Mobile APP vulnerabilities automated detection platform construction-vulnerability warning-the black bar safety net

Preface: this article is the mobile APP Client Security The notes of the series of original articles in the first article, mainly about enterprise mobile APP automated vulnerability detection platform construction, mobile APP vulnerability detection history with cutting-edge technology, the APP...

[SECURITY] Fedora 23 Update: libgcrypt-1.6.6-1.fc23

Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version...

Microsoft Adds .NET Core, ASP.NET to Bug Bounty Program

Microsoft is stepping up its bug hunting efforts surrounding its Visual Studio development suite, adding Microsoft .NET Core and ASP.NET Core to its Bug Bounty program. The bounties opened yesterday and will run “indefinitely,” according to Microsoft. The bounty program includes the Windows and...

So I lost my OpenBSD FDE password

The other day I set up a new OpenBSD instance with a nice RAID array, encrypted with Full Disk Encryption. And promptly proceeded to forget part of the passphrase. We know things get interesting when I lose a password. I did a weak attempt at finding some public bruteforce tool, and found nothing...

[SECURITY] Fedora 25 Update: libgcrypt-1.6.6-1.fc25

Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version...

l0l - The Exploit Development Kit

l0l a exploit development kit. with C++ language scripting. Yet, are being developed. Then the beta version will be published. Status Shellcodes : 5 Injectors : 0 Encoders : 0 Backdoors : 6 Install - Requirements : g++ and Python. $ make or, l0l.cpp compile the file.. Exp: $ g++ -o l0l l0l.cpp Ru...

java security update

CentOS Errata and Security Advisory CESA-2016:1776 An update for java-1.6.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

Happy Birthday! LINUX Turns 25 Years Old Today

Linux has turned 25! Dear all, today is August 25, 2016, and it is time for the celebration, as it's the 25th Anniversary of the Linux project, announced by its creator, Finnish programmer Linus Torvalds, on August 25, 1991. Who can forget one of the most famous messages in the computing world...

[SECURITY] Fedora 24 Update: libgcrypt-1.6.6-1.fc24

Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version...

Eclipse Development Framework File Inclusion Vulnerability

Eclipse is an extensible Java-based development platform that supports the development of JAVA, PHP, C++ and other languages. The Eclipse development framework has a file inclusion vulnerability that allows attackers to exploit the vulnerability to obtain sensitive information or launch further...

biochem.am XSS vulnerability

Vulnerable URL: http://www.biochem.am/index.php?lang=eng=newdevelopmentothersanitizer" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 14433341 VIP website status:| No Check...

Critical: Red Hat Security Advisory: java-1.7.0-ibm security update

An update for java-1.7.0-ibm is now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

windowsdevelopment.com XSS vulnerability

Open Bug Bounty ID: OBB-172826 Description| Value ---|--- Affected Website:| windowsdevelopment.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Debian Security Advisory DSA 3645-1 (chromium-browser - security update)

Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-5139 GiWan Go discovered a use-after-free issue in the pdfium library. CVE-2016-5140 Ke Liu discovered a use-after-free issue in the pdfium library. CVE-2016-5141 Sergey Glazunov discovered a URL spoofing issue...

[SECURITY] Fedora 24 Update: flex-2.6.0-2.fc24

The flex program generates scanners. Scanners are programs which can recognize lexical patterns in text. Flex takes pairs of regular expressions and C code as input and generates a C source file as output. The output file is compiled and linked with a library to produce an executable. The...

Pocsuite - Remote Vulnerability Testing Framework Developed By The Knownsec Security Team

Pocsuite is an open-sourced remote vulnerability testing and PoC development framework developed by the Knownsec Security Team. It serves as the cornerstone of the team. You can use Pocsuite to verify and exploit vulnerabilities or write PoC/Exp based on it. You can also integrate Pocsuite in you...

[SECURITY] Fedora 24 Update: python-django-1.9.8-1.fc24

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

Struts2 devMode Remote Command Execution Vulnerability in Chengdu Konsai Information Technology Co.

TeachCloud Resource Platform is an education informatization product for China's compulsory education education management institutions and schools, aiming at realizing regional or intra-school resource sharing and promoting the application of resources for "teaching" and "learning". The product...

VUPlayer 2.49 - '.pls' File Stack Buffer Overflow (DEP Bypass)

!/usr/bin/python import os,sys Tested Windows 7 Home x86 & Windows 10 Home x86x64 badchars \x00\x0a\x1a\x20\x40 msfvenom -a x86 --platform windows -p windows/exec CMD=calc.exe -b "\x00\x0a\x1a\x20\x40" -f python buf = "" buf += "\xbf\x3b\x99\xdd\xa3\xdb\xc4\xd9\x74\x24\xf4\x58\x29" buf +=...

VUPlayer 2.49 - '.pls' Stack Buffer Overflow (DEP Bypass)

Exploit for windows platform in category local exploits !/usr/bin/python import os,sys Tested Windows 7 Home x86 & Windows 10 Home x86x64 badchars \x00\x0a\x1a\x20\x40 msfvenom -a x86 --platform windows -p windows/exec CMD=calc.exe -b "\x00\x0a\x1a\x20\x40" -f python buf = "" buf +=...