Automatically Extracting Obfuscated Strings from Malware using the FireEye Labs Obfuscated String Solver (FLOSS)

Introduction and Motivation Have you ever run strings.exe on a malware executable and its output provided you with IP addresses, file names, registry keys, and other indicators of compromise IOCs? Great! No need to run further analysis or hire expensive experts to determine if a file is malicious...

Automatically Extracting Obfuscated Strings from Malware using the FireEye Labs Obfuscated String Solver (FLOSS)

Introduction and Motivation Have you ever run strings.exe on a malware executable and its output provided you with IP addresses, file names, registry keys, and other indicators of compromise IOCs? Great! No need to run further analysis or hire expensive experts to determine if a file is malicious...

Ruby gem rack-mini-profiler Sensitive Information Access Vulnerability

Ruby gem rack-mini-profiler is an integrated client, database and server analysis toolkit for Ruby application development. A sensitive information acquisition vulnerability exists in Ruby gem rack-mini-profiler, which allows remote attackers to obtain sensitive strings and object information by...

Takumi Yamada DX Library Remote Code Execution Vulnerability

Takumi Yamada DX Library is an open source library for creating Windows applications. A remote code execution vulnerability exists in Takumi Yamada DX Library's handling of special strings, which could be exploited by a remote attacker to submit a special request to execute arbitrary code...

Ruby: Heap corruption in DateTime.strftime() on 32 bit for certain format strings

originally send by e-mail on 4 Jun 2016 Setting a very high precision in the datestrftimewithtmx function, the following check in the STRFTIME macro in datestrftime.c will not work as expected if 's' = 0x80000000 this is the same type of issue as the other vulnerability I submitted. c 124 if star...

SAP NetWeaver AS JAVA SQL Injection Vulnerability

SAP NetWeaver is an integrated, service-oriented application platform that provides a development and runtime environment for SAP applications.SAP NetWeaver AS Java is an application server that runs in NetWeaver and is based on the Java programming language. An SQL injection vulnerability exists...

PE Executables Static Analyzer: Manalyze

PE Executables Static Analyzer Manalyze performs static analysis on PE files, in order to detect signs of malicious behavior. It is a versatile tool with a robust parser and a set of built-in tests, but can also be extended easily.Manalyze was written in C++ for Windows and Linux and is released...

USN-2982-1 libksba vulnerabilities

Hanno Böck discovered that Libksba incorrectly handled decoding certain BER data. An attacker could use this issue to cause Libksba to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. CVE-2016-4353 Hanno Böck discovered that Libksba...

libksba: denial of service

An out-of-bound read access due to incorrect utf-8 strings handling has been in found in the ksbadntostr function. This issue is due to an incomplete fix for CVE-2016-4356, caused by an off-by-one error when handling incorrect utf-8 strings...

GNU gcc Denial of Service Vulnerability

GNU gcc GNU Compiler Collection is an open source compiler for programming languages developed by the GNU Project. A security vulnerability exists in the libiberty demangler library of GNU gcc. An attacker could exploit the vulnerability to read array index values in mangled strings, crashing the...

Security update for java-1_7_0-openjdk (important)

This update for java-170-openjdk to version 2.6.6 fixes five security issues. These security issues were fixed: - CVE-2016-0686: Ensure thread consistency bsc976340. - CVE-2016-0687: Better byte behavior bsc976340. - CVE-2016-0695: Make DSA more fair bsc976340. - CVE-2016-3425: Better buffering o...

Vulnerability in OpenSSL - EBCDIC overread

ASN1 Strings that are over 1024 bytes can cause an overread in applications using the X509NAMEoneline function on EBCDIC systems. This could result in arbitrary stack data being returned in the buffer. Found by Guido Vranken...

Wireshark NCP Parser Stack Buffer Overflow Vulnerability

Wireshark formerly known as Ethereal is a suite of network packet analysis software developed by the Wireshark team. A stack buffer overflow vulnerability exists in the epan/dissectors/packet-ncp2222.inc file in the NCP parser in Wireshark versions 1.12.11 prior to 1.12.x. This vulnerability can ...

DEBIAN-CVE-2016-4085

Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a long string in a packet...

[SECURITY] Fedora 24 Update: binutils-2.26-18.fc24

Binutils is a collection of binary utilities, including ar for creating, modifying and extracting from archives, as a family of GNU assemblers, gprof for displaying call graph profile data, ld the GNU linker, nm for listing symbols from object files, objcopy for copying and translating object...

festivaltts4r Gem for Ruby Arbitrary Command Execution

festivaltts4r passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to the tospeech and and tomp3 methods in lib/festivaltts4r/festival4r.rb library...

Strings Ensemble Effect Plugin - Exported components vulnerabilities

HackApp vulnerability scanner discovered that application Strings Ensemble Effect Plugin published at the 'play' market has multiple vulnerabilities...

UBUNTU-CVE-2014-9769

pcrejitcompile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service stack memory corruption or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata...

DEBIAN-CVE-2014-9769

pcrejitcompile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service stack memory corruption or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata...

USN-2938-1: Git vulnerabilities

Laël Cellier discovered that Git incorrectly handled path strings in crafted Git repositories. A remote attacker could use this issue to cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking Git. CVE-2016-2315, CVE-2016-2324...