The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service (stack consumption and segmentation fault) or possibly have unspecified other impact via...
Read MoreReader Chris submitted a suspicious attachment. It is a 7-Zip file. As you probably know, I like to do static analysis without extracting malware to disk, but by piping it into a chain of tools. This can be done with 7-Zip too....
Read MoreDirectory traversal vulnerability in viewer_script.jsp in Riverbed OPNET App Response Xpert (ARX) version 9.6.1 allows remote authenticated users to inject arbitrary commands to read OS files.
Read MoreIn Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted.
Read MoreIn Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using...
Read More