Autodesk FBX-SDK Buffer Overflow Vulnerability

Autodesk FBX-SDK is a free software development platform and API toolkit for C++ from Autodesk. A buffer overflow vulnerability exists in Autodesk FBX-SDK 2017.0 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary code or cause a denial of service infinite loop...

Autodesk FBX-SDK Security Bypass Vulnerability

Autodesk FBX-SDK is a free software development platform and API toolkit for C++ from Autodesk. A security vulnerability exists in Autodesk FBX-SDK 2017.0 and earlier versions. An attacker can exploit the vulnerability to gain access to uninitialized pointers...

Halcyon - IDE for Nmap Script (NSE) Development

Halcyon is the first IDE specifically focused on Nmap Script NSE Development. This research idea was originated while writing custom Nmap Scripts for Enterprise Penetration Testing Scenarios. The existing challenge in developing Nmap Scripts NSE was the lack of a development environment that give...

The vulnerability of the Flash Player software, which allows a violator to execute arbitrary code

The vulnerability in the development tools of the Primetime software platform, Flash Player, arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code memory corruption remotely...

EGESPLOIT - A Golang Library For Malware Development

EGESPLOIT is a golang library for malware development, it has few unique functions for meterpreter integration. DOCUMENTATION CalculateChecksumx : Function calculates x digit 8 bit checksum for reverse HTTP/HTTPS meterpreter connections, returns the calculated checksum as string...

sustainabledevelopment.un.org XSS vulnerability

Vulnerable URL: https://sustainabledevelopment.un.org/index.php?menu=1629=" autofocus onfocus=alert/XSSPOSED/// Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No...

OWASP Security Knowledge Framework - An expert system application that uses OWASP Application Security Verification Standard

Security Knowledge Framework is an expert system application that uses OWASP Application Security Verification Standard, code examples, helps developers in pre-development and post-development. Introduction Our experience taught us that the current level of security the current web-applications...

Multi-Architecture GDB Enhanced Features for Exploiters & Reverse-Engineers: GEF

Multi-Architecture GDB Enhanced Features for Exploiters & Reverse-Engineers GEF is a kick-ass set of commands for X86, ARM, MIPS, PowerPC and SPARC to make GDB cool again for exploit dev. It is aimed to be used mostly by exploiters and reverse-engineers, to provides additional features to GDB usi...

Buffer overflow

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware subcomponent: Outside In Filters. Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2016-9305

Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain access to uninitialized pointers...

[SECURITY] Fedora 25 Update: xemacs-packages-extra-20170114-1.fc25

XEmacs is a highly customizable open source text editor and application development system. It is protected under the GNU General Public License and related to other versions of Emacs, in particular GNU Emacs. Its emphasis is on modern graphical user interface support and an open software...

SUSE SLED12 / SLES12 Security Update : gstreamer-0_10-plugins-base (SUSE-SU-2017:0263-1)

gstreamer-010-plugins-base was updated to fix one issue. This security issue was fixed : - CVE-2016-9811: Out of bounds memory read in windowsicontypefind bsc1013669. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable...

Glue - Application Security Automation

Glue is a framework for running a series of tools. Generally, it is intended as a backbone for automating a security analysis pipeline of tools. Recommended Usage For those wishing to run Glue, we recommend using the docker image because it should have the other tools it uses available already an...

RedHat Update for java-1.6.0-openjdk RHSA-2017:0061-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS Update for java CESA-2017:0061 centos7

Check the version of java SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882632";...

From MS16-098 see a Windows 8.1 kernel exploit-vulnerability warning-the black bar safety net

When I first started contact core vulnerability when I don't have any about the kernel of the experience, not to mention to take advantage of a kernel vulnerability, but I'm always for reverse engineering and exploit techniques are very interested. Initially, my idea was simple: find one not...

CVE-2016-10033: the PHPMailer remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

PHP is an open source scripting language that is used to embed the HTML to do Web development. It has 9 million users, and is the many popular tools such as WordPress, Drupal, Joomla! Etc. This Monday a high-risk security update to solve the PHPMailer remote code execution vulnerability...

MS12-070: Description of the security update for SQL Server 2012 GDR: October 9, 2012

MS12-070: Description of the security update for SQL Server 2012 GDR: October 9, 2012 View products that this article applies to.Microsoft has released security bulletin MS12-070. To view the complete security bulletin, go to one of the following Microsoft websites: Home users:...

[SECURITY] Fedora 25 Update: FlightGear-2016.3.1-3.fc25

The Flight Gear project is working to create a sophisticated flight simulator framework for the development and pursuit of interesting flight simulator ideas. We are developing a solid basic sim that can be expanded and improved upon by anyone interested in contributing...

Commix 1.6 - Automated All-In-One OS Command Injection And Exploitation Tool

Commix short for comm and i njection e x ploiter is an automated tool written by Anastasios Stasinopoulos @ancst that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities...