40 matches found
EUVD-2020-5902
Malware in sbrugna...
EUVD-2019-3749
Malware in sbrugna...
CVE-2020-13661
Telerik Fiddler through 5.0.20202.18177 allows attackers to execute arbitrary programs via a hostname with a trailing space character, followed by --utility-and-browser --utility-cmd-prefix= and the pathname of a locally installed program. The victim must interactively choose the Open On Browser...
Analyzing and remediating a malware infested T95 TV box from Amazon
A couple of weeks ago, security news outlets made their rounds reporting on an Android TV box available on Amazon that came pre-installed with malware. The findings came from a Canadian developer, Daniel Milisic, who posted on his GitHub. What Daniel found was an Android T95 TV box infected with...
Diagnostic data to collect for Citrix Tech Support when a Citrix Browser App fails to launch
To find out what is going wrong when a Citrix browser app fails to launch, tech support needs: Decrypted Fiddler traces, the output from the terminal window, and Citrix Browser debug logs...
Tracing Network Traffic from Receiver for Web to StoreFront Services
This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company's Help Desk/IT support team and can refer to CTX297149 for more information. This article describes how to obtain a Fiddler trace of the network traffic between the Receiver for...
How to Obtain Fiddler Trace Network Traffic between Receiver for Web and StoreFront
This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. This article describes how to obtain a Fiddler trace of the network traffic between the Receiver for...
Mail.ru: [Plazius] SSRF через некорректно сконфигурированный Fiddler 46.148.201.206:10121
SSRF on ucs.ru...
Telerik Fiddler Code Injection Vulnerability
Telerik Fiddler is an HTTP protocol debugging proxy tool. A code injection vulnerability exists in Telerik Fiddler 5.0.20202.18177 and earlier versions, which allows an attacker to execute an arbitrary program via a hostname with a space character at the end, followed by the --utility-and-browser...
CVE-2020-13661
Telerik Fiddler through 5.0.20202.18177 allows attackers to execute arbitrary programs via a hostname with a trailing space character, followed by --utility-and-browser --utility-cmd-prefix= and the pathname of a locally installed program. The victim must interactively choose the Open On Browser...
CVE-2020-13661
Telerik Fiddler through 5.0.20202.18177 allows attackers to execute arbitrary programs via a hostname with a trailing space character, followed by --utility-and-browser --utility-cmd-prefix= and the pathname of a locally installed program. The victim must interactively choose the Open On Browser...
Open redirect
Telerik Fiddler through 5.0.20202.18177 allows attackers to execute arbitrary programs via a hostname with a trailing space character, followed by --utility-and-browser --utility-cmd-prefix= and the pathname of a locally installed program. The victim must interactively choose the Open On Browser...
CVE-2020-13661
Telerik Fiddler before 5.0.20204. fixes the vulnerability CVE-2020-13661 which allows code execution through a crafted hostname with a trailing space followed by --utility-and-browser --utility-cmd-prefix= and the path to a locally installed program. The attack requires the user to interactively ...
CVE-2020-13661
Telerik Fiddler through 5.0.20202.18177 allows attackers to execute arbitrary programs via a hostname with a trailing space character, followed by --utility-and-browser --utility-cmd-prefix= and the pathname of a locally installed program. The victim must interactively choose the Open On Browser...
Citrix Workspace app 2006.1 for Windows takes long time to launch ICA session
Citrix Workspace app 2006.1 for Windows takes long time to launch ICA session, comparing toCitrix Workspace app 1912 for Windows. In a Fiddler trace captured during session launch, you will see wfica32 attempting to connect tolocus.analytics.cloud.com:443 but failing...
Magecart skimmers found on Amazon CloudFront CDN
Update 06-08-2019: The compromises of Amazon S3 buckets continue and some large sites are being affected. Our crawler spotted a malicious injection that loads a skimmer for the Washington Wizards page on the official NBA.com website. The skimmer was inserted in this JavaScript library:...
Telerik Fiddler Elevation of Privilege Vulnerability
Telerik Fiddler is an HTTP protocol debugging proxy tool. A security vulnerability exists in Telerik Fiddler version 5.0.20182.28034, which stems from the program failing to validate the hash value of the EnableLoopback.exe file before running it. An attacker could exploit the vulnerability to...
CVE-2019-12097
Telerik Fiddler v5.0.20182.28034 doesn't verify the hash of EnableLoopback.exe before running it, which could lead to code execution or local privilege escalation by replacing the original EnableLoopback.exe...
CVE-2019-12097
Telerik Fiddler v5.0.20182.28034 doesn't verify the hash of EnableLoopback.exe before running it, which could lead to code execution or local privilege escalation by replacing the original EnableLoopback.exe...
Privilege escalation
Telerik Fiddler v5.0.20182.28034 doesn't verify the hash of EnableLoopback.exe before running it, which could lead to code execution or local privilege escalation by replacing the original EnableLoopback.exe...