FLARE Script Series: Querying Dynamic State using the FireEye Labs Query-Oriented Debugger (flare-qdb)

Introduction This post continues the FireEye Labs Advanced Reverse Engineering FLARE script series. Here, we introduce flare-qdb, a command-line utility and Python module based on vivisect for querying and altering dynamic binary state conveniently, iteratively, and at scale. flare-qdb works on...

CVE-2016-9593

A flaw was found in foreman-debug's logging. An attacker with access to the foreman log file would be able to view passwords, allowing them to access those systems...

CVE-2016-8655 kernel race condition vulnerability the Debug analysis-vulnerability warning-the black bar safety net

12 5 March, hilipPettersson published a piece that already exists Linux kernel up to 5 years of local mention the right vulnerability, affecting virtually all Linux mainstream distributions, a time limelight without the two, no less than some time ago of“Dirty Cow”in. For this black magic...

PHP garbage collection mechanism UAF vulnerability analysis-vulnerability warning-the black bar safety net

First, the PHP garbage collection mechanism introduction Because PHP is among the presence of circular references, only the refcount of the counter as a garbage collection mechanism is not enough, so in PHP5. 3 introduced a new garbage collection mechanism. $a = array'one'; $a = &$a; unset$a; ?&...

USN-3157-1: Apport vulnerabilities

Donncha O Cearbhaill discovered that the crash file parser in Apport improperly treated the CrashDB field as python code. An attacker could use this to convince a user to open a maliciously crafted crash file and execute arbitrary code with the privileges of that user. This issue only affected...

Al-Khaser v0.65 - Public Malware Techniques Used In The Wild

al-khaser is a PoC malware with good intentions that aimes to stress your anti-malware system. It performs a bunch of nowadays malwares tricks and the goal is to see if you stay under the radar. Possible uses You are making an anti-debug plugin and you want to check its effectiveness. You want to...

Security update for java-1_8_0-openjdk (important)

OpenJDK Java was updated to jdk8u111 icedtea 3.2.0 to fix the following issues: Security fixes + S8146490: Direct indirect CRL checks + S8151921: Improved page resolution + S8155968: Update command line options + S8155973, CVE-2016-5542: Tighten jar checks bsc1005522 + S8156794: Extend data shari...

Simple App to-end security vulnerability of the backup function is enabled and a local denial of service vulnerability-vulnerability warning-the black bar safety net

The last description about the App end to sensitive information leaks, then the App end what security vulnerability is worth the developers food for thought and attention? When an App installed in A mobile phone, the user Joe Smith to login through the App, the login data is stored in the mobile...

AndroidNative layer file parsing vulnerability mining guide-vulnerability warning-the black bar safety net

This article to hand Q A file parsing class vulnerability discovery, for example, describes the Android Native layer file parsing type of the vulnerability discovery process Hand Q this application from the function is very large, if the use similar to the MFFA framework to dig the file parsing...

TP-LINK TDDP - Multiple Vulnerabilities

Exploit for hardware platform in category dos / poc 1. Advisory Information Title: TP-LINK TDDP Multiple Vulnerabilities Advisory ID: CORE-2016-0007 Advisory URL: http://www.coresecurity.com/advisories/tp-link-tddp-multiple-vulnerabilities Date published: 2016-11-21 Date of last update: 2016-11-1...

TP-LINK TDDP - Multiple Vulnerabilities

TP-LINK TDDP - Multiple Vulnerabilities 1. Advisory Information Title: TP-LINK TDDP Multiple Vulnerabilities Advisory ID: CORE-2016-0007 Advisory URL: http://www.coresecurity.com/advisories/tp-link-tddp-multiple-vulnerabilities Date published: 2016-11-21 Date of last update: 2016-11-18 Vendors...

GNU GTypist 2.9.5-2 - Local buffer overflow vulnerability

Author: k0Sh1 Vulnerability analysis GNU GTypist is a Linux text editing software, more awkward is in my debugging process, we found gtypist actually open the CNARAY and NX, that is, in accordance with the PoC given in the Exploit should be unable to take advantage of, this should be a denial of...

libdwarf heap buffer overflow vulnerability (CNVD-2016-11348)

libdwarf is a set of tools for reading and writing DWARF2 debugging information. A heap buffer overflow vulnerability exists in libdwarf. An attacker could exploit this vulnerability to execute arbitrary code in the context of an application...

Classic kernel vulnerabilities debugging notes bis-vulnerability warning-the black bar safety net

Foreword The last time I sent an article yourself in a classic kernel Vulnerability CVE-2 0 1 4-4 1 1 3 struggling experience, and some debugging details of the share summary after feel the harvest a lot, and later an accidental opportunity, I saw the Baidu security Labs issued an article that is...

moodle -- multiple vulnerabilities

Marina Glancy reports: MSA-16-0023: Question engine allows access to files that should not be available MSA-16-0024: Non-admin site managers may accidentally edit admins via web services MSA-16-0025: Capability to view course notes is checked in the wrong context MSA-16-0026: When debugging is...

Classic kernel vulnerabilities debugging notes-vulnerability warning-the black bar safety net

Foreword The kernel vulnerability for me has always been a bridge, remember two years ago, just contact binary vulnerability when, at the time today's protagonist has just appeared, when debugging this vulnerability when the whole heart is crashing, and recently I relive a bit of the vulnerabilit...

OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)

It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol JDWP packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP request...

Rapid PHP Editor IDE 14.1 Cross Site Request Forgery / Code Execution

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/RAPID-PHP-EDITOR-REMOTE-CMD-EXEC.txt + ISR: Apparition Security Vendor: ====================== www.rapidphpeditor.com Product: =============================== Rapid PHP Editor...

IBM AIX 5.3/6.1/7.1/7.2 - 'lquerylv' Local Privilege Escalation

!/usr/bin/sh AIX lquerylv 5.3, 6.1, 7.1, 7.2 local root exploit. Tested against latest patchset 7100-04 This exploit takes advantage of known issues with debugging functions within the AIX linker library. We are taking advantage of known functionality, and focusing on badly coded SUID binaries...

AIX 5.3 / 6.1 / 7.1 / 7.2 lquerylv Local Root

!/usr/bin/sh AIX lquerylv 5.3, 6.1, 7.1, 7.2 local root exploit. Tested against latest patchset 7100-04 This exploit takes advantage of known issues with debugging functions within the AIX linker library. We are taking advantage of known functionality, and focusing on badly coded SUID binaries...