EUVD-2011-4701

Malware in sbrugna...

@bildvitta/vuex-offline (>=3.0.0-beta.0 <=3.0.0-beta.3), @indexeddb-orm/idb-orm (>=0.0.1 <=0.0.3) +4 more potentially affected by CVE-2022-21189 via dexie (>=4.0.0-alpha.1 <=4.0.0-alpha.2)

dexie NPM version =4.0.0-alpha.1, =3.0.0-beta.0, =0.0.1, =1.0.0, =1.0.0, =11.5.0, =12.4.1 Source cves: CVE-2022-21189 Source advisory: SNYK:JS-DEXIE-2607042...

Thinking Outside the Bochs: Code Grafting to Unpack Malware in Emulation

This blog post continues the FLARE script series with a discussion of patching IDA Pro database files IDBs to interactively emulate code. While the fastest way to analyze or unpack malware is often to run it, malware won’t always successfully execute in a VM. I use IDA Pro’s Bochs integration in...

fn_fuzzy: Fast Multiple Binary Diffing Triage with IDA

Summary This week at HITBSecConf, Takahiro Haruyama, a Senior Threat Researcher for the CB Threat Analysis Unit TAU, presented his work on fnfuzzy, a tool which aims to help researchers and reverse engineers triage samples quicker. This blog post details the motivation for and current standing of...

IDA SDK 6.9 Demo / IDA 5.0 Freeware DLL Hijacking

Software : Interactive DisAssembler IDA PRO Version: = IDA SDK 6.9 demo IDA 5.0 Freeware Software Link: https://www.hex-rays.com/products/ida/support/download.shtml Tested on: WINDOWS XP SP3 - 32 bit, WINDOWS 7 SP1 - 32 bit, Windows 8.1 32 bit IDA Pro suffers from DLL HIJACK Vulnerability from .i...

IDA Kernel Database TIL Section Parsing Unspecified Issue

The version of IDA Pro, an interactive disassembler installed on the remote host, is 6.0 or newer. It is, therefore, reportedly affected by an unspecified vulnerability. This vulnerability is mitigated by an IDA plugin tilcheck.plw, which was not detected. By tricking a user into loading a...

CVE-2011-4783

The IDAPython plugin before 1.5.2.3 in IDA Pro allows user-assisted remote attackers to execute arbitrary code via a crafted IDB file, related to improper handling of certain swigruntimedata files in the current working directory...

Design/Logic Flaw

The IDAPython plugin before 1.5.2.3 in IDA Pro allows user-assisted remote attackers to execute arbitrary code via a crafted IDB file, related to improper handling of certain swigruntimedata files in the current working directory...

CVE-2011-4783

CVE-2011-4783 affects IDA Pro’s IDAPython plugin up to version 1.5.2.3. A crafted IDB file can trigger arbitrary code execution due to improper handling of swig_runtime_data in the current working directory, with an attacker leveraging user-assisted remote access. The vulnerability enables code e...

CVE-2011-4783

The IDAPython plugin before 1.5.2.3 in IDA Pro allows user-assisted remote attackers to execute arbitrary code via a crafted IDB file, related to improper handling of certain swigruntimedata files in the current working directory...

Vulnerability in Hex-Rays IDA Pro, IDAPython Plugin Could Allow Arbitrary Script Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting IDA Pro running the IDAPython plugin. By default, the IDAPython plugin is installed with all versions of IDA Pro. Microsoft discovered and disclosed the vulnerability under...

CVE-2009-1498

Directory traversal vulnerability in inc/profilemain.php in Game Maker 2k Internet Discussion Boards iDB 0.2.5 Pre-Alpha SVN 243 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the skin parameter in a settings action to profile.php...

CVE-2009-1498

CVE-2009-1498 affects iDB (Game Maker 2k Internet Discussion Boards) 0.2.5 Pre-Alpha SVN 243. Directory traversal via the skin parameter in profile.php allows remote inclusion and execution of local files. Root cause: insufficient sanitization of user-supplied input leading to local file include....

iDB Detection

This host is running iDB, a free forum software written in PHP and MySQL. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

iDB 'skin' Parameter Local File Include Vulnerability

iDB Internet Discussion Boards is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view and execute arbitrary local files in the context of the webserver process. This may aid in further attacks. i...

iDB 0.2.5pa SVN 243 (skin) Local File Inclusion Exploit

No description provided by source. !/usr/bin/env LOTFREE 2009 - lotfree.next-touch.com Local require vulnerability in iDB a PHP/MySQL BBS Test on version 0.2.5 Pre-Alpha SVN 243 released March 30, 2009 No checks are made on var "skin" in inc/profilemain.php before saving it to database this value...

iDB Detection

This host is running iDB, a free forum software written in PHP and MySQL. OpenVAS Vulnerability Test $Id: idbdetect.nasl 5736 2017-03-27 13:36:24Z cfi $ iDB Detection Authors: Michael Meyer Copyright: Copyright c 2009 Greenbone Networks GmbH This program is free software; you can redistribute it...

iDB 'skin' Parameter Local File Include Vulnerability

iDB Internet Discussion Boards is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

iDB 0.2.5pa Local File Inclusion

!/usr/bin/env LOTFREE 2009 - lotfree.next-touch.com Local require vulnerability in iDB a PHP/MySQL BBS Test on version 0.2.5 Pre-Alpha SVN 243 released March 30, 2009 No checks are made on var "skin" in inc/profilemain.php before saving it to database this value is then required in mysql.php as...

iDB 0.2.5pa SVN 243 - skin Local File Inclusion

iDB 0.2.5pa SVN 243 - skin Local File Inclusion !/usr/bin/env LOTFREE 2009 - lotfree.next-touch.com Local require vulnerability in iDB a PHP/MySQL BBS Test on version 0.2.5 Pre-Alpha SVN 243 released March 30, 2009 No checks are made on var "skin" in inc/profilemain.php before saving it to databa...