2401 matches found
CVE-2016-5041
dwarfmacro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service NULL pointer dereference via a debugging information entry using DWARF5 and without a DWATname...
CVE-2016-5041
dwarfmacro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service NULL pointer dereference via a debugging information entry using DWARF5 and without a DWATname...
oletools - Tools to analyze MS OLE2 files and MS Office documents, for malware analysis, forensics and debugging
oletools is a package of python tools to analyze Microsoft OLE2 files also called Structured Storage, Compound File Binary Format or Compound Document File Format, such as Microsoft Office documents or Outlook messages, mainly for malware analysis, forensics and debugging. It is based on the...
CVE-2017-7269—IIS 6.0 WebDAV remote code execution vulnerability analysis-vulnerability warning-the black bar safety net
Vulnerability description: 3 on 27 May, in Windows 2003 R2 using the IIS 6.0 broke a 0Day vulnerability (CVE-2017-7269, the exploit PoC began to spread, but the worst part is this product has stopped updating. Online streaming of the poc the download link below. github address: The combination of...
shopify-scripts: Invalid pointer dereference in OP_ENTER
PoC === The following demonstrates a mruby/sandbox crash: def methodmissing end send...
OnePlus 3 and 3T OxygenOS security bypass vulnerability
The OnePlus 3 and 3T are both smartphones from China's OnePlus Technology OnePlus.OxygenOS is the operating system that comes with the device. A security bypass vulnerability exists in OxygenOS in OnePlus 3 and 3T. An attacker can exploit the vulnerability to open an ADB session and disclose...
APPLE OS X AND IOS X509 CERTIFICATE PARSING NAME CONSTRAINTS REMOTE CODE EXECUTION VULNERABILITY
When a client establishes a secure connection to a server, the server presents an x509 certificate which the client must validate.On Apple macOS, most client applications will use macOS’s certificate validation agent, at which point the malicious certificate will be parsed by the vulnerable code...
Cross site request forgery (csrf)
The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which allows remote attackers to...
gdbgui - A browser-based frontend/gui for GDB
A modern, browser-based frontend to gdb gnu debugger. Add breakpoints, view stack traces, and more in C, C++, Go, and Rust! Simply run gdbgui from the terminal and a new tab will open in your browser. Install sudo pip install gdbgui --upgrade Since gdbgui is under active development, consider...
Interactive Multi User Javascript Shell: JSShell
Interactive Multi User Javascript Shell An interactive multi-user web based shell written in Python with Flask for server side and of course Javascript and HTML client side. It was initially created in order to debug remote esoteric browsers during tests and research. Features Multi client suppor...
HumHub 1.0.1 Cross Site Scripting
Security Advisory - Curesec Research Team 1. Introduction Affected Product: HumHub 1.0.1 and earlier Fixed in: 1.1.1 Fixed Version https://www.humhub.org/en/download/default/form?version=1.1.1 Link: &type=zip Vendor Website: https://www.humhub.org/ Vulnerability XSS Type: Remote Yes Exploitable:...
Debugging domain join problems in Windows 7
Debugging domain join problems in Windows 7...
Linux vulnerability analysis-MP3Info 0.8.5 a code execution vulnerability, CVE-2006-2465-a vulnerability warning-the black bar safety net
Author: k0shl reprint please indicate the source: http://whereisk0shl.top Vulnerability description Software download: https://www.exploit-db.com/apps/cb7b619a10a40aaac2113b87bb2b2ea2-mp3info-0.8.5a.tgz PoC: junk = "\x90\x90\x90\x90"8 shellcode = "\x31\xc0\x50\x68/\x68/bin\x89\the...
How A Simple Command Typo Took Down Amazon S3 and Big Chunk of the Internet
The major internet outage across the United States earlier this week was not due to any virus or malware or state-sponsored cyber attack, rather it was the result of a simple TYPO. Amazon on Thursday admitted that an incorrectly typed command during a routine debugging of the company's billing...
Halcyon - IDE for Nmap Script (NSE) Development
Halcyon is the first IDE specifically focused on Nmap Script NSE Development. This research idea was originated while writing custom Nmap Scripts for Enterprise Penetration Testing Scenarios. The existing challenge in developing Nmap Scripts NSE was the lack of a development environment that give...
SUSE-SU-2017:0431-1 Security update for nodejs6
This update for nodejs6 fixes the following issues: New upstream LTS release 6.9.5. The embedded openssl sources were updated to 1.0.2k CVE-2017-3731, CVE-2017-3732, CVE-2016-7055, bsc1022085, bsc1022086, bsc1009528 Other fixes: - Add basic check that Node.js loads successfully to spec file - New...
Dump and Analyze .Net Applications Memory: MemoScope.Net
Dump and Analyze .Net Applications Memory MemoScope.Net is a tool to analyze .Net process memory: it can dump an application’s memory in a file and read it later. The dump file contains all data objects and threads state, stack, call stack. MemoScope.Net will analyze the data and help you to find...
CVE-2016-6117
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 can be deployed with active debugging code that can disclose sensitive information...
Information disclosure
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 can be deployed with active debugging code that can disclose sensitive information...
CVE-2016-6117
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 can be deployed with active debugging code that can disclose sensitive information...