Smiasm - Reverse engineering framework

Smiasm - Reverse engineering framework What is Miasm? Miasm is a a free and open source GPLv2 reverse engineering framework. Miasm aims at analyzing/modifying/generating binary programs. Here is a non exhausting list of features: opening/modifying/generating PE/ELF 32/64 le/be using Elfesteem...

Inside a Malicious PDF Attack

PDFs are widely used business file format, which makes them a common target for malware attacks. On the surface, PDFs are secure, but because they have so many “features,” hackers have learned how to hide attacks deep under the surface. By using a number of utilities, we are able to reverse...

BeeSns Twitter V0. 2 0day-vulnerability warning-the black bar safety net

Affected versions: BeeSns V0. 2 Official address: http://www.beesns.com/ Vulnerability type: elevation of Privilege Vulnerability analysis: IP filtering is not strict,causing the user can submit malicious parameters to enhance their own privileges. This microblogging system style nice, personally...

BeeSns microblogging system V0. 2 elevation of Privilege 0day and exp-vulnerability warning-the black bar safety net

Publishing author: sub-meter Affected versions: BeeSns V0. 2 Official address: http://www.beesns.com/ Vulnerability type: elevation of Privilege Vulnerability analysis: IP filter is not strict,causing the user can submit malicious parameters to enhance their own privileges. This microblogging...

Microsoft Source Code Analyzer for SQL Injection 1.3 Improper Permissions

No description provided by source. Microsoft Source Code Analyzer for SQL Injection 1.3 Improper Permissions Vendor: Microsoft Corp. Product web page: http://www.microsoft.com Affected version: 1.3.30601.30705 summary: Microsoft Source Code Analyzer for SQL Injection is a static code analysis too...

Microsoft Source Code Analyzer for SQL Injection 1.3 Improper Permissions

Exploit for windows platform in category local exploits Vendor: Microsoft Corp. Product web page: http://www.microsoft.com Affected version: 1.3.30601.30705 summary: Microsoft Source Code Analyzer for SQL Injection is a static code analysis tool for finding SQL Injection vulnerabilities in ASP...

Microsoft Source Code Analyzer for SQL Injection 1.3 Improper Permissions

Summary Microsoft Source Code Analyzer for SQL Injection is a static code analysis tool for finding SQL Injection vulnerabilities in ASP code. Customers can run the tool on their ASP source code to help identify code paths that are vulnerable to SQL Injection attacks. Description The package...

Use the IIS semicolon parsing upload vulnerability analysis-vulnerability warning-the black bar safety net

First look at the following a very common file upload extension filter code: fileExt=lcaseofile. FileExt arrUpFileType=splitUpFileType,"|" for i=0 to uboundarrUpFileType if fileEXT=trimarrUpFileTypei then EnableUpload=true exit for end if next if fileEXT="asp" or fileEXT="asa" or fileEXT="aspx" o...

OllyDbg 2.01 Alpha 2 Tool New Version Download !

"OllyDbg is a 32-bit assembler level analysing debugger for Microsoft® Windows®. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable." Version 2.01 alpha 2 is an intermediate functional release with many new useful features. The most important novelt...

micecms a"tasteless"vulnerability and the Fix attached to the EXP-bug warning-the black bar safety net

| Not to say thisloophole. what are the requirements but directly change the administrator password such as you into the background after the real administrator are not more don't know the new password is what, so only tasteless Classic white look at the code！.......... index\setpwdAction.php The...

Stuxnet Authors Made Several Basic Errors

ARLINGTON, VA–There is a growing sentiment among security researchers that the programmers behind the Stuxnet attack may not have been the super-elite cadre of developers that they’ve been mythologized to be in the media. In fact, some experts say that Stuxnet could well have been far more...

Discover MaosinCMS website system vulnerability testing-vulnerability warning-the black bar safety net

The recent move easy CMS vulnerability can be said to really was a fire, this article written by CMS although there is no move-powerful, but also the presence of injection vulnerabilities. This vulnerability with the tool is swept less than, can be said that the injection has been made by explici...

www.eVuln.com : SQL Injection in WikLink

www.eVuln.com advisory: SQL Injection in WikLink Summary: http://evuln.com/vulns/170/summary.html Details: http://evuln.com/vulns/170/description.html -----------Summary----------- eVuln ID: EV0170 Software: WikLink Vendor: n/a Version: 0.1.3 Critical Level: medium Type: SQL Injection Status:...

The Blackbuntu Community Edition Download !

The Blackbuntu Community Edition is a Linux Live-CD based on Ubuntu 10.10 which was specially designed for security training students and practitioners of information security. Another tool for penetration testers collection that could be considered as a competition for Pentoo. It supports the...

Social Share 2010-06-05 Cross Site Scripting

www.eVuln.com advisory: "search" - Non-persistent XSS in Social Share Summary: http://evuln.com/vulns/169/summary.html Details: http://evuln.com/vulns/169/description.html -----------Summary----------- eVuln ID: EV0169 Software: Social Share Vendor: n/a Version: 2010-06-05 Critical Level: low Typ...

HP Snags Application Testing Firm Fortify

The drumbeat for more secure application development picked up pace on Tuesday, with news that software giant HP had acquired privately funded Fortify Software, a maker of static code analysis tools, for an undisclosed amount. HP said that Fortify’s static analysis tools will complement its dynam...

Max CMS2. 0beta (maxcms)SQL injection and administrator authentication bypass vulnerability-vulnerability warning-the black bar safety net

This system was internally very popular video-on-demand system, before 1. 5 version vulnerability very much, the 2.0 version in terms of security has improved, but still there are loopholes exist. Look at the code \inc\ajax. asp dim action : action = getForm"action", "get" response. Charset="gbk"...

Fedora 12 : pidgin-sipe-1.9.1-1.fc12 (2010-4848)

Contributed File transfer functionality. File encryption is supported. Jakub Adam, Tomas Hrabik NTLMv2 and NTLMv2 Session Security support pier11 Implemented SIP Authentication Extensions protocol version 4 and 3 pier11 Adoption for commercial UNIX - HP/UX, Irix, Solaris - big endian fixes and...

Fedora 11 : pidgin-sipe-1.9.1-1.fc11 (2010-4830)

Contributed File transfer functionality. File encryption is supported. Jakub Adam, Tomas Hrabik NTLMv2 and NTLMv2 Session Security support pier11 Implemented SIP Authentication Extensions protocol version 4 and 3 pier11 Adoption for commercial UNIX - HP/UX, Irix, Solaris - big endian fixes and...

VUPEN Security Research - Adobe Flash Player GIF/JPEG Data Parsing Heap Overflow Vulnerabilities (CVE-2010-2167)

VUPEN Security Research - Adobe Flash Player GIF/JPEG Data Parsing Heap Overflow Vulnerabilities CVE-2010-2167 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Adobe Flash Player is a cross-platform browser-based application runtime that delivers uncompromised viewin...