CVE-2020-35587

In Solstice Pod before 3.0.3, the firmware can easily be decompiled/disassembled. The decompiled/disassembled files contain non-obfuscated code. NOTE: it is unclear whether lack of obfuscation is directly associated with a negative impact, or instead only facilitates an attack technique...

Do Not Install Development and Compilation Tools

Compilation tools in the service environment may be exploited by attackers to edit, tamper with, and perform reverse analysis on key files in the environment. Therefore, in the production environment, do not install compilation, decompilation, binary analysis tools, and compilation environments...

[SECURITY] Fedora 40 Update: CFR-0.151-16.fc40

CFR will decompile modern Java features - including much of Java 9, 12 & 14, but is written entirely in Java 6, so will work anywhere! It'll even make a decent go of turning class files from other JVM languages b ack into java!...

Mhf - Mobile Helper Framework - A Tool That Automates The Process Of Identifying The Framework/Technology Used To Create A Mobile Application

Mobile Helper Framework is a tool that automates the process of identifying the framework/technology used to create a mobile application. Additionally, it assists in finding sensitive information or provides suggestions for working with the identified platform. How work? The tool searches for fil...

ILSpy - .NET Decompiler With Support For PDB Generation, ReadyToRun, Metadata (and More) - Cross-Platform!

ILSpy is the open-source .NET assembly browser and decompiler. Decompiler Frontends Aside from the WPF UI ILSpy downloadable via Releases, see also plugins, the following other frontends are available: Visual Studio 2022 ships with decompilation support for F12 enabled by default using our engine...

Thousands of Android Malware Apps Using Stealthy APK Compression to Evade Detection

Threat actors are using Android Package APK files with unknown or unsupported compression methods to elude malware analysis. That's according to findings from Zimperium, which found 3,300 artifacts leveraging such compression algorithms in the wild. 71 of the identified samples can be loaded on t...

CVE-2023-25263

In Stimulsoft Designer Desktop 2023.1.5, and 2023.1.4, once an attacker decompiles the Stimulsoft.report.dll the attacker is able to decrypt any connectionstring stored in .mrt files since a static secret is used. The secret does not differ between the tested versions and different operating...

Design/Logic Flaw

In Stimulsoft Designer Desktop 2023.1.5, and 2023.1.4, once an attacker decompiles the Stimulsoft.report.dll the attacker is able to decrypt any connectionstring stored in .mrt files since a static secret is used. The secret does not differ between the tested versions and different operating...

CVE-2023-25263

In Stimulsoft Designer Desktop 2023.1.5, and 2023.1.4, once an attacker decompiles the Stimulsoft.report.dll the attacker is able to decrypt any connectionstring stored in .mrt files since a static secret is used. The secret does not differ between the tested versions and different operating...

PT-2023-20006 · Stimulsoft · Stimulsoft Designer +1

Name of the Vulnerable Software and Affected Versions: Stimulsoft Designer Desktop versions 2023.1.4 through 2023.1.5 Description: The issue allows an attacker to decrypt connection strings stored in .mrt files by decompiling the Stimulsoft.report.dll, as it uses a static secret that does not...

CVE-2023-25263

Stimulsoft Designer (Desktop) 2023.1.4–2023.1.5 is affected. Decompiling Stimulsoft.report.dll allows an attacker to decrypt any connection string stored in .mrt files due to a static secret used across tested versions and OSes. Root cause: hard-coded/static secret in the DLL enables bypassing op...

CVE-2023-0104

The listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a malicious project file. This may allow an attacker to gain control of the user’s computer or gain access to sensitive data...

How to train your Ghidra

Getting started with Ghidra For about two decades, being a reverse engineer meant that you had to master the ultimate disassembly tool, IDA Pro. Over the years, many other tools were created to complement or directly replace it, but only a few succeeded. Then came the era of decompilation, adding...

CVE-2021-43512

An issue was discovered in FlightRadar24 v8.9.0, v8.10.0, v8.10.2, v8.10.3, v8.10.4 for Android, allows attackers to cause unspecified consequences due to being able to decompile a local application and extract their API keys...

CVE-2021-43512

An issue was discovered in FlightRadar24 v8.9.0, v8.10.0, v8.10.2, v8.10.3, v8.10.4 for Android, allows attackers to cause unspecified consequences due to being able to decompile a local application and extract their API keys...

CVE-2021-43512

The CVE-2021-43512 entry concerns FlightRadar24 for Android versions 8.9.0, 8.10.0, 8.10.2, 8.10.3, and 8.10.4. The underlying issue is that an attacker could decompile a local application and extract its API keys, leading to unspecified consequences. The linked sources confirm the affected produ...

Garrett Metal Detectors iC Module CMA run_server_6877 authentication bypass vulnerability

Summary An authentication bypass vulnerability exists in the CMA runserver6877 functionality of Garrett Metal Detectors iC Module CMA Version 5.0. A properly-timed network connection can lead to authentication bypass via session hijacking. An attacker can send a sequence of requests to trigger th...

ELFXtract - An Automated Analysis Tool Used For Enumerating ELF Binaries

ELFXtract is an automated analysis tool used for enumerating ELF binaries Powered by Radare2 and r2ghidra This is specially developed for PWN challenges and it has many automated features It almost displays every details of the ELF and also decompiles its ASM to C code using r2ghidra Decompiling...

CVE-2020-29323

The D-link router DIR-885L-MFC 1.15b02, v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data...

CVE-2020-29324

The DLink Router DIR-895L MFC v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data...