Exploit for Off-by-one Error in Sudo_Project Sudo

CVE-2021-3156 toc Vulnerability profile Vulnerabilit...

TrickBot Crashes Security Researchers’ Browsers in Latest Upgrade

Trojan titan TrickBot has added a striking anti-debugging feature that detects security analysis and crashes researcher browsers before its malicious code can be analyzed. The new anti-debugging feature was discovered by Security Intelligence analysts with IBM, who reported the emergence of a...

Cisco StarOS 信息泄露漏洞

Cisco StarOS is a virtualized operating system from Cisco. Cisco StarOS suffers from an information disclosure vulnerability that arises from the debugging service incorrectly listening to and accepting incoming connections. A remote attacker could exploit this vulnerability to gain access to...

WordPress WP Debugging plugin <= 2.11.6 - Arbitrary Plugin Activation vulnerability

Arbitrary Plugin Activation vulnerability discovered by Jan w Oleju in WordPress WP Debugging plugin versions = 2.11.6. Solution Update the WordPress WP Debugging plugin to the latest available version at least 2.11.7...

WordPress WP Debugging plugin <= 2.11.6 - Arbitrary Plugin Installation from Dependency via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Plugin Installation from Dependency via Cross-Site Request Forgery CSRF vulnerability discovered by Jan w Oleju in WordPress WP Debugging plugin versions = 2.11.6. Solution Update the WordPress WP Debugging plugin to the latest available version at least 2.11.7...

What is fuzz testing? What is it used to test for?

Fuzz testing, regularly known as fuzzing, is a product testing procedure that incorporates embedding flawed or arbitrary information FUZZ into a product framework to recognize coding issues and security issues. Fuzz testing involves infusing information into a framework utilizing robotized or...

PMAT-labs - Labs For Practical Malware Analysis And Triage

Welcome to the labs for Practical Malware Analysis & Triage. WARNING Read this carefully before proceeding. This repository contains live malware samples for use in the Practical Malware Analysis & Triage course PMAT. These samples are either written to emulate common malware characteristics or a...

Jektor - A Windows User-Mode Shellcode Execution Tool That Demonstrates Various Techniques That Malware Uses

This utility focuses on shellcode injection techniques to demonstrate methods that malware may use to execute shellcode on a victim system Dynamically resolves API functions to evade IAT inclusion Includes usage of undocumented NT Windows API functions Supports local shellcode execution via...

多款Bosch产品安全漏洞

Bosch Access Professional Edition and others are products of Bosch, Germany.Bosch Access Professional Edition is an enterprise access control and security management solution.Bosch VRM is an application.Bosch BVMS is an application... system. A security vulnerability exists in a number of Bosch...

PT-2021-15574 · Bvms +2 · Bvms +2

Name of the Vulnerable Software and Affected Versions: VRM affected versions not specified DIVAR IP with VRM installed affected versions not specified BVMS with VRM installed affected versions not specified Description: The issue allows an user with administrative rights to access extended debug...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the erection of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress plugin has a security vulnerability that...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability. The vulnerability stems from the lack of a warning to the user in the TBD of TBD and can be steered using a hidden debugging policy. An attacker could use...

GNU gdbserver 9.2 - Remote Command Execution Exploit

Exploit Title: GNU gdbserver 9.2 - Remote Command Execution RCE Exploit Author: Roberto Gesteira Miñarro 7Rocky Vendor Homepage: https://www.gnu.org/software/gdb/ Software Link: https://www.gnu.org/software/gdb/download/ Version: GNU gdbserver Ubuntu 9.2-0ubuntu120.04 9.2 Tested on: Ubuntu Linux...

NVIDIA GPU 安全漏洞

Nvidia Gpu is a graphics processing unit from the American company Nvidia. It is used in machine learning, video editing, and gaming applications. A security vulnerability exists in NVIDIA GPUs and Tegra hardware that stems from a user with elevated privileges using a debugging mechanism with...

Mozilla Firefox Security Advisory (MFSA2012-66) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

CVE-2021-41771

ImportedSymbols in debug/macho for Open or OpenFat in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation...

Androidqf - (Android Quick Forensics) Helps Quickly Gathering Forensic Evidence From Android Devices, In Order To Identify Potential Traces Of Compromise

androidqf Android Quick Forensics is a portable tool to simplify the acquisition of relevant forensic data from Android devices. It is the successor of Snoopdroid, re-written in Go and leveraging official adb binaries. androidqf is intended to provide a simple and portable cross-platform utility ...

CVE-2021-35235

The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions. ASP.NET allows remote debugging of web applications, if configured to do so. Debug mode causes ASP.NET to compile applications with extra information. The information enables a debugger to closely...

CVE-2021-35235

The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions. ASP.NET allows remote debugging of web applications, if configured to do so. Debug mode causes ASP.NET to compile applications with extra information. The information enables a debugger to closely...

Design/Logic Flaw

The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions. ASP.NET allows remote debugging of web applications, if configured to do so. Debug mode causes ASP.NET to compile applications with extra information. The information enables a debugger to closely...