PYSEC-2019-140

Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id...

CVE-2019-14806

CVE-2019-14806 affects Pallets Werkzeug prior to 0.15.3 when used with Docker, due to insufficient debugger PIN randomness caused by containers sharing the same machine-id. This enables remote exploitation with network access; CVSSv3 base score 7.5. Remediation is to upgrade Werkzeug to 0.15.3 or...

Finding Evil in Windows 10 Compressed Memory, Part Two: Virtual Store Deep Dive

Introduction This blog post is the second in a three-part series covering our Windows 10 memory forensics research and it coincides with our BlackHat USA 2019 presentation. In Part One of the series, we covered the integration of the research in both Volatily and Rekall memory forensics tools. We...

[SECURITY] Fedora 30 Update: radare2-3.6.0-1.fc30

The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and...

GNU Debugger (GDB) Buffer Overflow Vulnerability

GNU gdb is a GNU Project debugger from the GNU Project. It supports debugging C, C++, Pascal, and FORTRAN programming languages. A buffer overflow vulnerability exists in the main module in GNU gdb. The vulnerability stems from a networked system or product that performs operations in memory...

Dwarf - Full Featured Multi Arch/Os Debugger Built On Top Of PyQt5 And Frida

A debugger for reverse engineers, crackers and security analyst. Or you can call it damn, why are raspberries so fluffy or yet, duck warriors are rich as fuck. Whatever you like! Built on top of pyqt5, frida and some terrible code. Checkout the website for features, api and examples CHANGELOG...

Quantopian: Cross-site scripting on algorithm collaborator

Hi again my favorite VDP team. I bring you 8th bug and 4th cross-site scripting. Currently trying to upload python code via self-serve data, not looking for XSS'es only, but they're a thing still, right? Summary: By sending specially crafted websockets request attacker can run javascript in...

Binary vulnerability in ollydbg buffer

OllyDbg is a 32-bit Microsoft Windows assembly-level analyzing debugger, especially useful when source code is unavailable or the compiler encounters problems. A binary vulnerability exists in the ollydbg buffer that can be exploited by an attacker to cause a denial of service to the server...

Fedora Update for openocd FEDORA-2019-0a5e82cea8

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Denial Of Service (DoS)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. T...

Denial Of Service (DoS)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. T...

F5 Networks BIG-IP : NodeJS vulnerability (K37111863)

Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with node --debug or node debug, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate...

DragonCrack

DragonCrack a C++ Crackme with an RPGStyle story-line. You have to escape the dungeon and retrieve the key. There is a Dragon in the dungeon that fights back by casting spells upon you anti-debugging techniques there is a twist at the end and you will discover that the key was always you knew...

Windows Exploitation Tricks: Abusing the User-Mode Debugger

Posted by James Forshaw, Google Project Zero I've recently been adding native user-mode debugger support to NtObjectManager. Whenever I add new functionality I have to do some research and reverse engineering to better understand how it works. In this case I wondered what access you need to debug...

openSUSE Security Update : Chromium (openSUSE-2019-548)

This update for Chromium to version 67.0.3396.99 fixes multiple issues. Security issues fixed bsc1095163 : - CVE-2018-6123: Use after free in Blink - CVE-2018-6124: Type confusion in Blink - CVE-2018-6125: Overly permissive policy in WebUSB - CVE-2018-6126: Heap buffer overflow in Skia -...

openSUSE Security Update : nodejs6 (openSUSE-2019-234)

This update for nodejs6 to version 6.16.0 fixes the following issues : Security issues fixed : - CVE-2018-0734: Fixed a timing vulnerability in the DSA signature generation bsc1113652 - CVE-2018-5407: Fixed a hyperthread port content side channel attack aka 'PortSmash' bsc1113534 - CVE-2018-12120...

openSUSE: Security Advisory for nodejs6 (openSUSE-SU-2019:0234-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Cheat Engine - A Development Environment Focused On Modding

Cheat Engine is an open source tool designed to help you with modifying single player games running under window so you can make them harder or easier depending on your preferencee.g: Find that 100hp is too easy, try playing a game with a max of 1 HP, but also contains other usefull tools to help...

SUSE SLES12 Security Update : nodejs6 (SUSE-SU-2019:0395-1)

This update for nodejs6 to version 6.16.0 fixes the following issues : Security issues fixed : CVE-2018-0734: Fixed a timing vulnerability in the DSA signature generation bsc1113652 CVE-2018-5407: Fixed a hyperthread port content side channel attack aka 'PortSmash' bsc1113534 CVE-2018-12120: Fixe...

Interview with a malware hunter: Jérôme Segura

In our series "Interview with a malware hunter," our feature role today goes to Jérôme Segura, Malwarebytes’ Head of Threat Intelligence and world-renowned exploit kits researcher. The goal of this series is to introduce our readers to our malware intelligence crew by involving them in these Q&A...