AndroL4b - A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

AndroL4b is an android security virtual machine based on ubuntu Mate includes the collection of latest framework, tutorials and labs from different security geeks and researcher for reverse engineering and malware analysis. Tools APKStudio Cross-platform Qt5 based IDE for reverse-engineering...

MobSF (Mobile Security Framework) - Mobile (Android/iOS) Automated Pen-Testing Framework

Mobile Security Framework MobSF is an intelligent, all-in-one open source mobile application Android/iOS automated pen-testing framework capable of performing static and dynamic analysis. We've been depending on multiple tools to carry out reversing, decoding, debugging, code review, and pen-test...

Big news from the HITRUST 2015 conference: The HITRUST CSF is gaining momentum as the de facto framework amongst healthcare organizations

As the HITRUST 2015 conference in Grapevine, Texas ended, I was reminded of the numerous predictions that flagged 2015 the year of the healthcare breach. And in just the first half of the year weve already witnessed three mega breaches that combined to compromise over 90 million patient records. ...

[SECURITY] Fedora 19 Update: php-ZendFramework2-2.2.8-2.fc19

Zend Framework 2 is an open source framework for developing web applications and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code and utilizes most of the new features of PHP 5.3, namely namespaces, late static binding, lambda functions and closures. Zend Framework 2 evolv...

PHP Security Framework Multiple Input Validation Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/26898/info PHP Security Framework is prone to multiple input-validation vulnerabilities, including multiple SQL-injection issues and remote file-include issues. A successful exploit may allow an attacker to execute...

PT-2019-7010 · Thoughtworks · Xstream Api

Name of the Vulnerable Software and Affected Versions: Xstream API versions up to 1.4.6 Xstream API version 1.4.10 Description: The issue allows a remote attacker to execute arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format, such as...

[Subterfuge v1.0] Automated Man-in-the-Middle Attack Framework

Subterfuge , a Framework to take the arcane art of Man-in-the-Middle Attacks and make it as simple as point and shoot. Subterfuge demonstrates vulnerabilities in the ARP Protocol by harvesting credentials that go across the network and even exploiting machines by injecting malicious code directly...

Important: Red Hat Security Advisory: Fuse ESB Enterprise 7.1.0 update

Fuse ESB Enterprise 7.1.0 Patch 3, which fixes three security issues and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give...

TP-Link - Admin Panel Multiple Cross-Site Request Forgery Vulnerabilities

TP-Link - Admin Panel Multiple Cross-Site Request Forgery Vulnerabilities Advisory Name: Multiple Cross Site Request Forgery vulnerabilities in TP-LINK Admin Panel Internal Cybsec Advisory Id: 2013-0208-Multiple CSRF vulnerabilities in TP-LINK Vulnerability Class: Cross Site Request Forgery CSRF...

Cotonti 0.6.23 SQL Injection Vulnerability

Exploit for php platform in category web applications ================================================================== Vulnerable Software: cotonti-0.6.23 Official Site: http://www.cotonti.com/ Tested version: http://cotonti.googlecode.com/files/cotonti-0.6.23.7z...

Mac OS X Multiple Vulnerabilities (2012-002)

This host is missing an important security update according to Mac OS X 10.6.8 Update/Mac OS X Security Update 2012-002. OpenVAS Vulnerability Test $Id: gbmacosxsu12-002.nasl 6521 2017-07-04 14:51:10Z cfischer $ Mac OS X Multiple Vulnerabilities 2012-002 Authors: Madhuri D Copyright: Copyright c...

CVE-2012-0662

Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via crafted input...

Integer overflow

Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via crafted input...

CVE-2012-0662

CVE-2012-0662 : Integer overflow in the Security Framework of Apple Mac OS X prior to 10.7.4 enables remote attackers to execute arbitrary code or cause a denial of service via crafted input. The vulnerability is documented in NVD with a base score of 7.5 (HIGH) and a network attack vector with n...

CVE-2012-0662

Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via crafted input...

Mac OS X 10.7.x < 10.7.4 Multiple Vulnerabilities (BEAST)

The remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.4. The newer version contains numerous security-related fixes for the following components : - Login Window - Bluetooth - curl - HFS - Kernel - libarchive - libsecurity - libxml - LoginUIFramework - PHP - Quartz Compose...

Mac OS X Multiple Vulnerabilities (Security Update 2012-002) (BEAST)

The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2012-002 applied. This update contains multiple security-related fixes for the following components : - curl - Directory Service - ImageIO - libarchive - libsecurity - libxml - Quartz Composer - QuickTime -...

CVE-2012-0528

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, and 11.1.0.7, and Oracle Enterprise Manager Grid Control, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security...

CVE-2012-0520

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.2, and in Oracle Enterprise Manager Grid Control 10.2.0.5 and 11.1.0.1, allows remote attackers to affect integrity via unknown vectors related ...

Design/Logic Flaw

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.2, and in Oracle Enterprise Manager Grid Control 10.2.0.5 and 11.1.0.1, allows remote attackers to affect integrity via unknown vectors related ...