161 matches found
Design/Logic Flaw
Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak...
CVE-2017-15393
Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak...
CVE-2017-15393
CVE-2017-15393 affects Chromium/Chromium-based browsers, describing an information disclosure (referrer leak) in the Devtools remote debugging feature prior to 62.0.3202.62. A remote attacker could obtain access to remote debugging functionality via a crafted HTML page, enabling potential exposur...
CVE-2017-15393
Removed by vendor...
SwishDbgExt - Incident Response & Digital Forensics Debugging Extension
SwishDbgExt is a Microsoft WinDbg debugging extension that expands the set of available commands by Microsoft WinDbg, but also fixes and improves existing commands. This extension has been developed by Matt Suiche @msuiche – feel free to reach out on [email protected] ask for more features,...
Debugging Complex Malware that Executes Code on the Heap
Introduction In this blog, I will share a simple debugging tactic for creating “save points” during iterative remote debugging of complex multi-stage samples that execute code in heap memory at non-deterministic addresses. I’ll share two examples: one contrived, and the other a complex, modular...
Vivotek IP Cameras - Remote Stack Overflow (PoC)
STX Subject: Vivotek IP Cameras - Remote Stack Overflow Researcher: bashis September-October 2017 PoC: https://github.com/mcw0/PoC Release date: November 13, 2017 Full Disclosure: 43 days Attack Vector: Remote Authentication: Anonymous no credentials needed Firmware Vulnerable: Only 2017 versions...
Vivotek IP Cameras - Remote Stack Overflow (PoC)
Vivotek IP Cameras - Remote Stack Overflow PoC STX Subject: Vivotek IP Cameras - Remote Stack Overflow Researcher: bashis September-October 2017 PoC: https://github.com/mcw0/PoC Release date: November 13, 2017 Full Disclosure: 43 days Attack Vector: Remote Authentication: Anonymous no credentials...
Vivotek IP Cameras Remote Stack Overflow
STX Subject: Vivotek IP Cameras - Remote Stack Overflow Researcher: bashis September-October 2017 PoC: https://github.com/mcw0/PoC Release date: November 13, 2017 Full Disclosure: 43 days Attack Vector: Remote Authentication: Anonymous no credentials needed Firmware Vulnerable: Only 2017 versions...
chromium-browser: referrer leak in devtools
Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak...
CVE-2017-15393
Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak...
OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)
It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol JDWP packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP request...
Interactive Multi User Javascript Shell: JSShell
Interactive Multi User Javascript Shell An interactive multi-user web based shell written in Python with Flask for server side and of course Javascript and HTML client side. It was initially created in order to debug remote esoteric browsers during tests and research. Features Multi client suppor...
OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)
It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol JDWP packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP request...
A simple four-step, teach you do-it-yourself porting Cisco ASA exploits EXTRABACON-vulnerability warning-the black bar safety net
! In the past few days,We carefully analysed by the Shadow Brokers leaked NSA exploit code EXTRABACON it. According to XORcat derived from the initial analysis,the exploit code can use the SNMP service memory corruption vulnerability to bypass the Cisco ASA device authentication. We in the lab fo...
openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-944)
This update for java-180-openjdk fixes the following issues : - Upgrade to version jdk8u101 icedtea 3.1.0 - New in release 3.1.0 2016-07-25 : - Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking boo989732 - S8145446, CVE-2016-3485: Perfect pipe placement Windows only boo989734 -...
http-aspnet-debug NSE Script
Determines if a ASP.NET application has debugging enabled using a HTTP DEBUG request. The HTTP DEBUG verb is used within ASP.NET applications to start/stop remote debugging sessions. The script sends a 'stop-debug' command to determine the application's current configuration state but access to R...
[GDB] GNU Project Debugger
GDB, the GNU Project debugger, allows you to see what is going on inside' another program while it executes - or what another program was doing at the moment it crashed. GDB can do four main kinds of things plus other things in support of these to help you catch bugs in the act: Start your progra...
JDWP Arbitrary Java Code Execution Exploitation
This is a whitepaper discussing arbitrary java code execution leveraging the Java Debugging Wire Protocol JDWP. JDWP Arbitrary Java Code Execution Exploitation =============================================== Java Debugging Wire Protocol JDWP is the lowlevel protocol used for communication between...
JDWP Exploitation
JDWP Arbitrary Java Code Execution Exploitation =============================================== Java Debugging Wire Protocol JDWP is the lowlevel protocol used for communication between a debugger and a Java Virtual Machine JVM as outlined in the Java Platform Debugger Architecture. It is often...