Siemens CP 1604 and CP 1616 Improper Access Control

Overview This advisory provides mitigation details for a vulnerability that impacts the Siemens CP 1604 and CP 1616 communication modules. Siemens has identified a vulnerability in the debugging interface of the CP 1604 and CP 1616 communications modules. Independent researchers Christopher...

[WinDbg v6.12.2.633] Debugging Tools for Windows

WinDbg is a graphical debugger from Microsoft. It is actually just one component of the Debugging Tools for Windows package, which also includes the KD, CDB, and NTSD debuggers. Its claim to fame is debugging memory dumps produced after a crash. It can even debug in kernel mode. For downloads and...

[WinAppDbg 1.5] Python Debugger

The WinAppDbg python module allows developers to quickly code instrumentation scripts in Python under a Windows environment. It uses ctypes to wrap many Win32 API calls related to debugging, and provides an object-oriented abstraction layer to manipulate threads, libraries and processes, attach...

GOM Player 2.2.56.5158 - '.avi' File Handling Memory Corruption

!/usr/bin/python Exploit Title: GOM Player Version 2.2.56.5158 .avi File Handling Memory Corruption Vulnerability Date: 2013/12/19 Exploit Author: ariarat Software Link: http://download.cnet.com/GOM-Media-Player/3000-136324-10551786.html?part=dl-GOMMediaP&subj=dl&tag=button Version: 2.2.56.5158...

PotPlayer 1.5.40688 - '.avi' File Handling Memory Corruption

!/usr/bin/python Exploit Title: PotPlayer Version 1.5.40688 .avi File Handling Memory Corruption Vulnerability Date: 2013/12/20 Exploit Author: ariarat Software Link: http://www.videohelp.com/download/PotPlayer1.5.40688.EXE Version: 1.5.40688 Probably old version of PotPlayer too Vendor Homepage:...

CVE-2 0 1 3-3 8 9 7 sample analysis study notes-vulnerability warning-the black bar safety net

Before, see FireEye on the CVE-2 0 1 3-3 8 9 3 analysis, see Use way relatively similar, the thought is the same, the analysis of learning, discovery led to the question of object is inconsistent, it does not use the ms-help load the office of hxdl structure of the ROP, and later in the BinVul on...

[Orchid] Tor Client for Java

Orchid is a Tor client implementation and library written in pure Java. It was written from the Tor specification documents, which are available here. Orchid runs on Java 5+ and the Android devices. How can Orchid be used? In a basic use case, running Orchid will open a SOCKS5 listener which can ...

Chargen Probe Utility

Chargen is a debugging and measurement tool and a character generator service. A character generator service simply sends data without regard to the input. Chargen is susceptible to spoofing the source of transmissions as well as use in a reflection attack vector. The misuse of the testing featur...

Python tools for Pentesters

If you are involved in vulnerability research, reverse engineering or penetration testing, I suggest to try out the Python programming language. It has a rich set of useful libraries and programs. This page lists some of them. Most of the listed tools are written in Python, others are just Python...

D-Link Planning to Patch Router Backdoor Bug

D-Link is in the process of developing a patch for a serious security vulnerability in some of its older routers that essentially functions as a backdoor. The bug, discovered by a security researcher and publicized over the weekend, enables a remote user to log into an affected router as an...

Ubuntu Update for txt2man USN-1979-1

Check for the Version of txt2man OpenVAS Vulnerability Test $Id: gbubuntuUSN19791.nasl 7958 2017-12-01 06:47:47Z santu $ Ubuntu Update for txt2man USN-1979-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software...

Ubuntu: Security Advisory (USN-1979-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 12.04 LTS / 12.10 / 13.04 : txt2man vulnerability (USN-1979-1)

Patrick J Cherry discovered that txt2man contained leftover debugging code that incorrectly created a temporary file. A local attacker could possibly use this issue to overwrite arbitrary files. In the default Ubuntu installation, this should be prevented by the Yama link restrictions. Note that...

USN-1979-1: txt2man vulnerability

Patrick J Cherry discovered that txt2man contained leftover debugging code that incorrectly created a temporary file. A local attacker could possibly use this issue to overwrite arbitrary files. In the default Ubuntu installation, this should be prevented by the Yama link restrictions...

Share KM 1.0.19 Denial Of Service

Advisory Information : ====================== Title : Share KM 1.0.19 - Remote Denial Of Service Advisory ID : Cr02013-001 Product : Share KM desktop setup file Vendor : SmartUX Vulnerable Versions : 1.0.19 and probably prior release Tested Version : 1.0.19 Tested On : Windows 7 Vulnerability Typ...

[ollydbg-binary-execution-visualizer] New Tool for Visualizing Binaries With Ollydbg and Graphvis

Sometimes crackme’s or something you might be reversing will constantly bug you due to the excessive usage of f7 & f8. It will be quiet neat if you can see how the application is executing visually and set your break points accordingly. Requirements: o Ollyscript plugin o Bunch of your favorite...

Design/Logic Flaw

Unspecified vulnerability in Citrix CloudPortal Services Manager aka Cortex 10.0 before Cumulative Update 3 has unknown impact and attack vectors, related to debugging messages, a different vulnerability than other CVEs listed in CTX137162...

CVE-2013-2937

Technical details are not publicly available in the provided documents. Monitor for updates.

Information disclosure

The BOTCHA Spam Prevention module 7.x-1.x before 7.x-1.6, 7.x-2.x before 7.x-2.1, and 7.x-3.x before 7.x-3.3 for Drupal, when the debugging level is set to 5 or 6, logs the content of submitted forms, which allows context-dependent users to obtain sensitive information such as usernames and...

SA-CONTRIB-2013-067 - BOTCHA - Information Disclosure (potential Privilege Escalation)

BOTCHA is a highly configurable non-CAPTCHA spam protection framework. The module includes a debug mode which logs the content of submitted forms including passwords and other sensitive information. An attacker who gains access to the log i.e. dblog or syslog depending on configuration could get...