extensions.cmsplugin.com/extensions/j3demo/jomsocial Version: N/A Tested on:...