101 matches found
UBUNTU-CVE-2015-9268
Nullsoft Scriptable Install System NSIS before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime...
DEBIAN-CVE-2015-9268
Nullsoft Scriptable Install System NSIS before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime...
CVE-2015-9267
Nullsoft Scriptable Install System NSIS before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program...
CVE-2015-9267
Nullsoft Scriptable Install System NSIS before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program...
Malware monitor - leveraging PyREBox for malware analysis
This post was authored by Xabier Ugarte Pedrero In July 2017 we released PyREBox, a Python Scriptable Reverse Engineering Sandbox as an open source tool. This project is part of our continuous effort to create new tools to improve our workflows. PyREBox is a versatile instrumentation framework...
MGASA-2017-0271 Updated mingw-nsis packages fix security vulnerability
The Nullsoft Scriptable Install System version 2.50 contains a DLL hijacking attack which allows administrative root level access on the target Windows system...
Updated mingw-nsis packages fix security vulnerability
The Nullsoft Scriptable Install System version 2.50 contains a DLL hijacking attack which allows administrative root level access on the target Windows system...
Artifex MuPDF mujstest 1.10a - Null Pointer Dereference
Source: http://seclists.org/oss-sec/2017/q1/458 Description: Mujstest, which is part of mupdf is a scriptable tester for mupdf + js. A crafted image posted early for another issue, causes a stack overflow. The complete ASan output: mujstest $FILE ==32127==ERROR: AddressSanitizer:...
[SECURITY] Fedora 23 Update: mingw-nsis-2.50-1.fc23
NSIS, the Nullsoft Scriptable Install System, is a script-driven Windows installation system. This package includes native Fedora binaries of makensis etc. and all plugins...
General Purpose Fuzzer: Radamsa
Radamsa is a test case generator for robustness testing, a.k.a. a fuzzer. It is typically used to test how well a program can withstand malformed and potentially malicious inputs. It works by reading sample files of valid data and generating interestringly different outputs from them. The main...
Nullsoft Scriptable Install System Inetc Plugin Security Bypass Vulnerability
Nullsoft Scriptable Install System NSIS is the United States Nullsoft company's set of script-based open source system used to create Windows installer. Inetc Internet client is one of the Internet to provide file upload and download plug-ins. A security vulnerability exists in the Inetc plug-in...
CVE-2015-0941
The Inetc plugin for Nullsoft Scriptable Install System NSIS, as used in CERT/CC Failure Observation Engine FOE and other products, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and possibly execute arbitrary code by sending a craft...
CVE-2015-0941
CVE-2015-0941 : The Inetc plug‑in for NSIS does not validate SSL certificates, enabling MITM attacks that could spoof servers and potentially execute arbitrary code during download of Windows executables. Affected: NSIS Inetc plug‑in (used in FOE and other products). Impact: possible arbitrary co...
Radare - The Reverse Engineering Framework
r2 is a rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files This is the rewrite of radare 1.x branch to provide a framework with a set of libraries and programs to work with binary data. Radare project started as a forensics tool, an scriptabl...
LxCenter Kloxo Detection
This host is running LxCenter Kloxo. Kloxo is a fully scriptable hosting platform. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...
[Binwalk v1.2.2] Firmware Analysis Tool
Binwalk is a firmware analysis tool designed to assist in the analysis, extraction, and reverse engineering of firmware images and other binary blobs. It is simple to use, fully scriptable, and can be easily extended via custom signatures, extraction rules, and plugin modules. Binwalk supports...
Novell ZENWorks Software Packaging Antique ActiveX Control Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists due to the inclusion an...
SuSE9 Security Update : epiphany (YOU Patch Number 12616)
This update brings Mozilla SeaMonkey to 1.1.19 fixing various bugs and security issues. The following security issues are fixed : - Mozilla developers took fixes from previously fixed memory safety bugs in newer Mozilla-based products and ported them to the Mozilla 1.8.1 branch so they can be...
Mozilla Foundation Security Advisory 2010-06
You are here: Security Center Mozilla Foundation Security Advisories MFSA 2010-06 Mozilla Foundation Security Advisory 2010-06 Title: Scriptable plugin execution in SeaMonkey mail Impact: Critical Announced: March 16, 2010 Reporter: Georgi Guninski Products: SeaMonkey Fixed in: SeaMonkey 1.1.19...
CVE-2009-3385
The mail component in Mozilla SeaMonkey before 1.1.19 does not properly restrict execution of scriptable plugin content, which allows user-assisted remote attackers to obtain sensitive information via crafted content in an IFRAME element in an HTML e-mail message, as demonstrated by a Flash objec...