CVE-2017-14770

Skybox Manager Client Application prior to 8.5.501 is prone to an information disclosure vulnerability of user password hashes. A local authenticated attacker can access the password hashes in a debugger-pause state during the authentication process...

CVE-2017-14771

Skybox Manager Client Application prior to 8.5.501 is prone to an arbitrary file upload vulnerability due to insufficient input validation of user-supplied files path when uploading files via the application. During a debugger-pause state, a local authenticated attacker can upload an arbitrary fi...

Command Injection In NodeJS Debugger

NodeJS is vulnerable to command injection. The debugger listens on "any" address instead of 127.0.0.1 by default...

Nodejs V8 Debugger Remote Code Execution

A remote code execution vulnerability is exist in Node.js v8 debugger. A remote attacker can exploit this weakness to execute arbitrary code in the Nodejs server via a crafted request...

Razer US: DOM XSS and Open Redirect on the themes.razerzone.com

We appreciate the report and look forward to working with sp1d3rs in the future. I discovered the Open Redirect on the https://themes.razerzone.com/developers/signin endpoint. The root cause of the redirect was the insecure changing of window.location without validation - the original URL paramet...

NodeJS Debugger - Command Injection (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "NodeJS Debugger Command Injection", 'Description' = %q This module uses the "evaluate" request type of the NodeJS V8 debugger protocol version 1 t...

NodeJS Debugger Command Injection Exploit

This Metasploit module uses the "evaluate" request type of the NodeJS V8 debugger protocol version 1 to evaluate arbitrary JS and call out to other system commands. The port default 5858 is not exposed non-locally in default configurations, but may be exposed either intentionally or via...

rVMI: Perform Full System Analysis with Ease

Manual dynamic analysis is an important concept. It enables us to observe the behavior of a sophisticated malware sample or exploit by executing it in a controlled environment. The information gathered through this process is often crucial in gaining a full understanding of a sample. When...

rVMI: Perform Full System Analysis with Ease

Manual dynamic analysis is an important concept. It enables us to observe the behavior of a sophisticated malware sample or exploit by executing it in a controlled environment. The information gathered through this process is often crucial in gaining a full understanding of a sample. When...

CVE-2017-14546

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to an "Error Code 0xe06d7363 starting at wow64!Wow64NotifyDebugger+0x000000000000001d."...

The vulnerability of the Venkman script debugger for the Firefox browser allows a hacker to execute arbitrary code.

The vulnerability of the Venkman script debugger in the Firefox browser arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

NodeJS Debugger Command Injection

This module uses the "evaluate" request type of the NodeJS V8 debugger protocol version 1 to evaluate arbitrary JS and call out to other system commands. The port default 5858 is not exposed non-locally in default configurations, but may be exposed either intentionally or via misconfiguration. Th...

[SECURITY] [DSA 3963-1] mercurial security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3963-1 [email protected] https://www.debian.org/security/ Sebastien Delafond September 04, 2017 https://www.debian.org/security/faq -...

To DVRF（router flaws drone as an example the interpretation of JEB firmware flaws applications Part 1-the vulnerability warning-the black bar safety net

A, media In this series of articles, I will send everyone to the presentation if any application JEB MIPS Decompiler1to find and the application of the embedded equipment software flaws. In order to accomplish this obligation, we need to apply the Praetorian supplied to the DVRF（Damn Vulnerable...

Bytecode Viewer - A Java 8 Jar & Android Apk Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

Bytecode Viewer is an Advanced Lightweight Java Bytecode Viewer, GUI Java Decompiler, GUI Bytecode Editor, GUI Smali, GUI Baksmali, GUI APK Editor, GUI Dex Editor, GUI APK Decompiler, GUI DEX Decompiler, GUI Procyon Java Decompiler, GUI Krakatau, GUI CFR Java Decompiler, GUI FernFlower Java...

Mozilla Firefox Remote Code Execution Vulnerability (CNVD-2017-223305)

Mozilla Firefox browser Firefox is a free, open source browser for Windows, Linux and MacOSX platforms. A remote code execution vulnerability exists in the Venkman script debugger in Mozilla Firefox version 2.0.0.8. A remote attacker can exploit this vulnerability to execute arbitrary code...

Microsoft Edge Chakra Heap Buffer Overflow

IsCoroutine ... else InterpreterStackFrame::Setup setupfunction, args; sizet varAllocCount = setup.GetAllocationVarCount; //printf"varAllocCount: %d%X\r\n", varAllocCount, varAllocCount; sizet varSizeInBytes = varAllocCount sizeofVar; // // Allocate a new InterpreterStackFrame instance on the...

Microsoft Edge Chakra NULL Pointer Dereference

spreadIndices = nullptr // This function emits the arguments for a call. // ArgOut's with uses immediately following defs. EmitArgListStartthisLocation, byteCodeGenerator, funcInfo, callSiteId; Js::RegSlot evalLocation = Js::Constants::NoRegister; // // If Emitting arguments for eval and assignin...

CVE-2007-5341

Remote code execution in the Venkman script debugger in Mozilla Firefox before 2.0.0.8...

CVE-2007-5341

Remote code execution in the Venkman script debugger in Mozilla Firefox before 2.0.0.8...