IDA Pro 6.3 - Crash (PoC)

IDA Pro 6.3 - Crash PoC / IDA Pro 6.3 crash due an internal error ELF anti-debugging/reversing patcher Published @ IOActive Labs Research blog: http://blog.ioactive.com/2012/12/striking-back-gdb-and-ida-debuggers.html - nitr0us http://twitter.com/nitr0usmx Tested under: IDA Pro Starter License...

Commonly used background Uploader to get shell-vulnerability warning-the black bar safety net

Sometimes into the background, take the shell also may be your fetters. With the editor, then specifically say, in case the editor is the Lite or is the vulnerability patching of the FCK, only the use of some small to upload, don't underestimate these upload points.! \ Can use the NC to submit, i...

Apple WGT Dictionnaire 1.3 Script Code Injection

Title: ====== Apple WGT Dictionnaire 1.3 - Script Code Inject Vulnerability Date: ===== 2012-11-27 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=774 VL-ID: ===== 774 Common Vulnerability Scoring System: ==================================== 2.3 Introduction:...

Advantech WebAccess Vulnerabilities

OVERVIEW This advisory follows up on two previous ICS-CERT Alerts: “ICS-ALERT-11-245-01—Multiple ActiveX Vulnerabilities in Advantech BroadWin WebAccess,” published September 2, 2011.http://ics-cert.us-cert.gov/alerts/ICS-ALERT-11-245-01, ICS-ALERT-11-245-01, website last accessed February 15,...

[VMInjector] DLL Injection tool to unlock guest VMs

Overview: VMInjector is a tool designed to bypass OS login authentication screens of major operating systems running on VMware Workstation/Player, by using direct memory manipulation. Description: VMInjector is a tool which manipulates the memory of VMware guests in order to bypass the operation...

ManageEngine Security Manager Plus 5.5 build 5505 - Directory Traversal

ManageEngine Security Manager Plus 5.5 build 5505 - Directory Traversal !/usr/bin/python +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Security Manager Plus 0x90.nl Software link :...

Eugene Kaspersky Unveils Plans for New Secure SCADA OS

Attacks against SCADA and industrial-control systems have become a major concern for private companies as well as government agencies, with executives and officials worried about the potential effects of a major compromise. Security experts in some circles have been warning about the possible...

Increased Exploitation in Web Content Management Systems

US-CERT is aware of recent increases in the exploitation of known vulnerabilities in web content management systems CMSs such as Wordpress and Joomla. Compromised CMS installations can be used to host malicious content. US-CERT recommends that users and administrators ensure that their CMS...

Research Shows Half of All Androids Contain Known Vulnerabilities

About half of all Android phones contain at least one vulnerability that could be used to take control of the device, according to new research. Duo Security, which launched a free vulnerability scanning app for Android this summer, said their preliminary data from users shows a huge number of th...

Conceptronic Grab'n'Go Network Storage Directory Traversal

Security Advisory AA-003: Directory Traversal Vulnerability in Conceptronic Grab’n’Go Network Storage Severity Rating: High Discovery Date: July 29, 2012 Vendor Notification: July 30, 2012 Disclosure Date: September 3, 2012 Vulnerability Type= Directory Traversal Impact= - System Access - Exposur...

Infographic: Stuxnet's Cyberwar Vines Untangled

Keeping track of the relationships between various malware families can be hard, especially when you’re talking about espionage tools such as Stuxnet and Gauss. Veracode has put together an infographic as a general recap of the life and times of Stuxnet, the much-discussed cyber worm that first...

New X-Ray Android Security App Scans Devices For Vulnerabilities

Mobile security has become a major concern both for consumers and for enterprises worried about the integrity of their sensitive data. Part of that worry centers on the security of the apps on mobile devices, something that’s largely unknowable in a lot of cases right now. Duo Security today is...

MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability

This module exploits a vulnerability found in Microsoft Office's ClickOnce feature. When handling a Macro document, the application fails to recognize certain file extensions as dangerous executables, which can be used to bypass the warning message. This can allow attackers to trick victims into...

emlog the background to get webshell each version through the kill-a vulnerability warning-the black bar safety net

Recently mood has been bad, it got a blog play. Online looking for a bit found emlog operation, the interface can also, download it down. Into the background to see it get a webshell as if there is nothing way, online also Baidu for a moment did not see the new take the shell method, there is a...

Apple Patches Quicktime, Fixes 17 Vulnerabilities

Apple continued its recent parade of patches by releasing an update for Quicktime yesterday, fixing 17 different security vulnerabilities, several which could lead to remote code execution. The update, Quicktime 7.7.2, addresses critical issues in Quicktime for Windows 7, Vista and Windows XP SP2...

Adobe Releases Patch for Flash Bug Being Used in Targeted Attacks

Adobe has released a patch for a serious Flash vulnerability that is being used in targeted attacks right now. The updates fix the vulnerability in Windows, Mac, Linux and Android systems. There is an exploit in the wild that is targeting systems running vulnerable versions of Flash on Windows in...

Firefox 12 Debuts With Silent Update Mechanism

Mozilla has released version 12 of Firefox and the big change in the popular browser is the inclusion of a new update mechanism that will allow users to enable automatic updates that won’t require user interaction. The mechanism is similar to what Google Chrome has and is part of a trend toward...

Samba remote code execution vulnerability, Patch Released !

Samba remote code execution vulnerability, Patch Released ! Samba is an award-winning free software file, print and authentication server suite for Windows clients. The project was begun by Australian Andrew Tridgell. There is a serious remotely exploitable vulnerability in the Samba open-source...

New Java Exploits boosts BlackHole exploit kit

New Java Exploits boosts BlackHole exploit kit A widely disseminated exploit kit popular with hackers has been updated to take advantage of a recently discovered Java vulnerability. Researchers at Microsoft reported last week that it had observed this vulnerability being exploited in the wild. Th...

Struts2 and Webwork remote command execution vulnerability analysis-vulnerability warning-the black bar safety net

The vulnerability discovered by the publisher of the POC, and can not affect the xwork 2.1.2 prior to some versionthis version before some of the versions below will be collectively referred to as the old version, then called the new version, such as struts 2.0.14that is, the struts patch A N...