wireshark -- multiple security issues

wireshark developers reports: wnpa-sec-2018-05. IEEE 802.11 dissector crash. CVE-2018-7335 wnpa-sec-2018-06. Large or infinite loops in multiple dissectors. CVE-2018-7321 through CVE-2018-7333 wnpa-sec-2018-07. UMTS MAC dissector crash. CVE-2018-7334 wnpa-sec-2018-08. DOCSIS dissector crash...

DVWA - Damn Vulnerable Web Application

Damn Vulnerable Web Application DVWA is a PHP/MySQL web application that is damn vulnerable. Its main goal is to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and to aid...

CVE-2017-3160

After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. However, since the default URI is not using https, it is vulnerable to a MiTM and the Gradle executable is not safe. The severity...

Google Booted 700,000 Bad Apps From Its Marketplace in 2017

Google set the record straight on Android security Tuesday, announcing that in 2017 it booted 700,000 apps from Google Play for violating marketplace policies. In a blog post titled “How we fought bad apps and malicious developers in 2017,” Google outlined efforts made over the last 12 months to...

Security vulnerabilities fixed in Thunderbird 52.6 — Mozilla

An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. A use-after-free vulnerability can occur while editing events in...

Popular Sonic the HedgeHog Apps at Risk of Leaking User Data to Unverified Servers

Three Sonic the Hedgehog games for Android, downloaded over 100 million times, are at risk of leaking user geolocation and other personal device data to suspicious servers, putting users at risk of man-in-the-middle attacks and similar type vulnerabilities, according to security experts. The game...

[SECURITY] Fedora 26 Update: python33-3.3.7-2.fc26

Python 3.3 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.3, see other distributions that support it, such as CentOS or RHEL with Software...

[SECURITY] Fedora 27 Update: python33-3.3.7-2.fc27

Python 3.3 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.3, see other distributions that support it, such as CentOS or RHEL with Software...

LaZagne v2.3 - Credentials Recovery Project

The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques plaintext, APIs, custom algorithms, databases, etc.. This tool has been developed for the purpose of finding these passwor...

[SECURITY] Fedora 26 Update: python34-3.4.7-2.fc26

Python 3.4 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.4, see other distributions that support it, such as CentOS or RHEL with Software...

[SECURITY] Fedora 26 Update: python35-3.5.4-2.fc26

Python 3.5 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.5, see other distributions that support it, such as CentOS or RHEL with Software...

[SECURITY] Fedora 27 Update: python34-3.4.7-2.fc27

Python 3.4 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.4, see other distributions that support it, such as CentOS or RHEL with Software...

[SECURITY] Fedora 27 Update: python35-3.5.4-2.fc27

Python 3.5 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.5, see other distributions that support it, such as CentOS or RHEL with Software...

[SECURITY] Fedora 26 Update: python26-2.6.9-7.fc26

Python 2.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 2.6, see other distributions that support it, such as CentOS or RHEL 6...

[SECURITY] Fedora 27 Update: python26-2.6.9-10.fc27

Python 2.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 2.6, see other distributions that support it, such as CentOS or RHEL 6...

Mobile Menace Monday: upping the ante on Adups

Adups is back on our radar. The same China-based company caught collecting an abundance of user data and creating a backdoor on mobile devices in 2016 has another malicious card to throw down. This time, it's an auto installer we detect as Android/PUP.Riskware.Autoins.Fota. We thought they cleane...

[SECURITY] Fedora 26 Update: tor-0.3.1.9-1.fc26

The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than makin g a direct connection, thus allowing both organizations and...

[SECURITY] Fedora 27 Update: tor-0.3.1.9-1.fc27

The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than makin g a direct connection, thus allowing both organizations and...

WordPress: antispambot does not always escape <, >, &, " and '

The antispambot function escapes some randomly selected characters from its first argument, for example: , &, ", or '. These last five characters should always be escaped. There is a chance that this will print out unescaped: console.log"hello";'; Even though the chance of this happening is low,...

Critical Flaw in Major Android Tools Targets Developers and Reverse Engineers

Finally, here we have a vulnerability that targets Android developers and reverse engineers, instead of app users. Security researchers have discovered an easily-exploitable vulnerability in Android application developer tools, both downloadable and cloud-based, that could allow attackers to stea...