Exploit for XML Injection (aka Blind XPath Injection) in Google Android

!Screenshot of Android application with title AbxDroppedApk and...

CVE-2024-34740

In attributeBytesBase64 and attributeBytesHex of BinaryXmlSerializer.java, there is a possible arbitrary XML injection due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Fedora: Security Advisory for jaxb-fi (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: jaxb-fi-2.1.1-5.fc40

Fast Infoset Project, an Open Source implementation of the Fast Infoset Standard for Binary XML. The Fast Infoset specification ITU-T Rec. X.891 | ISO/IEC 24824-1 describes an open, standards-based "binary XML" format that is based on the XML Information Set...

SUSE CVE-2005-2364

Unknown vulnerability in the 1 GIOP dissector, 2 WBXML, or 3 CAMEL dissector in Ethereal 0.8.20 through 0.10.11 allows remote attackers to cause a denial of service application crash via certain packets that cause a null pointer dereference...

SUSE CVE-2016-6512

epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an overflow check in the tvbgetguintvar function, which allows remote attackers to cause a denial of service infinite loop via a crafted packet, related to the MMSE, WAP, WBXML, and WSP dissectors...

SUSE CVE-2017-7702

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation...

Advance Android Malware Analysis Framework: Droidefense

Droidefense originally named atom: analysis through observation machine is the codename for android apps/malware analysis/reversing tool. It was built focused on security issues and tricks that malware researcher have on they every day work. For those situations on where the malware has...

UBUNTU-CVE-2017-11410

In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding validation of the relationships between indexes and lengths. NOTE: thi...

Wireshark WBXML Dissector 'packet-wbxml.c' Infinite Loop Denial of Service Vulnerability

Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. Wireshark is prone to a remote denial of service vulnerability.Attackers can exploit thi...

DEBIAN-CVE-2017-7702

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation...

Python Windows Event Log Parser: python-evtx

Python Windows Event Log Parser python-evtx is a pure Python parser for recent Windows Event Log files those with the file extension “.evtx”. The module provides programmatic access to the File and Chunk headers, record templates, and event entries. For example, you can use python-evtx to review...

Androguard - Reverse engineering, Malware and goodware analysis of Android applications

Reverse engineering, Malware and goodware analysis of Android applications ... and more ninja ! Features Androguard is a full python tool to play with Android files. Map and manipulate DEX/ODEX/APK/AXML/ARSC format into full Python objects, Diassemble/Decompilation/Modification of DEX/ODEX/APK...

Reverse engineering, Malware and Goodware analysis of Android applications: Androguard

Androguard is a full python tool to play with Android files. DEX, ODEX APK Android’s binary xml Android resources Disassemble DEX/ODEX bytecodes Decompiler for DEX/ODEX files You can either use the cli or graphical frontend for androguard, or use androguard purely as a library for your own tools...

security flaw

Unspecified vulnerability in the WBXML dissector in Wireshark formerly Ethereal 0.10.11 through 0.99.3 allows remote attackers to cause a denial of service crash via certain vectors that trigger a null dereference...

PT-2005-3279 · Ethereal +1 · Ethereal +1

Name of the Vulnerable Software and Affected Versions: Ethereal versions 0.8.20 through 0.10.11 Description: The issue is related to unknown vulnerabilities in certain dissectors, which can cause a denial of service. This happens when the application encounters specific packets that lead to a nul...