I updated my base64dump.py program to help with extraction of shellcode from JavaScript.

base64dump now also support Unicode encoding and hexadecimal. If you have suggestions for other encodings, please post a comment.

Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Sivann ITDB 'examples_support/editable_ajax.php' Cross Site Scripting Vulnerability
QEMU 'hw/net/eepro100.c' Denial of Service Vulnerability
QEMU CVE-2016-8909 Infinite Loop Denial of Service Vulnerability
Huawei FusionStorage CVE-2016-8803 Local Privilege Escalation Vulnerability
Multiple Huawei Products CVE-2016-8774 Local Buffer Overflow Vulnerability
BigTree CMS 'check-module-integrity.php' Cross Site Scripting Vulnerability
Multiple Huawei CloudEngine Products CVE-2016-8795 Integer Overflow Vulnerability
ISC BIND CVE-2016-2848 Remote Denial of Service Vulnerability
TomatoCart 'step_5.php' Multiple Cross Site Scripting Vulnerabilities
MoinMoin 'action/fckdialog.py' Cross-Site Scripting Vulnerability

Enlarge (credit: Mark Wilson/Getty Images)

A data breach at the US Navy has exposed the social security numbers and names of more than 130,000 current and former sailors, officials confirmed late on Wednesday—adding that "unknown individuals" had accessed the sensitive information.

Hewlett Packard Enterprise told the US Navy that one of its laptops operated by a contractor had been "compromised," however it didn't provide any further information about how the breach—affecting 143,386 sailors—had occurred.

"The Navy takes this incident extremely seriously—this is a matter of trust for our sailors," said chief of naval personnel vice admiral Robert Burke. "We are in the early stages of investigating and are working quickly to identify and take care of those affected by this breach."

Read 5 remaining paragraphs | Comments

[SYSS-2016-071] Blaupunkt Smart GSM Alarm SA 2500 Kit - Missing Protection against Replay Attacks
[SYSS-2016-064] Multi Kon Trade M2B GSM Wireless Alarm System - Improper Restriction of Excessive Authentication Attempts (CWE-307)
[SYSS-2016-107] EASY HOME Alarmanlagen-Set - Cryptographic Issues (CWE-310)
Expat CVE-2016-5300 Incomplete Fix Remote Denial of Service Vulnerability
Linux Kernel 'usbhid/hiddev.c' Local Heap Buffer Overflow Vulnerability
Linux Kernel CVE-2016-7117 Use-After-Free Remote Code Execution Vulnerability
Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
GStreamer Good Plug-ins Multiple Buffer Overflow Vulnerabilities
w3m Multiple Security Vulnerabilities
[SYSS-2016-066] Multi Kon Trade M2B GSM Wireless Alarm System - Missing Protection against Replay Attacks
Internet Storm Center Infocon Status