Real Name | High-Tech Bridge SA |
---|---|
Email address | advisory at htbridge.com |
Website | www.htbridge.com |
First Active | 2010-04-20 |
Last Active | 2016-08-03 |
Corel Quattro Pro version X6 Standard Edition suffers from a NULL pointer dereference vulnerability.
2175709f7a6a472e1af99f68d9a7e4070f1f9f784793aab30da9105ac0d83ee5
Corel WordPerfect version X6 Standard Edition suffers from an untrusted pointer dereference vulnerability.
8832b3303002c58c42ba8a6647668b520210078b09fd600c76f27e5f6abdb855
WordPress Events Manager plugin version 5.3.3 suffers from a cross site scripting vulnerability.
db435bd66d4bfbc7ffec99834ce77a006788a528cb7f0a458a162d9950413183
CosCms version 1.721 suffers from a remote OS command injection vulnerability.
b83962858cb884a13286e3438465370a0d25ea688a8bcb94307840b37366334a
Piwigo version 2.4.5 suffers from cross site request forgery and path traversal vulnerabilities.
fa7caef3d71bf542944197ba1254ae80793c996f818ebada67016b53bda20be2
Geeklog version 1.8.2 suffers from a cross site scripting vulnerability.
65069d7d58e534e690dddae77b00805e002a5382694fcd1b33220b7f7858f6b3
glFusion version 1.2.2 suffers from multiple cross site scripting vulnerabilities.
6306b577c5a62df9e36abe88ce8b0307d8747c5119f8cf35f07026923b542faa
Memory analysis and manipulation can provide security analysts with formidable weapons. During his talk at Information Security Day for ISACA Luxembourg Chapter, Frederic BOURLA presented most memory manipulation tricks from both offensive and defensive angles. The talk first dealt with the attacker’s layer, from pivoting attacks to IEEE1394 issues through in-memory fuzzing, which permits auditors to bypass built-in features, network limitations and encryption to remain able to uncover security vulnerabilities in a running application. In a second stage, the talk focused on the benefits of memory manipulation in computer forensics and malware analysis fields, especially when facing sophisticated malcode, such as kernel rootkits or heavily encrypted reverse trojans. Basically, this talk aimed to open the doors to a fascinating world which could easily allow security analysts to save lots of time during their recurrent duties. These are the slides from the talk.
b14650723522b783a88513058899a3613617d57af6a2e3623fafefaf8a3866fa
WordPress CommentLuv version 2.92.3 suffers from a cross site scripting vulnerability.
ae48875150b20411b2335d809a224933fbe7bb20bfc97d57d235b86b2bf5e302
WordPress Wysija Newsletters plugin version 2.2 suffers from cross site request forgery and remote SQL injection vulnerabilities.
9dde7457fba5a279d311d740eafd71d7c2ae6a2f5ae2fe36607c5399443b6fbe
ImageCMS version 4.0.0b suffers from a remote SQL injection vulnerability.
dab259c677dad17569f8bec4bfa64b9599c3eb013af898a54a8b8877e13866e9
gpEasy versions 3.5.2 and below suffer from a cross site scripting vulnerability.
2dc3fcb40ee31bd9c049b43ec0c77e275d5473b440347fe361bfca8aac646b12
Nero MediaHome version 4.5.8.0 suffers from multiple denial of service vulnerabilities due to improper handling issues.
a667ecae12bef1ca764da84656ce5d402feb400df56dbf141eca769b9ea9f54e
Samsung Kies version 2.5.0.12114_1 suffers from a buffer overflow vulnerability.
ba64ccf75ec04e06017109e58437056a7a1dbd3ba88cbccb70812d4d1fcc3311
Quick.Cms version 5.0 and Quick.Cart version 6.0 suffer from a cross site scripting vulnerability.
8252388141e7acdab8a3ad358488b4c7928f6202ea3ddb4ef3a0897770e81079
Nowadays, a wide range of techniques can be used to find vulnerabilities and bugs in binaries applications. The aim of this paper is to introduce the main concepts of In-Memory Fuzzing, to summarize its advantages and drawbacks and to present the debugging library which is currently developed by High-Tech Bridge to help building in-memory fuzzers.
d324a8b16399a62d3aa46f85d06bf87acb81b7d880e66e011e3fd504d541f604
Banana Dance version B.2.6 suffers from local file inclusion, remote SQL injection, and improper access control vulnerabilities.
7e95cf4e35b826da73323e2068340d1504e654b6cf48268f922653b2f7de6e3a
FireFly Mediaserver version 1.0.0.1359 suffers from a denial of service vulnerability that can be triggered by a NULL pointer dereference.
32f710929128a837905de7371632750aecfb1f0c76e6463bedec86ca624602c7
Elite Bulletin Board version 2.1.21 suffers from multiple remote SQL injection vulnerabilities.
f6238bc2858a2e64a1c3b85e0997dc653e553e7e8701b8064c8c0e6b3ad71bbb
Smartphone Pentest Framework (SPF) versions 0.1.3 and 0.1.4 suffer from an OS command injection vulnerability.
906c7eea1fe12f12b9b25999c7595434ecd7575528a011fedfc47fad23b37053
Achievo version 1.4.5 suffers from cross site scripting and remote SQL injection vulnerabilities.
ac1e5a072611708deb723bd5c0e8955827521d3a227a74b7bbf1cbfeff47dcb6
ClipBucket version 2.6 revision 738 suffers from a remote SQL injection vulnerability.
02430530f56dbae2ed8bdb034a591664f523e90e6296c1ffc8f06fc676222c37
TVMOBiLi Media Server version 2.1.0.3557 suffers from a denial of service vulnerability via a malicious HTTP request.
f68ed358ff971c45c2da99b5db07094b1511f78748ffef0b3a466ebd292bffac
dotProject version 2.1.6 suffers from cross site scripting and remote SQL injection vulnerabilities.
d46225e6ffc0eec269ac97abe0411a6f3763bb5a9ed63edecc2da5f6af7a7779
BabyGekko version 1.2.2e suffers from cross site scripting, local file inclusion, and remote SQL injection vulnerabilities.
15766bd77f90d3557a510c8aad6e0286a9c018097e660157f8489b73cd044cad