Lucene search
K

162 matches found

Packet Storm News
Packet Storm News
added 2025/05/30 12:0 a.m.2 views

Dynamic Malware Classification of Windows PE Files Using CNNs and Greyscale Images Derived from Runtime API Call Argument Conversion

Malware detection and classification remains a topic of concern for cybersecurity, since it is becoming common for attackers to use advanced obfuscation on their malware to stay undetected. Conventional static analysis is not effective against polymorphic and metamorphic malware as these change...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/19 12:0 a.m.25 views

QUT-DV25: a Dataset for Dynamic Analysis of Next-Gen Software Supply Chain Attacks

Securing software supply chains is a growing challenge due to the inadequacy of existing datasets in capturing the complexity of next-gen attacks, such as multiphase malware execution, remote access activation, and dynamic payload generation. Existing datasets, which rely on metadata inspection a...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/30 12:0 a.m.2 views

Security-By-Design at the Telco Edge with OSS: Challenges and Lessons Learned

This paper presents our experience, in the context of an industrial R&D project, on securing GENIO, a platform for edge computing on Passive Optical Network PON infrastructures, and based on Open-Source Software OSS. We identify threats and related mitigations through hardening, vulnerability...

7.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/04/02 5:36 p.m.17 views

CVE-2025-31116

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The mitigation for CVE-2024-29190 in validhost uses socket.gethostbyname, which is vulnerable to SSRF abuse using DNS rebinding technique. This...

9.8CVSS7.1AI score0.00712EPSS
Exploits2References1
OSV
OSV
added 2025/03/31 4:42 p.m.23 views

CVE-2025-31116 Mobile Security Framework (MobSF) has a SSRF Vulnerability fix bypass on assetlinks_check with DNS Rebinding

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The mitigation for CVE-2024-29190 in validhost uses socket.gethostbyname, which is vulnerable to SSRF abuse using DNS rebinding technique. This...

4.4CVSS7.2AI score0.00415EPSS
Exploits1References4
Veracode
Veracode
added 2025/02/07 7:39 a.m.5 views

Stored Cross-site Scripting (XSS)

Mobile Security Framework MobSF is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of the bundle ID value in dynamicanalysis.html, which allows an attacker to inject special characters and break the HTML context, leading to Stored XSS...

8.4CVSS6AI score0.00358EPSS
Exploits1References6Affected Software1
Snyk
Snyk
added 2025/02/05 8:56 p.m.1 views

Cross-site Scripting (XSS)

Overview mobsf is a Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Affected versions of this package are vulnerable to Cross-site...

8.4CVSS5.3AI score0.00358EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/02/05 8:56 p.m.13 views

MobSF Stored Cross-Site Scripting (XSS)

Product: MobSF Version: CFBundleIdentifier value. In the dynamicanalysis.html file you do not sanitize...

8.4CVSS4.9AI score0.00358EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2025/02/05 7:15 p.m.11 views

CVE-2025-24803

Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework. According to Apple's documentation for bundle ID's, it must contain only alphanumeric characters A–Z, a–z, and 0–9, hyphens -, and...

8.4CVSS0.00358EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/02/05 4:8 a.m.5 views

CVE-2024-54000

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get request in the checkurl method is specified as allowredirects=True, which allows a server-side reque...

7.5CVSS7.5AI score0.00712EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/02/05 12:0 a.m.5 views

Mobile Security Framework 安全漏洞

Mobile Security Framework MobSF is an automated all-in-one mobile application open-sourced by Mobile Security Framework. Used for penetration testing, malware analysis and security assessments, it is capable of performing both static and dynamic analysis. A security vulnerability exists in Mobile...

8.5CVSS6.3AI score0.00333EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/12/03 3:39 p.m.21 views

CVE-2024-53999 Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to th...

8.1CVSS0.00508EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2024/10/02 11:0 a.m.13 views

5 Must-Have Tools for Effective Dynamic Malware Analysis

Dynamic malware analysis is a key part of any threat investigation. It involves executing a sample of a malicious program in the isolated environment of a malware sandbox to monitor its behavior and gather actionable indicators. Effective analysis must be fast, in-depth, and precise. These five...

7.3AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/08/19 2:44 p.m.21 views

CVE-2024-43399 Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Before 4.0.7, there is a flaw in the Static Libraries analysis section. Specifically, during the extraction of .a extension files, the measure...

8CVSS7.6AI score0.00902EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/07/31 12:0 a.m.3 views

Mobile Security Framework 安全漏洞

Mobile Security Framework MobSF is an automated all-in-one mobile application open-sourced by Mobile Security Framework. It is used for penetration testing, malware analysis, and security assessments, and is capable of performing both static and dynamic analysis. A security vulnerability exists i...

5.4CVSS6.7AI score0.00924EPSS
Exploits1References3
OSV
OSV
added 2024/03/22 10:12 p.m.35 views

CVE-2024-29190 MobSF SSRF Vulnerability on assetlinks_check(act_name, well_knowns)

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in android:host, so requests can also ...

7.5CVSS7.1AI score0.00712EPSS
Exploits1References5
Kitploit
Kitploit
added 2023/12/27 11:30 a.m.59 views

BestEdrOfTheMarket - Little AV/EDR Bypassing Lab For Training And Learning Purposes

Little AV/EDR Evasion Lab for training & learning purposes. ️ under construction..​ | | | | | | \ / \ / | | | | | \ / / | | | | | | | | | | | | | | | | | | ' \ / \ | | | /\ \ | | || || | | || | | | | | | | | / |/||/| ||/|| \ /|| || || ||| | / | | | | | | |/| |/ | '| |/ / \ | | | | | | | |...

7.6AI score
Exploits0References2
CNVD
CNVD
added 2023/10/23 12:0 a.m.24 views

HCL Technologies AppScan Presence Elevation of Privilege Vulnerability

HCL Technologies AppScan Presence is a suite of dynamic analysis testing tools from HCL Technologies, USA, which is mainly used for Web security testing. An elevation of privilege vulnerability exists in HCL Technologies AppScan Presence, which stems from the presence of an un-referenced service...

7.8CVSS7AI score0.00169EPSS
Exploits0References1
Kitploit
Kitploit
added 2023/09/22 11:30 a.m.24 views

Dynmx - Signature-based Detection Of Malware Features Based On Windows API Call Sequences

dynmx spoken dynamics is a signature-based detection approach for behavioural malware features based on Windows API call sequences. In a simplified way, you can think of dynmx as a sort of YARA for API call traces so called function logs originating from malware sandboxes. Hence, the data basis f...

8.1AI score
Exploits0References4
CNNVD
CNNVD
added 2023/09/21 12:0 a.m.5 views

Mobile Security Framework Security Vulnerability

Mobile Security Framework MobSF is Mobile Security Framework open source an automated all-in-one mobile application . Used for penetration testing, malware analysis and security assessments, it is capable of performing both static and dynamic analysis. A security vulnerability exists in Mobile...

7.5CVSS6.8AI score0.00691EPSS
Exploits1References5
Rows per page
Query Builder