8752 matches found
PA Toolkit - A Collection Of Traffic Analysis Plugins Focused On Security
PA Toolkit is a collection of traffic analysis plugins to extend the functionality of Wireshark from a micro-analysis tool and protocol dissector to the macro analyzer and threat hunter. PA Toolkit contains plugins both dissectors and taps covering various scenarios for multiple protocols,...
Buffer Overflow Vulnerability in Hikvision Video Playback Library SDK
Hikvision Playback Library SDK is a secondary development kit related to playback of Hikvision embedded network DVRs, video servers, and supporting products for IP devices. A buffer overflow vulnerability exists in the Hikvision Video Playback Library SDK. An attacker can exploit the vulnerabilit...
Zhejiang Dahua Playback Library SDK suffers from denial-of-service vulnerability (CNVD-2019-00117)
Playback Library SDK is a development kit based on Dahua's private code stream encapsulation protocol developed to serve network DVRs, network video servers, network cameras, network dome cameras, intelligent devices and other products. A denial of service vulnerability exists in the Zhejiang Dah...
PT-2023-16570 · Gpac +1 · Gpac +1
Name of the Vulnerable Software and Affected Versions: gpac/gpac versions prior to 2.3.0-DEV Description: A Heap-based Buffer Overflow issue has been identified. The estimated number of potentially affected devices and details about real-world incidents are not provided. Recommendations: For...
OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361)
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Sound. Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulnerability allows unauthenticated attacker with...
NetChat v7.8 - Persistent Cross Site Scripting Vulnerability
Document Title: =============== NetChat v7.8 - Persistent Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2171 Video: https://www.vulnerability-lab.com/getcontent.php?id=2174...
SQL Injection Vulnerability in Fully Graphical Application Development Environment V2010
The full graphical application system development environment is developed by Jiangsu Lianbang Information Technology Co., Ltd. and is mainly used in the government, education industry, medical industry website. A SQL injection vulnerability exists in Full Graphical Application Development...
DevAudit - Open-source, Cross-Platform, Multi-Purpose Security Auditing Tool
DevAudit is an open-source, cross-platform, multi-purpose security auditing tool targeted at developers and teams adopting DevOps and DevSecOps that detects security vulnerabilities at multiple levels of the solution stack. DevAudit provides a wide array of auditing capabilities that automate...
Hey Belfast, Imperva’s Moving Into The Neighborhood
As a local, I’m very excited to be Imperva’s first Belfast hire, in charge of spinning up the operation in our new European location. Imperva provides best-in-class data and application security solutions on premises, in the cloud, and in hybrid environments. As we position ourselves for the next...
Newsmaker Interview: Katie Moussouris on Improving Bug Bounty Programs
Bug bounty programs continue to increase in popularity – but that popularity has its downsides. Since the launch of the Hack the Pentagon program in 2016, bug bounty programs have quickly grown in popularity. Bugcrowd’s State of Bug Bounty report this year found that the number of programs launch...
Cheetah Mobile Blames SDKs for Rampant Ad Fraud in Its Android Apps
Cheetah Mobile is finding itself in a swirl of media attention after being accused of developing mobile apps that contain deliberate ad fraud features. But the mobile giant says it didn’t do it. The Chinese developer, which is listed as a top provider in Google Play’s tool app category, offers...
openSUSE Security Update : libwpd (openSUSE-2018-1463)
This update for libwpd fixes the following issues : Security issue fixed : - CVE-2018-19208: illegal address access inside libwpd at function WP6ContentListener:defineTable bsc1115713. This update was imported from the SUSE:SLE-15:Update update project. %NASLMINLEVEL 70300 C Tenable Network...
Sheepl - Creating Realistic User Behaviour For Supporting Tradecraft Development Within Lab Environments
Sheepl : Creating realistic user behaviour for supporting tradecraft development within lab environments Introduction There are lots of resources available online relating to how you can build AD network environments for the development of blue team and red team tradecraft. However the current...
Investigate Inline Hooks: PE-sieve
PE-sieve is a light-weight tool that helps to detect malware running on the system, as well as to collect the potentially malicious material for further analysis. Recognizes and dumps variety of implants within the scanned process: replaced/injected PEs, shellcodes, hooks, and other in-memory...
Stable Channel Update for Desktop
The stable channel has been updated to 70.0.3538.110 for Windows, Mac, and Linux, which will roll out over the coming days/weeks. A list of all changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The...
VirtualBox virtual machine latest escape vulnerability E1000 0day detailed analysis of under-vulnerability warning-the black bar safety net
Recently, Russian security researcher Sergey Zelenyuk released for VirtualBox 5.2.20 early version of the zero-day exploit detailed information, these versions can allow an attacker to escape the virtual machine and executed on the host RING 3-layer code. Then, the attacker can take advantage of...
Pacu - The AWS Exploitation Framework, Designed For Testing The Security Of Amazon Web Services Environments
Pacu is an open source AWS exploitation framework, designed for offensive security testing against cloud environments. Created and maintained by Rhino Security Labs, Pacu allows penetration testers to exploit configuration flaws within an AWS account, using modules to easily expand its...
QSC18: API Security, Enabling Innovation Without Enabling Attacks and Data Breaches
Without APIs, it would be near impossible to see enterprises being able to digitally transform themselves. After all, APIs are the connective-tissue between applications and systems and they make the management, automation and consumption of technology possible at scale. APIs are what enable...
KLA11358 Multiple vulnerabilities in Microsoft Development Tools
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Microsoft PowerShell can be exploited...
JBoss/WildFly: iiop does not honour strict transport confidentiality
The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting allow clients to create plaintext connections:...