PlugX Trojan Disguised as Legitimate Windows Debugger Tool in Latest Attacks

The PlugX remote access trojan has been observed masquerading as an open source Windows debugger tool called x64dbg in an attempt to circumvent security protections and gain control of a target system. "This file is a legitimate open-source debugger tool for Windows that is generally used to...

PlugX Trojan Disguised as Legitimate Windows Debugger Tool in Latest Attacks

The PlugX remote access trojan has been observed masquerading as an open source Windows debugger tool called x64dbg in an attempt to circumvent security protections and gain control of a target system. "This file is a legitimate open-source debugger tool for Windows that is generally used to...

Investigating the PlugX Trojan Disguised as a Legitimate Windows Debugger Tool

Trend Micro’s Managed Extended Detection and Response MxDR team discovered that a file called x32dbg.exe was used to sideload a malicious DLL we identified as a variant of PlugX...

K37111863: NodeJS vulnerability CVE-2018-12120

Security Advisory Description Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with node --debug or node debug, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the...

com.bugvm:bugvm-compiler (>=1.0.0 <=1.2.9), com.bugvm:bugvm-dist (>=1.2.3 <=1.2.9) +27 more potentially affected by CVE-2016-15026 via com.googlecode.plist:dd-plist (>=1.0 <=1.16)

com.googlecode.plist:dd-plist MAVEN version =1.0, =1.0.0, =1.2.3, =1.2.3, =1.0.0, =0.0.1, =2.3.1-ios11, =2.3.1-ios11, =1.0.0-b1, =2.0.0, =2.3.2, =2.3.4, =2.3.1, =2.0.0, =1.2.0, =1.2.1 and more Source cves: CVE-2016-15026 Source advisory: OSV:GHSA-4JX2-HVQW-93J9...

SUSE CVE-2006-4146

Buffer overflow in the 1 DWARF dwarfread.c and 2 DWARF2 dwarf2read.c debugging code in GNU Debugger GDB 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block DWFORMblock that contains a large number of operations...

SUSE CVE-2007-5341

Remote code execution in the Venkman script debugger in Mozilla Firefox before 2.0.0.8...

SUSE CVE-2010-3369

The 1 mdb and 2 mdb-symbolreader scripts in mono-debugger 2.4.3, and other versions before 2.8.1, place a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...

SUSE CVE-2011-4355

GNU Project Debugger GDB before 7.5, when .debuggdbscripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts...

SUSE CVE-2014-1526

The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is visited in the debugger, leading to unwrapping operations and calls to DOM methods on the unwrapped...

SUSE CVE-2014-1846

Enlightenment before 0.17.6 might allow local users to gain privileges via vectors involving the gdb method...

SUSE CVE-2014-3172

The Debugger extension API in browser/extensions/api/debugger/debuggerapi.cc in Google Chrome before 37.0.2062.94 does not validate a tab's URL before an attach operation, which allows remote attackers to bypass intended access limitations via an extension that uses a restricted URL, as...

SUSE CVE-2015-1226

The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debuggerapi.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger targets, which allows remote attackers to bypass intended access restrictions via a crafted extension...

SUSE CVE-2015-4507

The SavedStacks class in the JavaScript implementation in Mozilla Firefox before 41.0, when the Debugger API is enabled, allows remote attackers to cause a denial of service getSlotRef assertion failure and application exit or possibly execute arbitrary code via a crafted web site...

SUSE CVE-2016-10516

Cross-site scripting XSS vulnerability in the renderfull function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 as used in Pallets Flask and other products allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message...

SUSE CVE-2017-9462

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name...

SUSE CVE-2017-9778

GNU Debugger GDB 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB...

SUSE CVE-2018-5167

The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both will display "chrome:" links as active, clickable hyperlinks in their output. Web sites should not be able to directly link to internal chrome pages. Additionally, the JavaScript debugger will display...

SUSE CVE-2018-5704

Open On-Chip Debugger OpenOCD 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site...

SUSE CVE-2018-6140

Allowing the chrome.debugger API to attach to Web UI pages in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension...