2334 matches found
Authentication flaw
Belkin N900 router F9K1104v1 contains an Authentication Bypass using "Javascript debugging"...
CVE-2013-3088
Belkin N900 router F9K1104v1 contains an Authentication Bypass using "Javascript debugging"...
DLL Hijacking Vulnerability in Weinview EasyWatch
EasyWatch is a tool for debugging or remote monitoring. Weinview EasyWatch suffers from a DLL hijacking vulnerability that can be exploited by attackers to execute malicious code...
RetDec - A Retargetable Machine-Code Decompiler Based On LLVM
RetDec is a retargetable machine-code decompiler based on LLVM. The decompiler is not limited to any particular target architecture, operating system, or executable file format: Supported file formats: ELF, PE, Mach-O, COFF, AR archive, Intel HEX, and raw machine code Supported architectures:...
CAPE - Malware Configuration And Payload Extraction
CAPE is a malware sandbox. It is derived from Cuckoo and is designed to automate the process of malware analysis with the goal of extracting payloads and configuration from malware. This allows CAPE to detect malware based on payload signatures, as well as automating many of the goals of malware...
EulerOS 2.0 SP8 : libpcap (EulerOS-SA-2019-2286)
According to the versions of the libpcap package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Libpcap provides a portable framework for low-level network monitoring. Libpcap can provide network statistics collection,security monitoring an...
macOS 10.14.6 - root->kernel Privilege Escalation via update_dyld_shared_cache
Tested on macOS Mojave 10.14.6, 18G87 and Catalina Beta 10.15 Beta 19A536g. On macOS, the dyld shared cache in /private/var/db/dyld/ is generated locally on the system and therefore doesn't have a real code signature; instead, SIP seems to be the only mechanism that prevents modifications of the...
tomcat: XSS in SSI printenv
The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a...
tomcat: XSS in SSI printenv
The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a...
Ddoor - Cross Platform Backdoor Using Dns Txt Records
Cross-platform backdoor using dns txt records. What is ddor? ddor is a cross platform light weight backdoor that uses txt records to execute commands on infected machines. Features Allows a single txt record to have seperate commands for both linux and windows machines List of around 10 public DN...
USN-4171-1: Apport vulnerabilities
Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to possibly crash Apport or have other unspecified consequences. CVE-2019-11481 Sander Bos discovered a race-condition in Apport during core dump creation. This...
Fedora Update for libpcap FEDORA-2019-b92ce3144a
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora Update for libpcap FEDORA-2019-eaa681d33e
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
KTRW: The journey to build a debuggable iPhone
Posted by Brandon Azad, Project Zero In my role here at Project Zero, I do not use some of the tooling used by some external iOS security researchers, in particular development-fused iPhones with hardware debugging capabilities like JTAG enabled. I believe that access to such devices puts those w...
[SECURITY] Fedora 29 Update: libpcap-1.9.1-1.fc29
Libpcap provides a portable framework for low-level network monitoring. Libpcap can provide network statistics collection, security monitoring and network debugging. Since almost every system vendor provides a different interface for packet capture, the libpcap authors created this...
[SECURITY] Fedora 31 Update: libpcap-1.9.1-1.fc31
Libpcap provides a portable framework for low-level network monitoring. Libpcap can provide network statistics collection, security monitoring and network debugging. Since almost every system vendor provides a different interface for packet capture, the libpcap authors created this...
[SECURITY] Fedora 30 Update: libpcap-1.9.1-1.fc30
Libpcap provides a portable framework for low-level network monitoring. Libpcap can provide network statistics collection, security monitoring and network debugging. Since almost every system vendor provides a different interface for packet capture, the libpcap authors created this...
Cisco IOS Authentication Bypass (CVE-2019-12643)
An authentication bypass vulnerability exists in the Cisco REST API Software. This vulnerability is due to a debugging API endpoint being enabled by default in the management of the REST API authentication service. Successful exploitation of this vulnerability could lead to an authentication bypa...
IoT-Implant-Toolkit - Toolkit For Implant Attack Of IoT Devices
IoT-Implant-Toolkit is a framework of useful tools for malware implantation research of IoT devices. It is a toolkit consisted of essential software tools on firmware modification, serial port debugging, software analysis and stable spy clients. With an easy-to-use and extensible shell-like...
CVE-2019-1368
A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality, aka 'Windows Secure Boot Security Feature Bypass Vulnerability'...