Microsoft Windows x86 TCP bind shell shellcode.

Dashlane suffers from a cross site scripting vulnerability in the doOnboardingSiteStep API.

Android debuggerd was recently changed to drop privileges between attaching to a crashed process and dumping it to reduce its attack surface. The following issue allows that mitigation to be bypassed and also allows a privileged attacker (logcat access) to bypass userland ASLR.

If a method is called on a MovieClip in Adobe Flash, and a getter is set with the name of the method, the getter will get executed during the call, and can free the MovieClip, leading to a user-after-free.

There is an information leak in Adobe Flash in the Transform.colorTranform getter. If the constructor for ColorTransform is overwritten with a getter using addProperty, this getter will execute when fetching the constructor, which can then free the MovieClip containing the Tranform.

Android suffers from an inconsistency between the way that the two functions in libutils/Unicode.cpp handle invalid surrogate pairs in UTF16, resulting in a mismatch between the size calculated by utf16_to_utf8_length and the number of bytes written by utf16_to_utf8. This results in a heap buffer overflow.

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.