com.github.kulya:jmeter-gradle-plugin (>=1.3.1-2.6 <=1.3.4-2.9), com.lazerycode.jmeter:jmeter-maven-plugin (>=1.4 <=1.8.1) +6 more potentially affected by CVE-2019-0187 via org.apache.jmeter:ApacheJMeter (>=2.6 <=5.0)

org.apache.jmeter:ApacheJMeter MAVEN version =2.6, =1.3.1-2.6, =1.4, =1.0.7-3.0-BETA, =1.0.7-3.0-BETA, =6.3.0, =6.2.0, =6.6.0 Source cves: CVE-2019-0187 Source advisory: OSV:GHSA-WG37-7MRV-CFWM...

Security Testing Plugin for Maven & Gradle

Maven and Gradle Maven and Gradle are build automation and dependency management systems used primarily for Java projects. Their goals are to provide a uniform build system and to simplify the build process altogether. They are used for dependency management, testing, and building of simple to...

org.cloudfoundry:cf-gradle-plugin (>=1.0.1 <=1.0.3), org.cloudfoundry:cf-maven-plugin (>=1.0.1 <=1.0.3) +5 more potentially affected by CVE-2018-1260 via org.springframework.security.oauth:spring-security-oauth2 (>=1.0.0.RELEASE <=1.0.2.RELEASE)

org.springframework.security.oauth:spring-security-oauth2 MAVEN version =1.0.0.RELEASE, =1.0.1, =1.0.1, =1.0.1, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =1.0.22 Source cves: CVE-2018-1260 Source advisory: OSV:GHSA-RRPM-PJ7P-7J9Q...

UPDATE: OWASP Dependency-Check 3.3.0

PenTestIT RSS Feed My first post about this open source OWASP project was about an older version. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP Dependency-Check 3.3.0, which includes a lot of bug...

Man-in-the-Middle (MitM)

cordova-android is vulnerable to man-in-the-middle MitM attacks. These attacks are possible because the Gradle distribution is downloaded using http, not https. This download happens when the project is build using scripts, the first build or the first time Android is added to cordova...

CVE-2017-3160

After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. However, since the default URI is not using https, it is vulnerable to a MiTM and the Gradle executable is not safe. The severity...

CVE-2017-3160

After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. However, since the default URI is not using https, it is vulnerable to a MiTM and the Gradle executable is not safe. The severity...

Denial of service

After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. However, since the default URI is not using https, it is vulnerable to a MiTM and the Gradle executable is not safe. The severity...

CVE-2017-3160

After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. However, since the default URI is not using https, it is vulnerable to a MiTM and the Gradle executable is not safe. The severity...

CVE-2017-3160

CVE-2017-3160 affects Apache Cordova for Android, where on first add/build the Gradle tool is downloaded via an HTTP (not HTTPS) URI by default. This enables a man-in-the-middle (MiTM) attack that can tamper with the Gradle distribution, since the downloaded Gradle executable is immediately execu...

sdrtrunk - Tool For Decoding, Monitoring, Recording And Streaming Trunked Mobile And Related Radio Protocols Using Software Defined Radios (SDR)

A cross-platform java application for decoding, monitoring, recording and streaming trunked mobile and related radio protocols using Software Defined Radios SDR. Getting Started User's Manual Version 0.3.0 Download Support Figure 1: sdrtrunk Version 0.3.0 Application Screenshot End User...

AndroTickler - Penetration Testing and Auditing Toolkit for Android Apps

A java tool that helps to pentest Android apps faster, more easily and more efficiently. AndroTickler offers many features of information gathering, static and dynamic checks that cover most of the aspects of Android apps pentesting. It also offers several features that pentesters need during the...

UPDATE: OWASP Dependency-Check 2.1.0!

PenTestIT RSS Feed My first post about this open source OWASP project was about an older version. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP Dependency-Check 2.1.0! What I like about this release...

Cordova-Android MiTM Remote Code Execution(CVE-2017-3160)

Product Apache Cordova Vulnerable Version 6.1.1 and below Technical Details When adding an Android project for the first time: ‘cordova platform add Android’ Cordova requires Gradle build tool to be installed in the local development environment. If the developer had not pre-installed Gradle, the...

Gradle Arbitrary Code Execution Vulnerability

Gradle is a set of JVM-based project build tools , it supports maven, Ivy repository and so on. A security vulnerability exists in the Object Socket Wrapper.java file in Gradle version 2.12. Remote attackers can exploit the vulnerability to execute arbitrary code with the help of specially crafte...

CVE-2016-6199

ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object...

UBUNTU-CVE-2016-6199

ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object...

DEBIAN-CVE-2016-6199

ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object...

CVE-2016-6199

ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object...

CVE-2016-6199

ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object...