Lucene search
K

477 matches found

CNNVD
CNNVD
added 2025/02/05 12:0 a.m.5 views

Mobile Security Framework 安全漏洞

Mobile Security Framework MobSF is an automated all-in-one mobile application open-sourced by Mobile Security Framework. Used for penetration testing, malware analysis and security assessments, it is capable of performing both static and dynamic analysis. A security vulnerability exists in Mobile...

8.5CVSS6.3AI score0.00348EPSS
Exploits1References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/12/12 6:31 p.m.3 views

Malicious code in testin-elengo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 594a2ba539dc07c62c9e4e9310e88baf659a54029490fd15312eaba8cc279e00 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/12/07 11:43 a.m.3 views

Malicious code in normal-dep (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6f2efb34b8082c086da6493f93ca16d2de070a218ff6cb8f2c32468ca268412f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References1
Securelist
Securelist
added 2024/12/05 10:0 a.m.12 views

Our secret ingredient for reverse engineering

Nowadays, a lot of cybersecurity professionals use IDA Pro as their primary tool for reverse engineering. While IDA is a complex tool that implements a multitude of features useful for dissecting binaries, many reverse engineers use various plugins to add further functionality to this software. W...

6.4AI score
Exploits0
OSV
OSV
added 2024/12/03 4:15 p.m.7 views

PYSEC-2024-256

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get request in the checkurl method is specified as allowredirects=True, which allows a server-side reque...

7.5CVSS7.1AI score0.00407EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/03 3:39 p.m.60 views

CVE-2024-53999 Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to th...

8.1CVSS0.00508EPSS
Exploits1References2
OSV
OSV
added 2024/12/03 3:39 p.m.22 views

CVE-2024-53999 Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to th...

8.1CVSS5.5AI score0.00508EPSS
Exploits1References4
CVE
CVE
added 2024/12/03 3:39 p.m.69 views

CVE-2024-53999

MobSF suffers a Stored Cross-Site Scripting (XSS) vulnerability in the Diff or Compare functionality. The issue stems from allowing scripts in the filename parameter during file uploads, enabling a malicious actor to upload a script and trigger its execution when users invoke the diff/compare fea...

8.1CVSS7.2AI score0.00508EPSS
Exploits1References2Affected Software1
Securelist
Securelist
added 2024/11/26 10:0 a.m.38 views

Analysis of Elpaco: a Mimic variant

Introduction In a recent incident response case, we dealt with a variant of the Mimic ransomware with some interesting customization features. The attackers were able to connect via RDP to the victim's server after a successful brute force attack and then launch the ransomware. After that, the...

7.9AI score0.99512EPSS
Exploits75
Trellix
Trellix
added 2024/11/14 12:0 a.m.6 views

Transforming Threat Actor Research into a Strong Defense Strategy

Transforming Threat Actor Research into a Strong Defense Strategy By James Murphy, Ale Houspanossian, Leandro Velasco LV and Ilya Kolmanovich · November 14, 2024 What does it take to transform threat actor research into detection engineering? If we look at threat intelligence at its core, then we...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2024/10/02 11:0 a.m.14 views

5 Must-Have Tools for Effective Dynamic Malware Analysis

Dynamic malware analysis is a key part of any threat investigation. It involves executing a sample of a malicious program in the isolated environment of a malware sandbox to monitor its behavior and gather actionable indicators. Effective analysis must be fast, in-depth, and precise. These five...

7.3AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/09/23 1:47 p.m.4 views

Malicious code in dcnm-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 60cebc6f07c7ce4ba095946f2ee01997897e8acdaaa926a98ee8c6a66aff97f4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References1
Kitploit
Kitploit
added 2024/09/20 11:30 a.m.40 views

File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add

file-unpumper is a powerful command-line utility designed to clean and analyze Portable Executable PE files. It provides a range of features to help developers and security professionals work with PE files more effectively. Features PE Header Fixing : file-unpumper can fix and align the PE header...

7.1AI score
Exploits0References2
Cvelist
Cvelist
added 2024/08/19 2:44 p.m.55 views

CVE-2024-43399 Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Before 4.0.7, there is a flaw in the Static Libraries analysis section. Specifically, during the extraction of .a extension files, the measure...

8CVSS0.00902EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/08/19 2:44 p.m.22 views

CVE-2024-43399 Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Before 4.0.7, there is a flaw in the Static Libraries analysis section. Specifically, during the extraction of .a extension files, the measure...

8CVSS7.6AI score0.00902EPSS
Exploits1References2
Circl
Circl
added 2024/08/12 9:51 p.m.10 views

CVE-2024-41710

creationtimestamp| type| source ---|---|--- 2024-08-12 21:51:10+00:00| seen| https://t.me/cvedetector/2885 2025-01-29 15:16:45+00:00| seen| https://bsky.app/profile/bluecyber.bsky.social/post/3lgvba3e4e222 2025-01-29 21:02:07+00:00| seen|...

7.2CVSS7.1AI score0.4161EPSS
Exploits3References44
Trellix
Trellix
added 2024/08/09 12:0 a.m.10 views

No symbols? No problem!

No symbols? No problem! By Trellix · August 9, 2024 This blog was written by Max Kersten Malware analysts know it all too well: the ominous feeling that washes over you when opening an unknown file in your favorite analysis tool and being greeted with hundreds or thousands of unknown functions,...

6.5AI score
Exploits0
CNNVD
CNNVD
added 2024/07/31 12:0 a.m.6 views

Mobile Security Framework 安全漏洞

Mobile Security Framework MobSF is an automated all-in-one mobile application open-sourced by Mobile Security Framework. It is used for penetration testing, malware analysis, and security assessments, and is capable of performing both static and dynamic analysis. A security vulnerability exists i...

5.4CVSS6.7AI score0.01EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.21 views

RHEL 7 : gdb (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gdb: buffer overflow while opening an ELF for debugging leads to Dos, information dislosure and code...

7.8CVSS8.8AI score0.02628EPSS
Exploits3References3
Securelist
Securelist
added 2024/05/14 11:0 a.m.12 views

Incident response analyst report 2023

Incident response analyst report 2023 As an information security company, our services include incident response and investigation, and malware analysis. Our customer base spans Russia, Europe, Asia, South and North America, Africa and the Middle East. Our annual Incident Response Report presents...

7.4AI score
Exploits0
Rows per page
Query Builder