I updated my base64dump.py program to help with extraction of shellcode from JavaScript.

base64dump now also support Unicode encoding and hexadecimal. If you have suggestions for other encodings, please post a comment.

Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com
NVISO

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Sivann ITDB 'examples_support/editable_ajax.php' Cross Site Scripting Vulnerability
 
QEMU 'hw/net/eepro100.c' Denial of Service Vulnerability
 
QEMU CVE-2016-8909 Infinite Loop Denial of Service Vulnerability
 
 
Huawei FusionStorage CVE-2016-8803 Local Privilege Escalation Vulnerability
 
Multiple Huawei Products CVE-2016-8774 Local Buffer Overflow Vulnerability
 
BigTree CMS 'check-module-integrity.php' Cross Site Scripting Vulnerability
 
Multiple Huawei CloudEngine Products CVE-2016-8795 Integer Overflow Vulnerability
 
ISC BIND CVE-2016-2848 Remote Denial of Service Vulnerability
 
TomatoCart 'step_5.php' Multiple Cross Site Scripting Vulnerabilities
 
MoinMoin 'action/fckdialog.py' Cross-Site Scripting Vulnerability
 

Enlarge (credit: Mark Wilson/Getty Images)

A data breach at the US Navy has exposed the social security numbers and names of more than 130,000 current and former sailors, officials confirmed late on Wednesday—adding that "unknown individuals" had accessed the sensitive information.

Hewlett Packard Enterprise told the US Navy that one of its laptops operated by a contractor had been "compromised," however it didn't provide any further information about how the breach—affecting 143,386 sailors—had occurred.

"The Navy takes this incident extremely seriously—this is a matter of trust for our sailors," said chief of naval personnel vice admiral Robert Burke. "We are in the early stages of investigating and are working quickly to identify and take care of those affected by this breach."

Read 5 remaining paragraphs | Comments

 
[SYSS-2016-071] Blaupunkt Smart GSM Alarm SA 2500 Kit - Missing Protection against Replay Attacks
 
[SYSS-2016-064] Multi Kon Trade M2B GSM Wireless Alarm System - Improper Restriction of Excessive Authentication Attempts (CWE-307)
 
[SYSS-2016-107] EASY HOME Alarmanlagen-Set - Cryptographic Issues (CWE-310)
 
Expat CVE-2016-5300 Incomplete Fix Remote Denial of Service Vulnerability
 
Linux Kernel 'usbhid/hiddev.c' Local Heap Buffer Overflow Vulnerability
 
Linux Kernel CVE-2016-7117 Use-After-Free Remote Code Execution Vulnerability
 
Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
 
GStreamer Good Plug-ins Multiple Buffer Overflow Vulnerabilities
 
w3m Multiple Security Vulnerabilities
 
[SYSS-2016-066] Multi Kon Trade M2B GSM Wireless Alarm System - Missing Protection against Replay Attacks
 
Internet Storm Center Infocon Status