Blind Bash - Obfuscate And Protect Your Bash Code

You can use this tool to obfuscate your bash code. The obfuscation is the best way to hide important things in your code. This tool will give you blind & strong code , but everyone have knowledge in bash script can deobfuscate this code. So this obfuscation not %100 secure , don't let important...

ACD Systems Canvas Draw 4 Huff Table Out-of-bounds Write Code Execution Vulnerability

Summary An exploitable out-of-bounds write exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this...

How to Solve the Developer vs. Cybersecurity Team Battle

There is an ongoing tension between developers and security teams in many organizations. On one hand, developers face mounting pressure to build rich, feature-driven applications on nearly impossible timelines to remain competitive. On the other hand, security teams face rising pressures of their...

Google Patches 11 Critical Android Bugs in June Update

Google patched 57 vulnerabilities Monday affecting the Android operating system and kernel and chipset components tied to third-party firms MediaTek, NVIDIA and Qualcomm. Eleven of the bugs are rated critical and 46 are rated high. Google said the most severe of the vulnerabilities are remote cod...

A week in security (May 21 – May 27)

Last week we told you about a Mac cryptominer using XMRig, an overview of Dreamcast related scams, part 1 of decoding Emotet, and what to do about bad coding habits that die hard. We also published the results of our second CrackMe contest. Other news How a pioneer of machine learning became one ...

Kurukshetra - A Framework For Teaching Secure Coding By Means Of Interactive Problem Solving

Kurukshetra is a web framework that’s developed with the aim of being the first open source framework which provides a solid foundation to host reasonably complex secure coding challenges while still providing the ability to efficiently and dynamically execute each challenge on the basis of user...

CVE-2017-18242

The applydependentcoupling function in libavcodec/aacdec.c in Libav 12.2 allows remote attackers to cause a denial of service out-of-bounds read via a crafted aac file...

StaCoAn - Crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications. This tool will look for interesting lines in the code which can contain: Hardcoded credentials API keys URL's of API's Decryption keys Major coding...

Open Source Static Code Analyser: StaCoAn

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications. This tool will look for interesting lines in the code which can contain: Hardcoded credentials API keys URL’s of API’s Decryption keys Major coding...

Design/Logic Flaw

axTLS version 1.5.3 has a coding error in the ASN.1 parser resulting in the year 1950 of UTCTime being misinterpreted as 2050...

CVE-2017-1000416

axTLS version 1.5.3 has a coding error in the ASN.1 parser resulting in the year 1950 of UTCTime being misinterpreted as 2050...

CVE-2017-1000416

Removed by vendor...

CVE-2017-1000416

axTLS version 1.5.3 has a coding error in the ASN.1 parser resulting in the year 1950 of UTCTime being misinterpreted as 2050...

CVE-2017-1000416

CVE-2017-1000416 concerns axTLS 1.5.3, where a coding error in the ASN.1 parser causes the UTCTime year (19)50 to be misinterpreted as 2050. The available sources describe the issue and its manifestation but do not specify affected products beyond axTLS 1.5.3, nor provide remediation steps or exp...

January 17, 2017 – Morning Cyber Coffee Headlines – “Australian Open” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! January 17, 2018 - Headlines Carbon Black in the News: Confidence in legacy...

CVE-2017-13188

An information disclosure vulnerability in the Android media framework aac. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65280786...

Razer US: [zvault.razerzone.com] URL validation bypass

The researcher discovered that a page on our zVault that intended to perform redirection which allowed a URL bypass due to a coding flaw. The flaw was an attempt at sanitation that could actually be leveraged to redirect to a URL string useful for phishing. He provided an analysis of the code and...

Debian DLA-1179-1 : shibboleth-sp2 security update

Rod Widdowson of Steading System Software LLP discovered a coding error in the 'Dynamic' metadata plugin of the Shibboleth Service Provider, causing the plugin to fail configuring itself with the filters provided and omitting whatever checks they are intended to perform. For Debian 7 'Wheezy',...

Debian DLA-1178-1 : opensaml2 security update

Rod Widdowson of Steading System Software LLP discovered a coding error in the OpenSAML library, causing the DynamicMetadataProvider class to fail configuring itself with the filters provided and omitting whatever checks they are intended to perform. For Debian 7 'Wheezy', these problems have bee...

[SECURITY] [DLA 1179-1] shibboleth-sp2 security update

Package : shibboleth-sp2 Version : 2.4.3+dfsg-5+deb7u2 CVE ID : CVE-2017-16852 Debian Bug : 881857 Rod Widdowson of Steading System Software LLP discovered a coding error in the "Dynamic" metadata plugin of the Shibboleth Service Provider, causing the plugin to fail configuring itself with the...