Portable Malware Analysis Sandbox: Noriben

Portable Malware Analysis Sandbox Noriben is a Python-based script that works in conjunction with Sysinternals Procmon to automatically collect, analyze, and report on runtime indicators of malware. In a nutshell, it allows you to run your malware, hit a keypress, and get a simple text report of...

Google 'Android Things' — An Operating System for the Internet of Things

Google announced a Developers Preview of "Android Things" — an Android-based operating system platform for smart devices and Internet of Things IoT products. The Android-based Internet of Things OS is designed to make it easier for developers to build a smart appliance since they will be able to...

CVE-2016-7270

The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain sensitive cleartext information by leveraging key guessability, aka ".NET Information Disclosure...

DT Register, sql/xss, 3.1.12 / 2.8.18 and previous

DT Register Vulnerable version: 3.1.12 / 2.8.18 and previous sql/xss http://www.dthdevelopment.com/dth-news/dt-register-3.1.13-security-release.html http://www.dthdevelopment.com/joomla-components/dt-register-event-registration-for-joomla.html developer did not inform VEL...

Code Reuse a Peril for Secure Software Development

The amount of insecure software tied to reused third-party libraries and lingering in applications long after patches have been deployed is staggering. It’s a habitual problem perpetuated by developers failing to vet third-party code for vulnerabilities, and some repositories taking a hands-off...

Joomla DT Register SQL Injection

Title: SQL injection in Joomla extension DT Register Credit: Elar Lang / https://security.elarlang.eu Vulnerability: SQL injection Vulnerable version: before 3.1.12 Joomla 3.x / 2.8.18 Joomla 2.5 CVE: pending Full Disclosure URL:...

Joomla DT Register Component - cat SQL Injection Vulnerability

Exploit for php platform in category web applications Title: SQL injection in Joomla extension DT Register Credit: Elar Lang / https://security.elarlang.eu Vulnerability: SQL injection Vulnerable version: before 3.1.12 Joomla 3.x / 2.8.18 Joomla 2.5 CVE: pending Full Disclosure URL:...

Joomla! Component DT Register - cat SQL Injection

Joomla! Component DT Register - cat SQL Injection Title: SQL injection in Joomla extension DT Register Credit: Elar Lang / https://security.elarlang.eu Vulnerability: SQL injection Vulnerable version: before 3.1.12 Joomla 3.x / 2.8.18 Joomla 2.5 CVE: pending Full Disclosure URL:...

Joomla! Component DT Register - 'cat' SQL Injection

Title: SQL injection in Joomla extension DT Register Credit: Elar Lang / https://security.elarlang.eu Vulnerability: SQL injection Vulnerable version: before 3.1.12 Joomla 3.x / 2.8.18 Joomla 2.5 CVE: pending Full Disclosure URL:...

Rescanning Applications with RIPS

Benefits One of the most important things in modern application development is to think about security in every step of the development lifecycle. Beginning with the start of the development right up until the continued deployment of patches and features - security is important in all stages of a...

[SECURITY] Fedora 23 Update: flex-2.6.0-2.fc23

The flex program generates scanners. Scanners are programs which can recognize lexical patterns in text. Flex takes pairs of regular expressions and C code as input and generates a C source file as output. The output file is compiled and linked with a library to produce an executable. The...

[SECURITY] Fedora 25 Update: vagrant-1.8.5-2.fc25

Vagrant is a tool for building and distributing virtualized development environments...

[SECURITY] Fedora 23 Update: vagrant-1.8.1-3.fc23

Vagrant is a tool for building and distributing virtualized development environments...

[SECURITY] Fedora 25 Update: icu-57.1-4.fc25

Tools and utilities for developing with icu...

EasyPHP Devserver Remote Command Execution Vulnerability

EasyPHP is a Windows Apache + Mysql + Perl/PHP/Python development kit , the package integrates PHP, Apache, MySQL, but also integrated a number of auxiliary development tools . A remote command execution vulnerability exists in EasyPHP Devserver running on port 1111, which can be exploited to...

Microsoft Edge - 'CText­Extractor::Get­Block­Text' Out-of-Bounds Read (MS16-104)

::first-letter border: 0; white-space: pre-line; Aalert;&x­D;&x­D;B Description Though I did not investigate thoroughly, I did find out the following: The root cause appears to be an integer underflow in a 32-bit variable used in CText­Extractor..Get­Block­Text as an index to read a WCHAR in a...

[SECURITY] Fedora 25 Update: python-django-1.9.11-1.fc25

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

[SECURITY] Fedora 25 Update: icu-57.1-2.fc25

Tools and utilities for developing with icu...

Microsoft Joins The Linux Foundation — Turns Love Affair Into a Relationship

You won't believe your eyes while reading this, but this is true. Microsoft just joined the Linux Foundation as a high-paying Platinum member. Microsoft's love with open source community is embracing as time passes. At its first Connect event in 2013, the company launched Visual Studio 2013. A ye...

Objective Development Little Snitch Buffer Overflow Vulnerability

Objective Development Little Snitch is a suite of personal security software for Mac from the Austrian company Objective Development. A buffer overflow vulnerability exists in Objective Development Little Snitch versions 3.0 through 3.6.1. A local attacker can exploit this vulnerability to gain...