1945 matches found
CVE-2012-1793: PCWELT PcwRunAsGui and PcwRunAs information disclosure
The CVE-2012-1793 entry concerns PC-Welt’s PcwRunAsGui and PcwRunAs. A design flaw in the password obfuscation allows a local attacker to recover or decrypt passwords encrypted by pcwRunAsGui.exe, effectively exposing sensitive credentials from the RunAs workflow. The PacketStorm entry classifies...
Carbylamine PHP Encoder - Make PHP files Fully Undetectable from Antivirus
Carbylamine PHP Encoder - Make PHP files Fully Undetectable from Antivirus Carbylamine PHP Encoder is a PHP Encoder for obfuscating/encoding PHP files so that antivirus detection signatures can be bypassed. High Security PHP Encoder Stops unauthorized personnel from reading, modifying and reverse...
Zulu - Zscaler Malware Scanning Service
Zulu - Zscaler Malware Scanning Service Zscaler has launched a new freE online service called Zulu that can assess the security risk associated with URLs by analyzing the content they point to, as well as the reputation of their corresponding domain names and IP addresses. Zulu allows security...
Cisco CUCM - Multiple Vulnerabilities
Recurity Labs GmbH http://www.recurity-labs.com [email protected] Date: 08.11.2011 Vendor: Cisco Systems Product: CUCM Environment Cisco Unified Communications Manager CallManager Cisco IP Phone CP-7975G Vulnerability: Directory Traversal Reversible Obfuscation Algorithm SCCP service...
Cisco CUCM Directory Traversal / Reversible Obfuscation
Recurity Labs GmbH http://www.recurity-labs.com [email protected] Date: 08.11.2011 Vendor: Cisco Systems Product: CUCM Environment Cisco Unified Communications Manager CallManager Cisco IP Phone CP-7975G Vulnerability: Directory Traversal Reversible Obfuscation Algorithm SCCP service...
Opera Web Browser SVG布局内存破坏漏洞
BUGTRAQ ID: 50044 Opera为来自挪威的一个浏览器。 Opera Web Browser在实现上存在内存破坏漏洞,远程攻击者可利用此漏洞执行任意代码,可能会造成拒绝服务。 Opera Software Opera Web Browser 12 Opera Software Opera Web Browser 11.x Opera Software Opera Web Browser 10.x 厂商补丁: Opera Software -------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Repeated Character Conversion Obfuscation
Although various security products provide coverage against many web vulnerabilities, Metasploit exploits could potentially bypass these security products by using JavaScript obfuscation techniques. An example of such a technique is the repeated character conversion obfuscation. Such techniques...
CVE-2011-0527: VMware vFabric tc Server password obfuscation bypass
Severity: Important Versions Affected: 2.0.0.RELEASE to 2.0.5.SR01 2.1.0.RELEASE to 2.1.1.SR01 Description: tc Server allows users to store the passwords used for JMX authentication in an obfuscated form for organizations where storing passwords in plain text is not permitted. The JMX...
Smiasm - Reverse engineering framework
Smiasm - Reverse engineering framework What is Miasm? Miasm is a a free and open source GPLv2 reverse engineering framework. Miasm aims at analyzing/modifying/generating binary programs. Here is a non exhausting list of features: opening/modifying/generating PE/ELF 32/64 le/be using Elfesteem...
Cross Site Scripting - Dokumentation, Analyse & Techniken
Document Title: =============== Cross Site Scripting - Dokumentation, Analyse & Techniken References: =========== https://www.vulnerability-lab.com/resources/documents/198.pdf https://de.wikipedia.org/wiki/Cross-SiteScriptingWeblinks ; Release Date: ============= 2011-07-19 Vulnerability Laborato...
Hackers Pinch Obfuscation Technique From DEFCON Presentation
UPDATE: Feds aren’t the only ones who are paying attention to the demonstrations at security conferences like Black Hat and DEFCON – the folks who actually don the black hats are, also. That point was driven home this week by Kaspersky Lab researcher Marta Janus, who blogged about an interesting...
Dangerous Whitespaces
By Marta Janus A few days ago, I blogged about a PHP/JS malware targeting the osCommerce platform, which used an interesting new technique to obfuscate the malicious code. It so happens, that today I came across even more advanced sample of a PHP infector, also in the context of a vulnerable...
Kleophatra v0.1.5 'TinyBrowser' File Upload Code Execution (meta)
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...
Kleophatra 0.1.5 TinyBrowser File Upload Code Execution
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...
Javascript Character Manipulation Obfuscation (Fragus)
Exploit packs, such as Fragus, are toolkits used by cybercriminals to easily snare victims for their botnets. Solutions enabling security product bypass are often integrated within such tools. Although various security products provide coverage against many web vulnerabilities, such as ActiveX...
WysGui <= 2.3 (FCKeditor) File Upload Code Execution (meta)
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...
Legacy Browser Exploit Whitespace Obfuscation
Although various security products provide coverage against many web vulnerabilities known exploits could potentially bypass security products by using JavaScript obfuscation techniques. An example of such a technique is the whitespace obfuscation. Such techniques obfuscate known exploits so they...
Twitter Worm Uses Google URL Shortener to Spread Scareware
A fast-moving Twitter worm is in circulation, using Google’s goo.gl redirection service to push unsuspecting users to a notorious scareware fake anti-virus malware campaign. At 8:45 a.m EST today, this Twitter search shows thousands of Twitter messages continuing to spread the worm. According to...
Stuxnet Authors Made Several Basic Errors
ARLINGTON, VA–There is a growing sentiment among security researchers that the programmers behind the Stuxnet attack may not have been the super-elite cadre of developers that they’ve been mythologized to be in the media. In fact, some experts say that Stuxnet could well have been far more...
Exploit Kits Employing Obfuscation to Prevent Analysis
The creators of the Phoenix exploit kit have begun using obfuscation and other techniques to prevent security researchers and others from reverse-engineering the installation process for the kit, adopting a tactic that has become increasingly popular among attackers recently. The Phoenix exploit...