Pallets Werkzeug cross-site scripting vulnerability

Cross-site scripting XSS vulnerability in the renderfull function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 as used in Pallets Flask and other products allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message...

OESA-2022-1632 lua security update

Lua is a powerful, efficient, lightweight, embeddable scripting language. It supports procedural programming, object-oriented programming, functional programming, data-driven programming, and data description. Security Fixes: singlevar in lparser.c in Lua through 5.4.4 lacks a certain...

Lupo - Malware IOC Extractor. Debugging Module For Malware Analysis Automation

Debugging module for Malware Analysis Automation For a step by step post on how to use Lupo, with images and instructions, please see this post: https://medium.com/@vishalthakur/lupo-malware-ioc-extractor-cc86ae76b85d Introduction Working on security incidents that involve malware, we come across...

IOSSecuritySuite - iOS Platform Security And Anti-Tampering Swift Library

 iOS Security Suite is an advanced and easy-to-use platform security & anti-tampering library written in pure Swift! If you are developing for iOS and you want to protect your app according to the OWASP MASVS standard, chapter v8, then this library could save you a lot of time.  What ISS detect...

CVE-2022-29820

In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible...

CVE-2022-29820

In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible...

CVE-2022-29820

In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible...

Code injection

In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible...

CVE-2022-29820

In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible...

CVE-2022-29820

JetBrains PyCharm before 2022.1 has a vulnerability where the debugger port could be exposed to the internal network. The connected documents confirm the affected product and issue description but do not provide explicit root-cause details, exploit information, impact beyond low severity, or a pa...

Jetbrains JetBrains PyCharm 安全漏洞

JetBrains PyCharm is an integrated development environment IDE for the Python language from Czech company Jetbrains. security vulnerability exists in versions prior to JetBrains PyCharm 2022.1, which stems from exposing the debugger port to the internal network, no details of the vulnerability ar...

Cross-site Scripting (XSS) - Reflected

Description Reflected cross-site scripting or XSS arises when an application receives data in an HTTP request and includes that data within the immediate response in an unsafe way. Proof of Concept Turn on debugger mode. Add path /?alertorigin to any endpoint - script will be reflected, executed...

Pomerium 安全漏洞

Pomerium is an open source identity-aware access agent from the U.S. company Pomerium. It is used to enable secure access to internal applications. A security vulnerability exists in Pomerium that stems from the fact that in a distributed services model, Pomerium's authentication service exposes...

Fedora: Security Advisory for radare2 (FEDORA-2022-85b277e748)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: radare2-5.6.4-1.fc36

The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and...

[SECURITY] Fedora 35 Update: radare2-5.6.4-1.fc35

The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and...

CAPEv2 - Malware Configuration And Payload Extraction

CAPE is a malware sandbox. It was derived from Cuckoo with the goal of adding automated malware unpacking and config extraction - hence its name is an acronym: 'Config And Payload Extraction'. Automated unpacking allows classification based on Yara signatures to complement network Suricata and...

[SECURITY] Fedora 35 Update: radare2-5.6.0-1.fc35

The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and...

[SECURITY] Fedora 34 Update: radare2-5.6.0-1.fc34

The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and...

Fedora: Security Advisory for radare2 (FEDORA-2022-3fc85cd09c)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...