Lucene search
K

1249 matches found

ICS
ICS
added 2016/08/05 6:0 a.m.50 views

Schneider Electric Unity PRO Control Flow Management Vulnerability

OVERVIEW Avihay Kain and Mille Gandelsman of Indegy have identified a vulnerability in Schneider Electric Unity PRO Software product. Schneider Electric has released a security notification with instructions to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED...

7CVSS7.3AI score0.01103EPSS
Exploits0References10
Google Chrome Security Advisories
Google Chrome Security Advisories
added 2016/08/03 12:0 a.m.35 views

Stable Channel Update for Desktop

The stable channel has been updated to 52.0.2743.116 for Windows, Mac, and Linux. This will roll out over the coming days/weeks. Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictio...

9.8CVSS8.8AI score0.01849EPSS
Exploits0Affected Software1
Check Point Advisories
Check Point Advisories
added 2016/07/20 12:0 a.m.4 views

Adobe Reader Out of Bounds Memory Access (APSB16-26: CVE-2016-4191)

This vulnerability is an instance of a memory corruption vulnerability. In particular, the vulnerability is caused by a crafted PDF file which causes an out of bounds memory access, which can trigger an access violation exception. Attackers can exploit the vulnerability by using the out of bounds...

10CVSS3.2AI score0.04844EPSS
Exploits0
Google Chrome Security Advisories
Google Chrome Security Advisories
added 2016/06/01 12:0 a.m.55 views

Stable Channel Update

The stable channel has been updated to 51.0.2704.79 for Windows, Mac, and Linux. Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library th...

8.8CVSS8AI score0.01849EPSS
Exploits1Affected Software1
n0where
n0where
added 2016/05/25 2:29 p.m.91 views

Reverse Engineering Cross Platform Disassembler: Panopticon

Reverse Engineering Cross Platform Disassembler Panopticon is a disassembler that understands the semantics of opcodes. This way it’s able to help the user by discovering and displaying invariants that would have to be discovered “by hand” in traditional disassemblers. This allows an interactive...

0.1AI score
Exploits0References6
Check Point Advisories
Check Point Advisories
added 2016/05/13 12:0 a.m.9 views

Adobe Flash Out of Bounds Access Code Corruption (CVE-2016-4117)

An out of bounds access vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a type-confused parameter in Adobe Flash Player SWF file. A remote attacker can exploit this issue by using the out of bounds access for unintended reads, writes or frees – potentially leadi...

10CVSS2.5AI score0.94354EPSS
Exploits6
n0where
n0where
added 2016/04/13 12:55 p.m.75 views

Generic Android Deobfuscator: Simplify

Simplify uses a virtual machine to execute an app and understand what it does. Then, it applies optimizations to create code that behaves identically but is easier for a human to understand. It is a generic deobfuscator because it doesn’t need any special configuration or code for different types...

1.2AI score
Exploits0References1
Hacker One
Hacker One
added 2016/02/13 7:23 p.m.20 views

Internet Bug Bounty: Type confusion in partial.setstate, partial_repr, partial_call leads to memory corruption, reliable control flow hijack

See my official writeups here: http://bugs.python.org/issue25944 http://bugs.python.org/issue25945 The maintainers merged these bug reports. In one case, the type confusion leads to a reliable control of the instruction pointer as calling repr on a corrupted partial calls a function pointer that ...

6.8AI score
Exploits0
Google Chrome Security Advisories
Google Chrome Security Advisories
added 2016/02/09 12:0 a.m.58 views

Stable Channel Update

The stable channel has been updated to 48.0.2564.109 for Windows, Mac, and Linux. Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library...

8.8CVSS7.2AI score0.01883EPSS
Exploits1Affected Software1
Google Chrome Security Advisories
Google Chrome Security Advisories
added 2016/01/20 12:0 a.m.55 views

Stable Channel Update

The Chrome team is delighted to announce the promotion of Chrome 48 to the stable channel for Windows, Mac and Linux. Chrome 48.0.2564.82 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new...

9.3CVSS6.9AI score0.01662EPSS
Exploits1Affected Software1
Google Chrome Security Advisories
Google Chrome Security Advisories
added 2015/12/08 12:0 a.m.45 views

Stable Channel Update

The stable channel has been updated to 47.0.2526.80 for Windows, Mac, and Linux. This release contains an update to Adobe Flash Player 20.0.0.228 and security fixes. Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with ...

10CVSS9.6AI score0.03199EPSS
Exploits0Affected Software1
ThreatPost
ThreatPost
added 2015/11/12 1:33 p.m.19 views

Exploit Writing and Exploit Mitigation

More and more white hats who practice offensive security and exploit writing are simultaneously talking about exploit mitigation. Granted, some are incentivized to do so by their employers or six-figure rewards programs, but the trend nonetheless is moving away from finding and fixing individual...

10CVSS0.1AI score0.06259EPSS
Exploits0References5
ThreatPost
ThreatPost
added 2015/09/22 3:0 p.m.40 views

Control Flow Guard Mitigation Bypass

Introduced in Windows 8.1 Update 3 and Windows 10, Control Flow Guard was Microsoft’s latest antidote to memory-corruption attacks. The technology was meant to stand up to attacks that had long ago figured out how to bypass previous-generation protections such as Address Space Layout Randomizatio...

10CVSS0.1AI score0.8582EPSS
Exploits5References5
0day.today
0day.today
added 2015/07/11 12:0 a.m.26 views

ZenPhoto 1.4.8 - Multiple Vulnerabilities

ZenPhoto version 1.4.8 suffers from cross site scripting, remote SQL injection, and path traversal vulnerabilities. Vulnerability: SQL Injection, Reflected XSS, Path Traversal Affected Software: ZenPhoto http://www.zenphoto.org/ Affected Version: 1.4.8 probably also prior versions Patched Version...

7.6AI score
Exploits0
n0where
n0where
added 2015/03/25 5:41 p.m.133 views

Static Analysis Tool: Bindead

The tool is based on the dynamic instrumentation framework PIN from Intel. Currently PIN is only working with the x86 architecture. Additionally, bintrace currently is limited to the Linux platform but will be ported to Windows when there is the need to. Actually, building for Windows might work...

7.6AI score
Exploits0References4
MSRC
MSRC
added 2015/03/16 7:0 a.m.11 views

EMET 5.2 is available (update)

Today, we’re releasing the Enhanced Mitigation Experience Toolkit EMET 5.2, which includes increased security protections to improve your security posture. You can download EMET 5.2 from microsoft.com/emet or directly from here. Following is the list of the main changes and improvements: Control...

7.1AI score
Exploits0
Kitploit
Kitploit
added 2015/01/31 3:31 p.m.64 views

JADX - Java source code from Android Dex and Apk files

Command line and GUI tools for produce Java source code from Android Dex and Apk files. Usage jadx-gui options .dex, .apk, .jar or .class options: -d, --output-dir - output directory -j, --threads-count - processing threads count -f, --fallback - make simple dump using goto instead of 'if', 'for'...

7.6AI score
Exploits0References1
Kitploit
Kitploit
added 2014/03/22 1:38 a.m.21 views

[ODA] Online Web Based Disassembler

ODA stands for Online DisAssembler. ODA is a general purpose machine code disassembler that supports a myriad of machine architectures. Built on the shoulders of libbfd and libopcodes part of binutils, ODA allows you to explore an executable by dissecting its sections, strings, symbols, raw hex,...

7.4AI score
Exploits0
Kitploit
Kitploit
added 2013/12/20 5:45 p.m.38 views

[APKinspector] Powerful GUI tool to analyze the Android applications

The goal of this project is to aide analysts and reverse engineers to visualize compiled Android packages and their corresponding DEX code. APKInspector provides both analysis functions and graphic features for the users to gain deep insight into the malicious apps: CFG Call Graph Static...

7.7AI score
Exploits0References1
Vulnerability Lab
Vulnerability Lab
added 2012/01/26 12:0 a.m.43 views

HITB2011KUL - Post Memory Corruption Analysis

Document Title: =============== HITB2011KUL - Post Memory Corruption Analysis References: =========== Download: http://www.vulnerability-lab.com/resources/videos/398.wmv View: http://www.youtube.com/watch?v=kOgarD9KCbg Release Date: ============= 2012-01-26 Vulnerability Laboratory ID VL-ID:...

7.1AI score
Exploits0
Rows per page
Query Builder